× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 53f02888d109104fff48c1cb64e26961158562d90bf46a1886721b0ca7eb594c
File name: 28b577ce059b5c3851b469911ca637aa
Detection ratio: 24 / 56
Analysis date: 2016-10-04 05:39:14 UTC ( 2 years, 4 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.98533 20161004
AhnLab-V3 Backdoor/Win32.Androm.N2118050671 20161003
Arcabit Trojan.Razy.D180E5 20161004
Avast Win32:Trojan-gen 20161004
Avira (no cloud) TR/Crypt.ZPACK.rnhfj 20161004
BitDefender Gen:Variant.Razy.98533 20161004
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
Emsisoft Gen:Variant.Razy.98533 (B) 20161004
ESET-NOD32 a variant of Win32/GenKryptik.FKO 20161004
F-Secure Gen:Variant.Razy.98533 20161004
GData Gen:Variant.Razy.98533 20161004
Sophos ML virus.win32.sality.at 20160928
K7AntiVirus Trojan ( 004f99a51 ) 20161003
K7GW Trojan ( 004f99a51 ) 20161004
Kaspersky Backdoor.Win32.Androm.kwfb 20161004
McAfee Artemis!28B577CE059B 20161004
McAfee-GW-Edition Artemis 20161004
eScan Gen:Variant.Razy.98533 20161004
NANO-Antivirus Trojan.Win32.ZPACK.egrhgb 20161003
Panda Trj/GdSda.A 20161002
Rising Malware.Obscure/Heur!1.A121 (classic) 20161004
Sophos AV Mal/Generic-S 20161004
Symantec Trojan.Gen 20161004
TrendMicro-HouseCall TROJ_GEN.R00YH0DJ216 20161004
AegisLab 20161004
Alibaba 20161003
ALYac 20160930
Antiy-AVL 20161004
AVG 20161004
AVware 20161004
Baidu 20161001
Bkav 20161003
CAT-QuickHeal 20161003
ClamAV 20161004
CMC 20161003
Comodo 20161004
Cyren 20161004
DrWeb 20161004
F-Prot 20161004
Fortinet 20161004
Ikarus 20161003
Jiangmin 20161004
Kingsoft 20161004
Malwarebytes 20161004
Microsoft 20161004
nProtect 20161004
Qihoo-360 20161004
SUPERAntiSpyware 20161004
Tencent 20161004
TheHacker 20161001
TrendMicro 20161004
VBA32 20161003
VIPRE 20161004
ViRobot 20161004
Yandex 20161003
Zillya 20161003
Zoner 20161004
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification A certificate was explicitly revoked by its issuer.
Signing date 8:53 AM 9/28/2016
Signers
[+] INSTANT
Status Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer COMODO RSA Code Signing CA
Valid from 1:00 AM 9/19/2016
Valid to 12:59 AM 9/20/2017
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 3EAE691A0034C5CD52E0CFB2F51837C9722214CA
Serial number 50 98 3F 81 A9 AA 37 22 DE 6F 19 AF F3 B5 D3 E8
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 5/9/2013
Valid to 12:59 AM 5/9/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE?
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 1/19/2010
Valid to 12:59 AM 1/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-25 12:23:06
Entry Point 0x00003DF8
Number of sections 4
PE sections
Overlays
MD5 a85d48cc13d81ccf44f018ebb5bd5afa
File type data
Offset 345088
Size 6392
Entropy 7.40
PE imports
RegCreateKeyExW
RegEnumValueW
RegCloseKey
OpenProcessToken
RegSetValueExW
FreeSid
RegOpenKeyExW
RegEnumKeyExW
RegEnumKeyW
CheckTokenMembership
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyW
RegDeleteKeyW
RegDeleteValueW
AllocateAndInitializeSid
RegQueryValueExW
RegQueryValueW
GetFileTitleW
GetWindowExtEx
SetMapMode
TextOutW
CreateFontIndirectW
SetBkMode
GetRgnBox
SaveDC
CreateRectRgnIndirect
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
GetMapMode
SelectObject
DeleteObject
GetObjectW
SetTextColor
ExtTextOutW
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
GetViewportExtEx
PtVisible
ExtSelectClipRgn
ScaleViewportExtEx
SetViewportExtEx
SetWindowExtEx
GetTextColor
DPtoLP
Escape
SetBkColor
GetBkColor
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
ReleaseMutex
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
HeapDestroy
DebugBreak
GetFileAttributesW
lstrcmpW
GetExitCodeProcess
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
UnhandledExceptionFilter
SetErrorMode
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetFileTime
WideCharToMultiByte
GetStringTypeA
