× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3aab8cc5867ad89987b844572f773ddfc38b5a4f3c3f1a93370231a1b1042d18
File name: home.php2
Detection ratio: 16 / 67
Analysis date: 2018-11-13 15:09:13 UTC ( 5 months, 1 week ago ) View latest
Antivirus Result Update
AegisLab Trojan.Win32.Generic.llEj 20181113
Avast Win32:DangerousSig [Trj] 20181113
AVG Win32:DangerousSig [Trj] 20181113
CrowdStrike Falcon (ML) malicious_confidence_80% (W) 20181022
Cylance Unsafe 20181113
DrWeb Trojan.Gozi.364 20181113
Endgame malicious (high confidence) 20181108
Sophos ML heuristic 20181108
Kaspersky UDS:DangerousObject.Multi.Generic 20181113
McAfee Artemis!7DD474A3683C 20181113
McAfee-GW-Edition Artemis!Trojan 20181113
Palo Alto Networks (Known Signatures) generic.ml 20181113
Qihoo-360 Win32/Trojan.9ad 20181113
VBA32 BScope.TrojanSpy.Ursnif 20181113
Webroot W32.Trojan.Gen 20181113
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181113
Ad-Aware 20181112
AhnLab-V3 20181113
Alibaba 20180921
ALYac 20181113
Antiy-AVL 20181113
Arcabit 20181113
Avast-Mobile 20181113
Avira (no cloud) 20181113
Babable 20180918
Baidu 20181112
BitDefender 20181113
Bkav 20181113
CAT-QuickHeal 20181113
ClamAV 20181113
CMC 20181113
Cybereason 20180225
Cyren 20181113
eGambit 20181113
Emsisoft 20181113
ESET-NOD32 20181113
F-Prot 20181113
F-Secure 20181113
Fortinet 20181113
GData 20181113
Ikarus 20181113
Jiangmin 20181113
K7AntiVirus 20181113
K7GW 20181113
Kingsoft 20181113
Malwarebytes 20181113
MAX 20181113
Microsoft 20181113
eScan 20181113
NANO-Antivirus 20181113
Panda 20181113
Rising 20181113
SentinelOne (Static ML) 20181011
Sophos AV 20181113
SUPERAntiSpyware 20181107
Symantec 20181113
Symantec Mobile Insight 20181108
TACHYON 20181113
Tencent 20181113
TheHacker 20181108
TrendMicro 20181113
TrendMicro-HouseCall 20181113
Trustlook 20181113
VIPRE 20181113
ViRobot 20181113
Yandex 20181112
Zillya 20181113
Zoner 20181113
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2008

Product itunescpy Application
Original name itunescpy.EXE
Internal name itunescpy
File version 1, 0, 0, 1
Description itunescpy
Signature verification A certificate was explicitly revoked by its issuer.
Signing date 10:13 PM 11/12/2018
Signers
[+] Shrivatsa Tech Service Ltd
Status Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer COMODO RSA Code Signing CA
Valid from 11:00 PM 10/14/2018
Valid to 10:59 PM 10/15/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint CBF64801EE4820C4E326B402D04AA75F33DBFB36
Serial number 00 A3 FE E7 F8 3D D1 B8 D7 BF 1F C6 F7 0C BE 8B 55
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 11:00 PM 05/08/2013
Valid to 10:59 PM 05/08/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 01/19/2010
Valid to 11:59 PM 01/18/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] Certum EV TSA SHA2
Status Valid
Issuer Certum Trusted Network CA
Valid from 01:10 PM 03/08/2016
Valid to 12:10 PM 05/30/2027
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 4F8D4C480649426AEF8B86D4D5FC7932E7142D85
Serial number 00 FE 67 E4 F1 5A 24 E3 C6 0D 54 7C A0 20 C2 76 70
[+] Certum Trusted Network CA
Status Valid
Issuer Certum Trusted Network CA
Valid from 11:07 AM 10/22/2008
Valid to 12:07 PM 12/31/2029
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbrint 07E032E020B72C3F192F0628A2593A19A70F069E
Serial number 04 44 C0
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-04-25 20:22:27
Entry Point 0x0000341D
Number of sections 5
PE sections
Overlays
MD5 5679b595adf9661fce7cef69b0b43f27
File type data
Offset 102400
Size 5648
Entropy 7.41
PE imports
GetLengthSid
GetServiceKeyNameA
GetClusterFromResource
FindTextA
GetBrushOrgEx
GetTextAlign
DeleteColorSpace
GetDeviceGammaRamp
DefineDosDeviceW
GetVolumeInformationA
LocalLock
GlobalAddAtomW
WriteProcessMemory
LoadResource
lstrcatA
lstrlenW
DeleteTimerQueueEx
FindNextChangeNotification
RequestWakeupLatency
GetPrivateProfileSectionA
GetVersion
GetCommConfig
GetModuleHandleW
GetLocalTime
GetUserNameExW
InsertMenuA
LoadAcceleratorsA
GetLastInputInfo
GetParent
LookupIconIdFromDirectoryEx
LoadKeyboardLayoutW
GetMessageW
GetNextDlgTabItem
DeregisterShellHookWindow
GetFileVersionInfoSizeW
Number of PE resources by type
RT_ICON 2
RT_DIALOG 2
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 7
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
11.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
itunescpy

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
28416

EntryPoint
0x341d

OriginalFileName
itunescpy.EXE

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2008

FileVersion
1, 0, 0, 1

TimeStamp
2013:04:25 13:22:27-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
itunescpy

ProductVersion
1, 0, 0, 1

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
eTinySoft Inc.

CodeSize
795242121

ProductName
itunescpy Application

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 7dd474a3683c0c55597b6139cb1484f8
SHA1 283b68b3e77cfe49f26656bb53062e9e73ba2d96
SHA256 3aab8cc5867ad89987b844572f773ddfc38b5a4f3c3f1a93370231a1b1042d18
ssdeep
3072:DyMKZZCJyJL+Fs9Ii6gzajr9HP6cWyaCOsB+vuTX9aT/Q/8:7nyJL+FsCOanxij9GT//8

authentihash 5de0d56175d224ce8cbd5b7e2f9f074552173e9841c08e7d62fcdded7a964ee1
imphash 63e56e16cf9075efeade7bd47827a1e4
File size 105.5 KB ( 108048 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
revoked-cert peexe signed overlay

VirusTotal metadata
First submission 2018-11-13 11:26:23 UTC ( 5 months, 1 week ago )
Last submission 2018-11-13 11:26:23 UTC ( 5 months, 1 week ago )
File names itunescpy
home.php2
itunescpy.EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.