× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4077e4de683b1bee6eb5e6c137efaa9eaed9ef3646a5a412f2dced1da4cc44c8
File name: WinService.exe
Detection ratio: 0 / 56
Analysis date: 2015-09-18 10:27:39 UTC ( 3 years, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware 20150918
AegisLab 20150918
Yandex 20150917
AhnLab-V3 20150918
Alibaba 20150918
ALYac 20150918
Antiy-AVL 20150918
Arcabit 20150918
Avast 20150918
AVG 20150917
Avira (no cloud) 20150918
AVware 20150918
Baidu-International 20150918
BitDefender 20150918
Bkav 20150917
ByteHero 20150918
CAT-QuickHeal 20150918
ClamAV 20150917
CMC 20150916
Comodo 20150918
Cyren 20150918
DrWeb 20150918
Emsisoft 20150918
ESET-NOD32 20150918
F-Prot 20150918
F-Secure 20150918
Fortinet 20150918
GData 20150918
Ikarus 20150918
Jiangmin 20150916
K7AntiVirus 20150918
K7GW 20150918
Kaspersky 20150918
Kingsoft 20150918
Malwarebytes 20150918
McAfee 20150918
McAfee-GW-Edition 20150918
Microsoft 20150918
eScan 20150918
NANO-Antivirus 20150918
nProtect 20150918
Panda 20150918
Qihoo-360 20150918
Rising 20150917
Sophos AV 20150918
SUPERAntiSpyware 20150918
Symantec 20150917
Tencent 20150918
TheHacker 20150916
TrendMicro 20150918
TrendMicro-HouseCall 20150918
VBA32 20150918
VIPRE 20150918
ViRobot 20150918
Zillya 20150916
Zoner 20150918
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2007