WriteFile
MoveFileA
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetEvent
LocalFree
FormatMessageW
BeginUpdateResourceW
LoadResource
GlobalHandle
OutputDebugStringW
FindClose
InterlockedDecrement
FormatMessageA
GetFullPathNameW
OutputDebugStringA
GetCurrentThread
GetEnvironmentVariableW
SetLastError
TlsGetValue
GlobalFindAtomW
UpdateResourceW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
EnumSystemLocalesA
LoadLibraryExA
EnumResourceLanguagesW
GetLogicalDriveStringsW
GetSystemDefaultLCID
LoadLibraryExW
MultiByteToWideChar
FatalAppExitA
SetFilePointerEx
GetPrivateProfileStringW
SetFilePointer
SetFileAttributesW
GlobalAddAtomW
CreateThread
SetEnvironmentVariableW
GetSystemDirectoryW
CreatePipe
GetExitCodeThread
SetUnhandledExceptionFilter
ConvertDefaultLocale
GetStartupInfoA
CreateMutexW
MulDiv
GetDateFormatA
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GetVersion
SetCurrentDirectoryW
GlobalAlloc
GetDiskFreeSpaceExW
SetEndOfFile
GetCurrentThreadId
GetProcAddress
WriteConsoleW
HeapFree
EnterCriticalSection
GetTimeZoneInformation
SetHandleCount
LoadLibraryW
EndUpdateResourceW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
CopyFileW
LeaveCriticalSection
UnlockFile
GetWindowsDirectoryW
GetFileSize
GlobalDeleteAtom
DeleteFileA
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GlobalLock
GetProcessHeap
CompareStringW
GlobalReAlloc
RemoveDirectoryW
FindNextFileW
HeapValidate
CompareStringA
FindFirstFileW
IsValidLocale
DuplicateHandle
GetUserDefaultLCID
GetTempPathW
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
InitializeCriticalSection
LocalReAlloc
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
FindResourceW
LCMapStringA
GetThreadLocale
GetVolumeInformationW
GetEnvironmentStringsW
GlobalUnlock
LockFile
lstrlenW
GetCPInfo
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetCommandLineW
GetCurrentDirectoryA
HeapSize
GetCommandLineA
WritePrivateProfileStringW
GetSystemDefaultLangID
RaiseException
TlsFree
GetModuleHandleA
ReadFile
GlobalFlags
CloseHandle
GetTimeFormatA
GetACP
GetModuleHandleW
FreeResource
GetEnvironmentStrings
CreateProcessA
IsValidCodePage
HeapCreate
FindResourceExW
VirtualQuery
VirtualFree
Sleep
VirtualAlloc
GetOEMCP
ResetEvent
PathIsUNCW
PathStripToRootW
PathAddBackslashW
PathFindExtensionW
PathFindFileNameW
GetSubMenu
GetMenuItemCount
LoadBitmapW
LoadCursorW
SetWindowTextW
LoadIconW
CreateWindowExW
RegisterClassExW
BringWindowToTop
ExitWindowsEx
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
ClosePrinter
DocumentPropertiesW
OpenPrinterW
OleUninitialize
CoTaskMemFree
CoTaskMemAlloc
StgCreateDocfileOnILockBytes
OleFlushClipboard
StgOpenStorageOnILockBytes
CLSIDFromProgID
CoRevokeClassObject
CoFreeUnusedLibraries
CoRegisterMessageFilter
OleIsCurrentClipboard
OleInitialize
CLSIDFromString
CreateILockBytesOnHGlobal
CoGetClassObject
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:08:25 13:23:06+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
97792

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
328192

SubsystemVersion
5.0

EntryPoint
0x3df8

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 28b577ce059b5c3851b469911ca637aa
SHA1 53cc27a416fdda5ed259e6d76cfe2c0d60ce4eb1
SHA256 53f02888d109104fff48c1cb64e26961158562d90bf46a1886721b0ca7eb594c
ssdeep
6144:Y9ZfKXqlwLchOQSl+wCcSSm6aTAHFnSLGYunsRTrWSMuJJ/:YHfKHcLSDZcLGYusic

authentihash e863531a519765e3fa26913b943bac04edc0a65c94975ad41a8a968ffb877637
imphash ed3df7a507ece3db0941fa4d52ccfe6a
File size 343.2 KB ( 351480 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
revoked-cert peexe signed overlay

VirusTotal metadata
First submission 2016-10-04 05:39:14 UTC ( 2 years, 4 months ago )
Last submission 2016-10-04 05:39:14 UTC ( 2 years, 4 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Code injections in the following processes
Created mutexes
Runtime DLLs
UDP communications