× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4c2efe2f1253b94f16a1cab032f36c7883e4f6c8d9fc17d0ee553b5afb16330c
File name: signed_spe_malware.exe
Detection ratio: 13 / 55
Analysis date: 2014-12-05 21:35:22 UTC ( 2 years, 3 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Agent 20141205
Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20141205
AVG Agent_r.BZM 20141205
Cyren W32/Wiper.SYBH-9384 20141205
DrWeb Trojan.DownLoader11.49010 20141205
ESET-NOD32 Win32/Agent.WSZ 20141205
F-Prot W32/Wiper.A 20141205
Kaspersky Trojan.Win32.Destover.d 20141205
McAfee Trojan-FFJQ!E904BF93403C 20141205
Microsoft Backdoor:Win32/Escad.A 20141205
Sophos Troj/Destover-A 20141205
Symantec Backdoor.Destover 20141205
ViRobot Trojan.Win32.Agent.86016.CK 20141205
Ad-Aware 20141205
AegisLab 20141205
Yandex 20141205
ALYac 20141205
Avast 20141205
Avira (no cloud) 20141205
AVware 20141205
Baidu-International 20141205
BitDefender 20141205
Bkav 20141205
ByteHero 20141205
CAT-QuickHeal 20141205
ClamAV 20141205
CMC 20141204
Comodo 20141204
F-Secure 20141205
Fortinet 20141205
GData 20141205
Ikarus 20141205
Jiangmin 20141205
K7AntiVirus 20141205
K7GW 20141205
Kingsoft 20141205
Malwarebytes 20141205
McAfee-GW-Edition 20141205
eScan 20141205
NANO-Antivirus 20141205
Norman 20141205
nProtect 20141205
Panda 20141205
Qihoo-360 20141205
Rising 20141205
SUPERAntiSpyware 20141205
Tencent 20141205
TheHacker 20141205
TotalDefense 20141205
TrendMicro 20141205
TrendMicro-HouseCall 20141205
VBA32 20141205
VIPRE 20141205
Zillya 20141204
Zoner 20141204
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name igfxtpers.exe
Internal name igfxtpers.exe
File version 5.6.4590.2023
Description igfxstartup Module
Signature verification A certificate was explicitly revoked by its issuer.
Signing date 10:29 PM 12/5/2014
Signers
[+] Sony Pictures Entertainment Inc.
Status This certificate or one of the certificates in the certificate chain is not time valid., Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer DigiCert Assured ID Code Signing CA-1
Valid from 1:00 AM 9/18/2012
Valid to 1:00 PM 9/22/2015
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 8DF46B5FDAC2EB3B4757F99866C199FF2B13427A
Serial number 01 E2 B4 F7 59 81 1C 64 37 9F CA 0B E7 6D 2D CE
[+] DigiCert Assured ID Code Signing CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 PM 2/11/2011
Valid to 1:00 PM 2/10/2026
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 409AA4A74A0CDA7C0FEE6BD0BB8823D16B5F1875
Serial number 0F A8 49 06 15 D7 00 A0 BE 21 76 FD C5 EC 6D BD
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
Counter signers
[+] COMODO Time Stamping Signer
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 5/10/2010
Valid to 12:59 AM 5/11/2015
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 3DBB6DB5085C6DD5A1CA7F9CF84ECB1A3910CAC8
Serial number 47 8A 8E FB 59 E1 D8 3F 0C E1 42 D2 A2 87 07 BE
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-07-07 08:01:09
Entry Point 0x0000766E
Number of sections 4
PE sections
Overlays
MD5 e1ffabe5623e04a1648524a173d8c19f
File type data
Offset 86016
Size 5872
Entropy 7.16
PE imports
GetSystemTime
GetLastError
HeapFree
GetStdHandle
GetDriveTypeW
LCMapStringW
SetHandleCount
lstrlenA
GetOEMCP
LCMapStringA
HeapDestroy
GetTickCount
IsBadWritePtr
GetVersionExA
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
GetLocalTime
FreeEnvironmentStringsA
GetStartupInfoA
GetEnvironmentStrings
LocalAlloc
UnhandledExceptionFilter
SetFilePointer
WideCharToMultiByte
ExitProcess
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetFileType
GetComputerNameW
CompareStringW
GetCPInfo
GetStringTypeA
GetModuleHandleA
SetUnhandledExceptionFilter
lstrcpyA
GetCurrentProcess
CompareStringA
SetStdHandle
GetACP
HeapReAlloc
GetStringTypeW
SetEnvironmentVariableA
MoveFileA
TerminateProcess
GetTimeZoneInformation
GetEnvironmentVariableA
HeapCreate
WriteFile
VirtualFree
GetFileAttributesW
Sleep
IsBadReadPtr
IsBadCodePtr
HeapAlloc
GetVersion
VirtualAlloc
CloseHandle
SHGetSpecialFolderPathA
GetSystemMetrics
setsockopt
htonl
socket
closesocket
send
ioctlsocket
select
ntohs
connect
shutdown
htons
recv
WSAGetLastError
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
32768

ImageVersion
0.0

ProductName
Microsoft Windows Operating System

FileVersionNumber
5.6.4590.2023

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
igfxtpers.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
5.6.4590.2023

TimeStamp
2014:07:07 09:01:09+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
igfxtpers.exe

ProductVersion
5.6.4590.2023

FileDescription
igfxstartup Module

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
57344

FileSubtype
0

ProductVersionNumber
5.6.4590.2023

EntryPoint
0x766e

ObjectFileType
Dynamic link library

File identification
MD5 e904bf93403c0fb08b9683a9e858c73e
SHA1 8397c1e1f0b9d53a114850f6b3ae8c1f2b2d1590
SHA256 4c2efe2f1253b94f16a1cab032f36c7883e4f6c8d9fc17d0ee553b5afb16330c
ssdeep
1536:3bhwBno+Kv2reOvKOxSrTue9381wrtoKp4Ag7iPW:onBm2rrv/aTuH1otoKp4Ahu

authentihash 9c4e9bed0ab82230a18eae108f41e61f9cb98219b3a68919d01b5f2507b915e2
imphash c202168c041f0b6ad08f4597a4d165a3
File size 89.7 KB ( 91888 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
revoked-cert peexe signed overlay

VirusTotal metadata
First submission 2014-12-05 21:35:22 UTC ( 2 years, 3 months ago )
Last submission 2017-03-11 17:05:24 UTC ( 2 weeks ago )
File names 4c2efe2f1253b94f16a1cab032f36c7883e4f6c8d9fc17d0ee553b5afb16330c.bin
signed.exe
signed.exe
signed.exe
Destover Malware.bin
signed.exe
signed 2.exe
igfxtpers.exe
vti-rescan
4c2efe2f1253b94f16a1cab032f36c7883e4f6c8d9fc17d0ee553b5afb16330c.rar
4C2EFE2F1253B94F16A1CAB032F36C7883E4F6C8D9FC17D0EE553B5AFB16330C.exe
signed.exe
signed.exe
e904bf93403c0fb08b9683a9e858c73e_signed.bin
signed_spe_malware.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Moved files
Runtime DLLs
TCP connections