× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3fed49d3588b79b124756098b96bf4b84605e3d24162974c0cd94395e04e466d
File name: samples_analysis_platform
Detection ratio: 0 / 56
Analysis date: 2015-01-23 19:00:10 UTC ( 4 years ago ) View latest
Antivirus Result Update
Ad-Aware 20150123
AegisLab 20150123
Yandex 20150122
AhnLab-V3 20150123
Alibaba 20150120
ALYac 20150123
Antiy-AVL 20150123
Avast 20150123
AVG 20150123
Avira (no cloud) 20150123
AVware 20150123
Baidu-International 20150123
BitDefender 20150123
Bkav 20150123
ByteHero 20150123
CAT-QuickHeal 20150123
ClamAV 20150123
CMC 20150120
Comodo 20150123
Cyren 20150123
DrWeb 20150123
Emsisoft 20150123
ESET-NOD32 20150123
F-Prot 20150123
F-Secure 20150123
Fortinet 20150121
GData 20150123
Ikarus 20150123
Jiangmin 20150122
K7AntiVirus 20150123
Kaspersky 20150123
Kingsoft 20150123
Malwarebytes 20150123
McAfee 20150123
McAfee-GW-Edition 20150123
Microsoft 20150123
eScan 20150123
NANO-Antivirus 20150123
Norman 20150123
nProtect 20150123
Panda 20150123
Qihoo-360 20150123
Rising 20150123
Sophos AV 20150123
SUPERAntiSpyware 20150123
Symantec 20150123
Tencent 20150123
TheHacker 20150123
TotalDefense 20150123
TrendMicro 20150123
TrendMicro-HouseCall 20150123
VBA32 20150123
VIPRE 20150123
ViRobot 20150123
Zillya 20150122
Zoner 20150123
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 1:22 PM 3/20/2006
Signers
[+] H+BEDV Datentechnik GmbH
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2004 CA
Valid from 1:00 AM 2/27/2006
Valid to 12:59 AM 4/30/2007
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint DC1967F93E4B862E7EE5D00DC37A5D6531BDF649
Serial number 74 41 52 67 56 3F FD B6 DF 23 B8 5C 66 EF F9 80
[+] VeriSign Class 3 Code Signing 2004 CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 7/16/2004
Valid to 12:59 AM 7/16/2009
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 826B2D0FF5D618969F5F473E0F209A4794016450
Serial number 57 64 6E 2B 55 00 23 D4 90 53 4A 55 3E AB 0D 0A
[+] VeriSign Class 3 Public Primary CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 1/29/1996
Valid to 12:59 AM 8/2/2028
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm md2RSA
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
Counter signers
[+] VeriSign Time Stamping Services Signer
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2008
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 817E78267300CB0FE5D631357851DB366123A690
Serial number 0D E9 2B F0 D4 D8 29 88 18 32 05 09 5E 9A 76 88
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT appended, RAR, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-03-16 19:47:18
Entry Point 0x00001000
Number of sections 4
PE sections
Overlays
MD5 0a4434926cc085c09d72ff2bde667fb5
File type application/x-rar
Offset 153600
Size 9910344
Entropy 8.00
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegSetValueExA
RegQueryValueExA
SetFileSecurityW
AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
GetOpenFileNameA
CommDlgExtendedError
DeleteObject
GetLastError
IsDBCSLeadByte
HeapFree
GetStdHandle
DosDateTimeToFileTime
ReadFile
FileTimeToSystemTime
lstrlenA
GetFileAttributesA
SystemTimeToFileTime
WaitForSingleObject
LoadLibraryA
FreeLibrary
FindNextFileA
ExitProcess
SetFileTime
GetVersionExA
GetFileAttributesW
GetModuleFileNameA
HeapAlloc
GetCurrentProcess
GetDateFormatA
FileTimeToLocalFileTime
GetLocaleInfoA
CreateDirectoryA
DeleteFileA
GetCurrentDirectoryA
MultiByteToWideChar
CreateDirectoryW
GetCommandLineA
GetProcAddress
GetProcessHeap
SetFileAttributesA
SetFilePointer
GetTempPathA
SetFileAttributesW
GetCPInfo
lstrcmpiA
GetModuleHandleA
FindNextFileW
WriteFile
FindFirstFileA
CloseHandle
GetTimeFormatA
DeleteFileW
FindFirstFileW
HeapReAlloc
MoveFileExA
ExpandEnvironmentStringsA
SetEnvironmentVariableA
GetFullPathNameA
MoveFileA
WideCharToMultiByte
GetNumberFormatA
CreateFileW
GlobalAlloc
LocalFileTimeToFileTime
FindClose
Sleep
GetFileType
SetEndOfFile
CreateFileA
GetTickCount
FindResourceA
SetCurrentDirectoryA
SetLastError
CompareStringA
CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromString
OleInitialize
OleUninitialize
SHGetFileInfoA
ShellExecuteExA
SHChangeNotify
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHFileOperationA
MapWindowPoints
GetMessageA
GetParent
UpdateWindow
EndDialog
SetFocus
DefWindowProcA
ShowWindow
LoadBitmapA
SetWindowPos
SendDlgItemMessageA
CharToOemBuffA
IsWindow
GetWindowRect
DispatchMessageA
EnableWindow
SetMenu
SetDlgItemTextA
PostMessageA
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
wvsprintfA
TranslateMessage
DialogBoxParamA
GetWindow
CharUpperA
GetSysColor
RegisterClassExA
SetWindowTextA
DestroyIcon
LoadStringA
wsprintfA
GetSystemMetrics
IsWindowVisible
SendMessageA
GetClientRect
GetDlgItem
OemToCharBuffA
OemToCharA
GetWindowLongA
FindWindowExA
CreateWindowExA
LoadCursorA
LoadIconA
CopyRect
WaitForInputIdle
GetClassNameA
GetWindowTextA
CharToOemA
DestroyWindow
Number of PE resources by type
RT_ICON 12
RT_DIALOG 6
RT_STRING 4
RT_RCDATA 1
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL DEFAULT 14
RUSSIAN 11
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2006:03:16 20:47:18+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
77824

