× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3b52ccfbbe97a0d22e1fe163c477995a5a3c1335e7116d2a12f6f898ad86bb42
File name: gmulzwihi.exe
Detection ratio: 8 / 70
Analysis date: 2019-01-18 06:02:50 UTC ( 2 months, 1 week ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20181023
Cylance Unsafe 20190118
Endgame malicious (high confidence) 20181108
Sophos ML heuristic 20181128
Microsoft Trojan:Win32/Fuery.B!cl 20190118
Rising Spyware.Ursnif!8.1DEF/N3#84% (RDM+:cmRtazrHPJQ/abRF9/2+M+TDTBLe) 20190118
Symantec ML.Attribute.HighConfidence 20190118
Webroot W32.Trojan.Gen 20190118
Acronis 20190117
Ad-Aware 20190118
AegisLab 20190118
AhnLab-V3 20190118
Alibaba 20180921
ALYac 20190118
Antiy-AVL 20190118
Arcabit 20190118
Avast 20190118
Avast-Mobile 20190117
AVG 20190118
Avira (no cloud) 20190117
Baidu 20190118
BitDefender 20190118
Bkav 20190117
CAT-QuickHeal 20190117
ClamAV 20190118
CMC 20190117
Comodo 20190118
Cybereason 20190109
Cyren 20190118
DrWeb 20190118
eGambit 20190118
Emsisoft 20190118
ESET-NOD32 20190118
F-Prot 20190118
F-Secure 20190118
Fortinet 20190118
GData 20190118
Ikarus 20190117
Jiangmin 20190118
K7AntiVirus 20190118
K7GW 20190118
Kaspersky 20190118
Kingsoft 20190118
Malwarebytes 20190118
MAX 20190118
McAfee 20190118
McAfee-GW-Edition 20190118
eScan 20190118
NANO-Antivirus 20190118
Palo Alto Networks (Known Signatures) 20190118
Panda 20190117
Qihoo-360 20190118
SentinelOne (Static ML) 20181223
Sophos AV 20190117
SUPERAntiSpyware 20190116
TACHYON 20190118
Tencent 20190118
TheHacker 20190115
TotalDefense 20190118
Trapmine 20190103
TrendMicro 20190118
TrendMicro-HouseCall 20190118
Trustlook 20190118
VBA32 20190117
VIPRE 20190117
ViRobot 20190118
Yandex 20190117
Zillya 20190117
ZoneAlarm by Check Point 20190118
Zoner 20190118
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
ACE Compression Software, 2000-2002

Product UNACE - ACE extraction freeware component
Original name UnAceV2.Dll
Internal name UnAceV2.Dll
File version 2.1.1.0
Description UNACE Dynamic Link Library
Signature verification Signed file, verified signature
Signing date 5:13 PM 1/17/2019
Signers
[+] Heinis Consulting Ltd.
Status Valid
Issuer COMODO RSA Code Signing CA
Valid from 12:00 AM 12/13/2018
Valid to 11:59 PM 12/13/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 8B5F22AF07AA56B3D9EF2108329DBBD7A648C2FA
Serial number 00 F4 79 99 8C 5D 3B 56 A6 68 37 99 37 42 79 AF EB
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 05/09/2013
Valid to 11:59 PM 05/08/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 01/19/2010
Valid to 11:59 PM 01/18/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] Starfield Timestamp Authority - G2
Status Valid
Issuer Starfield Secure Certificate Authority - G2
Valid from 07:00 AM 10/16/2018
Valid to 07:00 AM 10/16/2023
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint C5B27CA5A9E68AC3D6A06F1A632175259ACD9032
Serial number 1F DC 58 E9 66 08 4C 0E
[+] Starfield Secure Certificate Authority - G2
Status Valid
Issuer Starfield Root Certificate Authority - G2
Valid from 07:00 AM 05/03/2011
Valid to 07:00 AM 05/03/2031
Valid usage All
Algorithm sha256RSA
Thumbrint 7EDC376DCFD45E6DDF082C160DF6AC21835B95D4
Serial number 07
[+] Starfield Root Certificate Authority – G2
Status Valid
Issuer Starfield Root Certificate Authority - G2
Valid from 12:00 AM 09/01/2009
Valid to 11:59 PM 12/31/2037
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha256RSA
Thumbrint B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-03-06 23:42:08
Entry Point 0x00002AB0
Number of sections 6
PE sections
Overlays
MD5 ed6300f7b22d42250d9bce1b1ba08fc2
File type data
Offset 206336
Size 6896
Entropy 7.36
PE imports
CryptDeriveKey
DuplicateTokenEx
IsTokenRestricted
InitializeSecurityDescriptor
GetClusterFromResource
GetROP2
GetTextExtentExPointW
GetTextMetricsW
GetOutlineTextMetricsA
GetClipBox
FormatMessageW
GetTempPathA
GetConsoleFontSize
FillConsoleOutputCharacterA
DeactivateActCtx
GetConsoleTitleW
Module32Next
GetStartupInfoW
GlobalMemoryStatus
FlsFree
GetModuleHandleW
EnumTimeFormatsA
ExtractIconA
DecryptMessage
LoadAcceleratorsA
GetTabbedTextExtentA
GetTitleBarInfo
ModifyMenuW
DefMDIChildProcW
DrawTextExA
GetClipboardOwner
IsWindowEnabled
GetTabbedTextExtentW
FindCloseUrlCache
FindFirstUrlCacheEntryW
FindFirstUrlCacheGroup
DeletePortW
vfwprintf
towlower
strtoul
MkParseDisplayNameEx
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
CodeSize
0

SubsystemVersion
5.0

LinkerVersion
12.18

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.1.1.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
UNACE Dynamic Link Library

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
7679

EntryPoint
0x2ab0

OriginalFileName
UnAceV2.Dll

MIMEType
application/octet-stream

LegalCopyright
ACE Compression Software, 2000-2002

FileVersion
2.1.1.0

TimeStamp
2002:03:07 00:42:08+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
UnAceV2.Dll

ProductVersion
2.1.1.0

UninitializedDataSize
214528

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
ACE Compression Software

LegalTrademarks
ACE Compression Software, 2000-2002

ProductName
UNACE - ACE extraction freeware component

ProductVersionNumber
2.1.1.0

WwwEmail
www.winace.com mlemke@winace.com

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 6ded2587ec50307ebf09c6856d245888
SHA1 10c49614dfd9d0f14697ba856a5929292703a206
SHA256 3b52ccfbbe97a0d22e1fe163c477995a5a3c1335e7116d2a12f6f898ad86bb42
ssdeep
1536:E89Zsoyia8Aw/C0FhF3at3gkW/oYEHK4Az2E5HXCzceKxObBov6oRiZ:EqZsot1AwNxG3l8o7HKVvyzSxO6v6x

authentihash f2df34cd2808134c1f65a460244ab888f2132e45e695a6aa7d570120aaab4444
imphash 83fb7a5dc732f9d1ca3487db117ac2ac
File size 208.2 KB ( 213232 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (25.2%)
Clipper DOS Executable (25.0%)
Generic Win/DOS Executable (24.8%)
DOS Executable Generic (24.8%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2019-01-18 00:57:14 UTC ( 2 months, 1 week ago )
Last submission 2019-01-18 21:10:59 UTC ( 2 months ago )
File names gmulzwihi.exe
UnAceV2.Dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!