× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 53d69971043cce6f7e7a056ee85a31b7b93970a06ac55339c7acc1f2ed6b45ad
File name: ISIGN32
Detection ratio: 48 / 57
Analysis date: 2015-02-15 11:47:41 UTC ( 2 months, 1 week ago )
Antivirus Result Update
ALYac Trojan.Generic.8473046 20150215
AVG Generic30.BIVG 20150215
AVware Trojan.Win32.Generic!BT 20150215
Ad-Aware Trojan.Generic.8473046 20150215
Agnitum Trojan.Fareit!Ct5rtXiYkps 20150215
AhnLab-V3 Win-Trojan/Fareit.131072.D 20150215
Antiy-AVL Trojan[PSW]/Win32.Fareit 20150215
Avast Win32:Banker-KAP [Trj] 20150215
Avira TR/Jorik.Fareit.aeb 20150215
BitDefender Trojan.Generic.8473046 20150215
CAT-QuickHeal Trojan.fareit.rw3 20150214
CMC Trojan.Win32.Jorik.Fareit!O 20150214
Comodo UnclassifiedMalware 20150215
Cyren W32/Fareit.BYMM-4890 20150215
DrWeb Trojan.PWS.Stealer.946 20150215
ESET-NOD32 Win32/PSW.Fareit.A 20150215
Emsisoft Trojan.Generic.8473046 (B) 20150215
F-Prot W32/Fareit.Y 20150215
F-Secure Trojan.Generic.8473046 20150215
Fortinet W32/Jorik_Fareit.A!tr 20150215
GData Trojan.Generic.8473046 20150215
Ikarus Trojan.Win32.Jorik 20150215
K7AntiVirus Riskware ( 0015e4f01 ) 20150215
K7GW Riskware ( 0015e4f01 ) 20150215
Kaspersky Trojan-PSW.Win32.Fareit.bjo 20150215
Kingsoft Win32.Troj.Jorik.a.(kcloud) 20150215
Malwarebytes Trojan.MicroBat 20150215
McAfee BackDoor-FJW 20150215
McAfee-GW-Edition BackDoor-FJW 20150214
MicroWorld-eScan Trojan.Generic.8473046 20150215
Microsoft PWS:Win32/Fareit 20150215
NANO-Antivirus Trojan.Win32.XPACK.cxhoze 20150215
Norman Kelihos.TJU 20150215
Panda Trj/OCJ.B 20150215
Qihoo-360 HEUR/Malware.QVM20.Gen 20150215
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20150214
Sophos Troj/Agent-ZIM 20150215
Symantec W32.Qakbot 20150215
Tencent Win32.Trojan-qqpass.Qqrob.Wpjx 20150215
TheHacker Trojan/Fareit.a 20150213
TotalDefense Win32/Qakbot.B!generic 20150215
TrendMicro TROJ_SPNR.0BLU12 20150215
TrendMicro-HouseCall TROJ_SPNR.0BLU12 20150215
VBA32 BScope.Malware-Cryptor.Fareit.1412 20150213
VIPRE Trojan.Win32.Generic!BT 20150215
Zillya Trojan.Jorik.Win32.174372 20150215
Zoner Trojan.Fareit.A 20150213
nProtect Trojan.Generic.8473046 20150213
AegisLab 20150215
Alibaba 20150215
Baidu-International 20150215
Bkav 20150213
ByteHero 20150215
ClamAV 20150215
Jiangmin 20150214
SUPERAntiSpyware 20150215
ViRobot 20150215
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Developer metadata
Copyright
© Microsoft Corporation. All rights reserved.

Publisher Microsoft Corporation
Product Microsoft® Windows® Operating System
Original name ISIGN32.DLL
Internal name ISIGN32
File version 6.00.3790.3959 (srv03_sp2_rtm.070216-1710)
Description Internet Signup
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2003-09-14 12:25:08
Link date 1:25 PM 9/14/2003
Entry Point 0x00002459
Number of sections 3
PE sections
PE imports
GetLastError
HeapFree
LCMapStringW
GetOEMCP
HeapDestroy
HeapAlloc
GetVersionExA
FlushFileBuffers
LockFile
RtlUnwind
lstrcmpW
GetStartupInfoA
GetEnvironmentStrings
GetLocaleInfoA
LocalAlloc
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetLocaleInfoW
GetModuleHandleA
GetCurrentProcessId
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
GetACP
GetStringTypeW
LocalFree
TerminateProcess
IsValidCodePage
HeapCreate
GetFileType
GetTickCount
GetCurrentThreadId
SleepEx
CharToOemBuffA
CharToOemA
WSAIoctl
puts
toupper
strtoul
Number of PE resources by type
RT_STRING 11
RT_DIALOG 6
RT_ICON 5
RT_GROUP_ICON 3
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 27
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.0.3790.3959

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
69632

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.00.3790.3959 (srv03_sp2_rtm.070216-1710)

TimeStamp
2003:09:14 13:25:08+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ISIGN32

FileAccessDate
2015:02:15 12:47:41+01:00

ProductVersion
6.00.3790.3959

FileDescription
Internet Signup

OSVersion
4.0

FileCreateDate
2015:02:15 12:47:41+01:00

OriginalFilename
ISIGN32.DLL

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
81920

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.0.3790.3959

EntryPoint
0x2459

ObjectFileType
Executable application

File identification
MD5 6d2d56ca617c12383bd979e66023d147
SHA1 3b8fbb0ee3d31406e3fa0ba4c1c07192a47c1378
SHA256 53d69971043cce6f7e7a056ee85a31b7b93970a06ac55339c7acc1f2ed6b45ad
ssdeep
1536:7x7yAdHNg+IEgY5ebvJ1PFjeERsG7iPBtX5+gjUNjU2RVKSEd:7xWAvzg/d6aN7sXgsUJUiVg

authentihash a375185adf20017c8fd76a229dda697845b38bc4d136c63fc82adf454b1d6c99
imphash c444a4e5145a4b92da111a5e4259102e
File size 128.0 KB ( 131072 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2012-12-13 22:15:54 UTC ( 2 years, 4 months ago )
Last submission 2012-12-15 23:15:47 UTC ( 2 years, 4 months ago )
File names ISIGN32
ISIGN32.DLL
6d2d56ca617c12383bd979e66023d147
NAB_Secure_Message.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications