× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 55be00b44d5e8363fec9d5f9179b7f5e604802286cd78d2c4bd6048c0e87adac
File name: explz755_en.exe
Detection ratio: 0 / 68
Analysis date: 2017-12-08 01:34:39 UTC ( 10 months, 1 week ago )
Antivirus Result Update
Ad-Aware 20171207
AegisLab 20171208
AhnLab-V3 20171207
Alibaba 20171207
ALYac 20171207
Antiy-AVL 20171207
Arcabit 20171207
Avast 20171208
Avast-Mobile 20171207
AVG 20171208
Avira (no cloud) 20171208
AVware 20171208
Baidu 20171207
BitDefender 20171207
Bkav 20171207
CAT-QuickHeal 20171206
ClamAV 20171207
CMC 20171207
Comodo 20171208
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20171208
Cyren 20171208
DrWeb 20171207
eGambit 20171208
Emsisoft 20171207
Endgame 20171130
ESET-NOD32 20171207
F-Prot 20171207
F-Secure 20171208
Fortinet 20171207
GData 20171207
Ikarus 20171207
Sophos ML 20170914
Jiangmin 20171208
K7AntiVirus 20171205
K7GW 20171207
Kaspersky 20171207
Kingsoft 20171208
Malwarebytes 20171207
MAX 20171207
McAfee 20171207
McAfee-GW-Edition 20171208
Microsoft 20171207
eScan 20171207
NANO-Antivirus 20171208
nProtect 20171208
Palo Alto Networks (Known Signatures) 20171208
Panda 20171207
Qihoo-360 20171208
Rising 20171208
SentinelOne (Static ML) 20171207
Sophos AV 20171207
SUPERAntiSpyware 20171208
Symantec 20171208
Symantec Mobile Insight 20171207
Tencent 20171208
TheHacker 20171205
TotalDefense 20171207
TrendMicro 20171207
TrendMicro-HouseCall 20171208
Trustlook 20171208
VBA32 20171207
VIPRE 20171208
ViRobot 20171207
Webroot 20171208
WhiteArmor 20171204
Yandex 20171207
Zillya 20171207
ZoneAlarm by Check Point 20171207
Zoner 20171207
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (c) 1996-2017 by pon software

Product decode cab
Original name deccab.exe
Internal name deccab
File version 7.55
Description Explzh for Windows x86 v.7.55 RC105 (EN)
Comments http://www.ponsoftware.com/en/
Signature verification Signed file, verified signature
Signing date 4:35 AM 8/8/2017
Signers
[+] pon software
Status Valid
Issuer COMODO RSA Code Signing CA
Valid from 1:00 AM 12/22/2016
Valid to 12:59 AM 12/23/2020
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 957E04DFDB63D133B43D797DE5D575A695E6C651
Serial number 00 DF AF 37 08 9A 56 E3 0E 6F 91 C7 78 81 25 6D
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 5/9/2013
Valid to 12:59 AM 5/9/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 1/19/2010
Valid to 12:59 AM 1/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] COMODO SHA-1 Time Stamping Signer
Status Valid
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 12/31/2015
Valid to 7:40 PM 7/9/2019
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 03A5B14663EB12023091B84A6D6A68BC871DE66B
Serial number 16 88 F0 39 25 5E 63 8E 69 14 39 07 E6 33 0B
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
Packers identified
F-PROT CAB, appended, UPX, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-07-11 10:18:50
Entry Point 0x00003CBA
Number of sections 4
PE sections
Overlays
MD5 11f20fd6e98e40c1d80a628f44f6fefd
File type data
Offset 65536
Size 3270160
Entropy 8.00
PE imports
GetLastError
DosDateTimeToFileTime
FileTimeToDosDateTime
lstrlenA
lstrcmpiA
GlobalFree
WaitForSingleObject
FreeLibrary
CreateDirectoryA
GlobalUnlock
LoadLibraryA
GlobalAlloc
IsDBCSLeadByte
GetShortPathNameA
GetStartupInfoA
FileTimeToLocalFileTime
GetWindowsDirectoryA
LocalAlloc
lstrcatA
SetFileTime
DeleteFileA
GlobalReAlloc
MultiByteToWideChar
GetModuleFileNameA
GlobalLock
GetFileTime
GetTempPathA
RaiseException
WideCharToMultiByte
GetFileAttributesA
GetModuleHandleA
lstrcmpA
FindFirstFileA
InterlockedExchange
lstrcpyA
GetCurrentProcess
CloseHandle
FindNextFileA
RemoveDirectoryA
GetSystemDirectoryA
SearchPathA
GetProcAddress
SetFileAttributesA
GetExitCodeProcess
CreateProcessA
GetExitCodeThread
GlobalHandle
LocalFileTimeToFileTime
FindClose
Sleep
CreateFileA
OutputDebugStringA
GetFileSize
__p__fmode
malloc
_tell
wcschr
_stricmp
_lseek
wcsrchr
strncpy
_except_handler3
strtok
_open
wcslen
exit
sprintf
_strdup
__setusermatherr
_controlfp
_XcptFilter
_adjust_fdiv
_acmdln
memset
strrchr
__p__commode
_filelength
wcscat
wcscspn
atoi
free
__getmainargs
_write
_initterm
strstr
_read
strchr
wcscpy
_beginthreadex
wcsstr
_strnicmp
_exit
_close
__set_app_type
Number of PE resources by type
RT_DIALOG 8
RT_ICON 2
RT_STRING 2
RT_GROUP_ICON 2
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 6
JAPANESE DEFAULT 5
ENGLISH US 5
PE resources
ExifTool file metadata
FileDescription
Explzh for Windows x86 v.7.55 RC105 (EN)

Comments
http://www.ponsoftware.com/en/

InitializedDataSize
32768

ImageVersion
0.0

ProductName
decode cab

FileVersionNumber
7.55.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
deccab.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
7.55

TimeStamp
2016:07:11 11:18:50+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
deccab

SubsystemVersion
4.0

ProductVersion
1.52

UninitializedDataSize
0

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (c) 1996-2017 by pon software

MachineType
Intel 386 or later, and compatibles

CompanyName
pon software

CodeSize
40960

FileSubtype
0

ProductVersionNumber
1.52.0.0

EntryPoint
0x3cba

ObjectFileType
Executable application

File identification
MD5 5b365b7fb4ea2588b885931424f2b272
SHA1 7abb165b0de1dc4a2ba590789eb795d42e9314da
SHA256 55be00b44d5e8363fec9d5f9179b7f5e604802286cd78d2c4bd6048c0e87adac
ssdeep
98304:+gIbG8U1A2RG22nfh/RF8Bjtrm2gPgsU6:hIbG8U1A2Ry/QB9m/Ysn

authentihash 1d12ec510c55eb8ec61f74c7cf09ef3dd7151de5ce1385e02a441d276e1c568e
imphash cafe4a1aa3dcfca7a63665012d29e6bf
File size 3.2 MB ( 3335696 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe signed upx overlay

VirusTotal metadata
First submission 2017-08-08 04:40:41 UTC ( 1 year, 2 months ago )
Last submission 2017-12-08 01:34:39 UTC ( 10 months, 1 week ago )
File names deccab
deccab.exe
explz755_en.exe
explz755_en.exe
explz755_en.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Runtime DLLs
UDP communications