File version 1, 0, 0, 5
Signature verification Signed file, verified signature
Signing date 5:10 AM 5/10/2010
Signers
[+] NETGEAR
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2004 CA
Valid from 1:00 AM 9/25/2008
Valid to 12:59 AM 9/29/2011
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint DDE50A0EEAD4EFD3C5C809C149CF5855FEE8B147
Serial number 34 E5 77 55 F4 75 37 36 FD 9F D8 49 7F 66 2F 1E
[+] VeriSign Class 3 Code Signing 2004 CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 7/16/2004
Valid to 12:59 AM 7/16/2014
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 197A4AEBDB25F0170079BB8C73CB2D655E0018A4
Serial number 41 91 A1 5A 39 78 DF CF 49 65 66 38 1D 4C 75 C2
[+] VeriSign Class 3 Public Primary CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 1/29/1996
Valid to 12:59 AM 8/2/2028
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm md2RSA
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 1:00 AM 6/15/2007
Valid to 12:59 AM 6/15/2012
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-07-17 07:48:14
Entry Point 0x0000F692
Number of sections 4
PE sections
Overlays
MD5 9d07cff7b6f0bbbcef3cf4712322f232
File type data
Offset 180224
Size 6624
Entropy 7.31
PE imports
SetSecurityDescriptorDacl
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
StartServiceCtrlDispatcherA
OpenServiceA
SetServiceStatus
CreateServiceA
RegQueryValueExA
InitializeSecurityDescriptor
RegSetValueExA
ControlService
StartServiceA
RegCreateKeyExA
DeleteService
RegOpenKeyExA
CloseServiceHandle
OpenSCManagerA
RegisterServiceCtrlHandlerA
SetMapMode
SaveDC
TextOutA
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
DeleteObject
SetTextColor
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
ExtTextOutA
PtVisible
ScaleViewportExtEx
SelectObject
SetWindowExtEx
Escape
SetBkColor
SetViewportExtEx
GetAdaptersInfo
GetStdHandle
GetConsoleOutputCP
SetEvent
HeapDestroy
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
WaitForSingleObject
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
ConnectNamedPipe
GetExitCodeProcess
LocalFree
ResumeThread
InitializeCriticalSection
LoadResource
GlobalHandle
TlsGetValue
FormatMessageA
SetLastError
DeviceIoControl
GlobalFindAtomA
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
SetThreadPriority
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointer
CreateThread
DisconnectNamedPipe
GlobalAddAtomA
SetUnhandledExceptionFilter
ExitThread
TerminateProcess
WriteConsoleA
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
LCMapStringW
DeleteFileA
GlobalLock
GetProcessHeap
GlobalReAlloc
lstrcmpA
lstrcpyA
CompareStringA
lstrcmpW
GetProcAddress
CreateEventA
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LocalReAlloc
GlobalDeleteAtom
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
CreateNamedPipeA
GetEnvironmentStrings
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
SuspendThread
RaiseException
TlsFree
GetModuleHandleA
ReadFile
GlobalFlags
CloseHandle
lstrcpynA
GetACP
GetVersion
SizeofResource
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
GetOEMCP
CreateStdAccessibleObject
LresultFromObject
VariantChangeType
VariantInit
VariantClear
GetForegroundWindow
SetMenuItemBitmaps
DestroyMenu
PostQuitMessage
GetMessagePos
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
GrayStringA
GetMessageTime
GetDC
GetCursorPos
DrawTextA
GetDlgCtrlID
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
CallNextHookEx
GetTopWindow
GetActiveWindow
GetWindowTextA
PtInRect
GetMessageA
GetParent
SetPropA
GetClassInfoExA
ShowWindow
GetPropA
ValidateRect
EnableWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
GetWindowPlacement
EnableMenuItem
RegisterClassA
TabbedTextOutA
GetSubMenu
CreateWindowExA
CopyRect
GetSysColorBrush
DestroyWindow
MapWindowPoints
RegisterWindowMessageA
DefWindowProcA
GetSystemMetrics
IsIconic
GetWindowRect
PostMessageA
SetWindowLongA
RemovePropA
SetWindowTextA
CheckMenuItem
GetWindowLongA
GetLastActivePopup
GetDlgItem
GetMenuCheckMarkDimensions
ClientToScreen
GetClassLongA
LoadCursorA
LoadIconA
SetWindowsHookExA
GetMenuItemCount
GetMenuState
GetMenuItemID
SetForegroundWindow
ReleaseDC
GetCapture
DrawTextExA
GetWindowThreadProcessId
UnhookWindowsHookEx
MessageBoxA
AdjustWindowRectEx
GetSysColor
GetKeyState
SystemParametersInfoA
IsWindowVisible
WinHelpA
CallWindowProcA
GetClassNameA
GetFocus
ModifyMenuA
OpenPrinterA
DocumentPropertiesA
ClosePrinter
WlanEnumInterfaces
WlanOpenHandle
WlanFreeMemory
WlanCloseHandle
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
CHINESE TRADITIONAL 1
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
45056

ImageVersion
0.0

FileVersionNumber
1.0.0.5

LanguageCode
Chinese (Traditional)

FileFlagsMask
0x0017

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
1, 0, 0, 5

TimeStamp
2007:07:17 08:48:14+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1, 0, 0, 5

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright (C) 2007

MachineType
Intel 386 or later, and compatibles

CodeSize
131072

FileSubtype
0

ProductVersionNumber
1.0.0.5

EntryPoint
0xf692

ObjectFileType
Executable application

File identification
MD5 e2858d45d57e13eb142cca3b83fb39b3
SHA1 fd6ffe8a25527ac79572c060b5300632d0f01d86
SHA256 4077e4de683b1bee6eb5e6c137efaa9eaed9ef3646a5a412f2dced1da4cc44c8
ssdeep
3072:yDzTLTb4+SB7lJMdy6AvK373j+wg7R8NonC11LOwgc5s2:A74+SB7lgydK33+l7RYaGgh

authentihash 32624f4e8c1bd187046b4880128be4919813812e1e52fc1fe5d481a71b704f2d
imphash b0fea4b77d957a3e9234a18656062df9
File size 182.5 KB ( 186848 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2010-08-21 22:13:07 UTC ( 8 years, 7 months ago )
Last submission 2018-08-28 20:57:19 UTC ( 6 months, 3 weeks ago )
File names file-1356930_exe
WinService.exe.vir
winservice.exe
WinService.exe
WinService.exe
file-2940578_exe
WinService.exe
winservice.exe
WinService.exe
WinService.exe
WinService.exe
winservice.exe
WinService.exe
WinService.exe_
WinService (2).exe
WinService.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!