× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 377c1bcb0909ba81586ef44ea11aa12504df3af029ab3ee9da03d1270ed03de6
File name: mscab.exe
Detection ratio: 0 / 41
Analysis date: 2012-06-14 09:48:56 UTC ( 6 years, 8 months ago ) View latest
Antivirus Result Update
AhnLab-V3 20120613
AntiVir 20120614
Antiy-AVL 20120614
AVG 20120614
BitDefender 20120614
ByteHero 20120613
CAT-QuickHeal 20120614
ClamAV 20120614
Commtouch 20120614
Comodo 20120614
DrWeb 20120614
Emsisoft 20120614
eSafe 20120612
F-Prot 20120613
F-Secure 20120614
Fortinet 20120614
GData 20120614
Ikarus 20120614
Jiangmin 20120614
K7AntiVirus 20120613
Kaspersky 20120614
McAfee 20120614
McAfee-GW-Edition 20120613
Microsoft 20120614
NOD32 20120614
Norman 20120613
nProtect 20120613
Panda 20120613
PCTools 20120614
Rising 20120614
Sophos AV 20120614
SUPERAntiSpyware 20120614
Symantec 20120614
TheHacker 20120614
TotalDefense 20120613
TrendMicro 20120614
TrendMicro-HouseCall 20120613
VBA32 20120614
VIPRE 20120614
ViRobot 20120614
VirusBuster 20120613
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
Authenticode signature block and FileVersionInfo properties
Publisher Alexander Sedov
Signature verification Signed file, verified signature
Signing date 10:46 AM 6/14/2012
Signers
[+] Alexander Sedov
Status
Issuer None
Valid from 1:00 AM 7/13/2011
Valid to 12:59 AM 7/13/2012
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 8B3C7E17E0AF6909C03DC391BB13348C87863420
Serial number 15 F2 D4 2F 80 15 C4 D2 53 93 38 37 F2 24 58 6A
[+] COMODO Code Signing CA
Status
Issuer None
Valid from 1:00 AM 4/27/2011
Valid to 11:48 AM 5/30/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 020FBF800E05671535ABB3F28033158E3ADA97FB
Serial number 73 57 8C 71 6D B3 95 53 13 7D F3 09 73 18 AB FE
[+] USERTrust (Code Signing)
Status
Issuer None
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbprint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
Counter signers
[+] COMODO Time Stamping Signer
Status
Issuer None
Valid from 1:00 AM 5/10/2010
Valid to 12:59 AM 5/11/2015
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 3DBB6DB5085C6DD5A1CA7F9CF84ECB1A3910CAC8
Serial number 47 8A 8E FB 59 E1 D8 3F 0C E1 42 D2 A2 87 07 BE
[+] USERTrust (Code Signing)
Status
Issuer None
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-06-14 09:39:12
Entry Point 0x00019290
Number of sections 4
PE sections
Overlays
MD5 c9667e4feb2a7df32b901681f946d984
File type data
Offset 182272
Size 5048
Entropy 7.40
PE imports
GetOpenFileNameA
GetStdHandle
FileTimeToDosDateTime
GetFileAttributesA
GetDriveTypeA
EncodePointer
SetConsoleCursorPosition
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
GetOEMCP
LocalFree
MoveFileA
ResumeThread
FindClose
InterlockedDecrement
LocalHandle
SetLastError
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
RemoveDirectoryA
HeapSetInformation
SetConsoleCtrlHandler
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
CreateThread
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ExitThread
DecodePointer
SetPriorityClass
TerminateProcess
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
CreateDirectoryA
DeleteFileA
GetStartupInfoW
GetFullPathNameA
GetProcAddress
GetConsoleScreenBufferInfo
GetProcessHeap
FindFirstFileA
lstrcpyA
CompareStringA
GetTempFileNameA
FindNextFileA
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
DosDateTimeToFileTime
LCMapStringW
lstrlenA
GetConsoleCP
GetEnvironmentStringsW
GetModuleFileNameA
FileTimeToLocalFileTime
GetCurrentProcessId
SetFileTime
GetCPInfo
HeapSize
GetCommandLineA
TlsFree
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
GetModuleHandleW
GetDiskFreeSpaceA
IsValidCodePage
HeapCreate
Sleep
SetFocus
GetMessageA
GetForegroundWindow
UpdateWindow
EndDialog
PostQuitMessage
DefWindowProcA
ShowWindow
RemoveMenu
SendDlgItemMessageA
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
MoveWindow
GetDlgItemTextA
MessageBoxA
TranslateMessage
CheckDlgButton
SetWindowTextA
SendMessageA
GetDlgItem
RegisterClassA
ScreenToClient
CreateWindowExA
IsDlgButtonChecked
GetDesktopWindow
GetSystemMenu
SetForegroundWindow
DestroyWindow
DialogBoxIndirectParamA
CharToOemA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:06:14 10:39:12+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
126976

LinkerVersion
10.0

EntryPoint
0x19290

InitializedDataSize
110080

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 7fc23ce2bc57459e7877413bc1120429
SHA1 0d0faf134e68b75c06f76533372373bdd356992d
SHA256 377c1bcb0909ba81586ef44ea11aa12504df3af029ab3ee9da03d1270ed03de6
ssdeep
3072:72lcyJrWZnbfcUzDPyEHNd8JqOsfrpnfnVr3Rjbcl8x8KJFHtWYYWoHv7SgEi:72lcyAuEHAOfPpbclk8K7tIWoHf

authentihash 4ced9dcc0180cb3bfede899c603c608db38b562c981b3c57ded9c3450840a0d1
imphash e5d123a7c7f34ad44f0578aaf5fc2857
File size 182.9 KB ( 187320 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (23.8%)
UPX compressed Win32 Executable (23.3%)
Win64 Executable (generic) (21.0%)
Win32 EXE Yoda's Crypter (20.2%)
Win32 Dynamic Link Library (generic) (5.0%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2012-06-14 09:48:56 UTC ( 6 years, 8 months ago )
Last submission 2016-01-12 22:57:28 UTC ( 3 years, 1 month ago )
File names 377c1bcb0909ba81586ef44ea11aa12504df3af029ab3ee9da03d1270ed03de6.vir
mscab.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.