LinkerVersion
5.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x1000

InitializedDataSize
74752

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 03ff5ea0922130edb4a863f5369b296d
SHA1 94bb0e7e2de83d5beb96f52c333d8eb1071f213e
SHA256 3fed49d3588b79b124756098b96bf4b84605e3d24162974c0cd94395e04e466d
ssdeep
196608:28nTUyiyMl8djl/r9hQGofY2FtGgw1xQRlsk4CZWBdnym/1WlTw9MRydEU96YRi:28TUyiyMokfYCQ1eIOZWBdnyEWlu39g

authentihash 6b42c48efdea78af5e4fbcf2173c701c339aecbbca0e77b0adda891721a229d9
imphash 87b324a67e18fb2e1d12308b06fa8d4f
File size 9.6 MB ( 10063944 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID WinRAR Self Extracting archive (4.x-5.x) (59.8%)
WinRAR Self Extracting archive (37.9%)
Windows screen saver (0.9%)
Win32 Dynamic Link Library (generic) (0.4%)
Win32 Executable (generic) (0.3%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2006-07-26 09:24:37 UTC ( 12 years, 7 months ago )
Last submission 2017-01-18 04:12:43 UTC ( 2 years, 1 month ago )
File names 3FED49D3588B79B124756098B96BF4B84605E3D24162974C0CD94395E04E466D.exe
ANTIVIR_WORKSTATION_WIN7U_EN_H.EXE
A0068118.EXE
3FED49D3588B79B124756098B96BF4B84605E3D24162974C0CD94395E04E466D.exe
antivir_workstation_win7u_en_h.ex
antivir_workstation_win7u_en_h.exe
samples_analysis_platform
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!