× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 58b6a5eea26566b1095cfb4393e087a6a1013176f958739c27792cdbdcf35897
File name: overview.php2
Detection ratio: 13 / 67
Analysis date: 2018-10-10 14:09:23 UTC ( 4 months, 1 week ago ) View latest
Antivirus Result Update
AegisLab W32.W.Gen.llEj 20181010
Avast FileRepMalware 20181010
AVG FileRepMalware 20181010
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20180723
Cylance Unsafe 20181010
Endgame malicious (high confidence) 20180730
Sophos ML heuristic 20180717
Qihoo-360 HEUR/QVM20.1.6EB1.Malware.Gen 20181010
Rising Malware.Heuristic!ET#90% (RDM+:cmRtazrN1qDAJNb0RlqnzpGd4Ms5) 20181010
SentinelOne (Static ML) static engine - malicious 20180926
TrendMicro TrojanSpy.Win32.EMOTET.SMITHAL95.hp 20181010
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMITHAL95.hp 20181010
Webroot W32.Trojan.Gen 20181010
Ad-Aware 20181010
AhnLab-V3 20181010
Alibaba 20180921
ALYac 20181010
Antiy-AVL 20181010
Arcabit 20181010
Avast-Mobile 20181010
Avira (no cloud) 20181010
Babable 20180918
Baidu 20181010
BitDefender 20181010
Bkav 20181009
CAT-QuickHeal 20181008
ClamAV 20181010
CMC 20181010
Comodo 20181010
Cybereason 20180225
Cyren 20181010
DrWeb 20181010
eGambit 20181010
Emsisoft 20181010
ESET-NOD32 20181010
F-Prot 20181010
F-Secure 20181010
Fortinet 20181010
GData 20181010
Ikarus 20181010
Jiangmin 20181009
K7AntiVirus 20181010
K7GW 20181010
Kaspersky 20181010
Kingsoft 20181010
Malwarebytes 20181010
MAX 20181010
McAfee 20181010
McAfee-GW-Edition 20181010
Microsoft 20181010
eScan 20181010
NANO-Antivirus 20181010
Palo Alto Networks (Known Signatures) 20181010
Panda 20181009
Sophos AV 20181010
SUPERAntiSpyware 20181006
Symantec 20181010
Symantec Mobile Insight 20181001
TACHYON 20181010
Tencent 20181010
TheHacker 20181008
Trustlook 20181010
VBA32 20181010
VIPRE 20181010
ViRobot 20181010
Yandex 20181010
Zillya 20181010
ZoneAlarm by Check Point 20181010
Zoner 20181010
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name kbdhe319.dll
Internal name kbdhe319 (3.13)
File version 6.3.9600.16384 (winblue_rtm.130821-1623)
Description Greek IBM 319 Keyboard Layout
Signature verification A certificate was explicitly revoked by its issuer.
Signing date 12:32 PM 10/10/2018
Signers
[+] AJALA INVESTMENTS LTD
Status Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer COMODO RSA Code Signing CA
Valid from 1:00 AM 8/21/2018
Valid to 12:59 AM 8/22/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 315DFA3286EB006A6E6F00A4E964063CD2F92B88
Serial number 5F 4C EC 31 0D 7C DB D5 89 1F 7B 52 96 2D EB 1F
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 5/9/2013
Valid to 12:59 AM 5/9/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 1/19/2010
Valid to 12:59 AM 1/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-04-25 20:22:27
Entry Point 0x0000491D
Number of sections 5
PE sections
Overlays
MD5 ec7253983105e54bce4451627315d2e3
File type data
Offset 155648
Size 6288
Entropy 7.41
PE imports
LookupPrivilegeNameW
InitializeSid
IsValidSid
GetPrivateObjectSecurity
EnumServicesStatusExW
LockServiceDatabase
IsTextUnicode
EqualPrefixSid
GetSaveFileNameA
GetDeviceCaps
FillPath
GetObjectType
GetTextExtentPoint32W
GetTextExtentExPointI
GetStockObject
GetPath
EqualRgn
GetROP2
GetPixel
ExtCreatePen
GetTextAlign
GetBkColor
GetSystemTime
DefineDosDeviceW
LocalLock
WriteProcessMemory
GetOverlappedResult
GlobalCompact
GetCompressedFileSizeW
GetSystemWindowsDirectoryW
VirtualProtect
FillConsoleOutputCharacterW
WaitForSingleObjectEx
LoadLibraryA
GetShortPathNameA
GetWindowsDirectoryW
DeleteFileA
GetWindowsDirectoryA
GetVolumeInformationW
LoadLibraryExW
GenerateConsoleCtrlEvent
DefineDosDeviceA
VirtualProtectEx
GlobalAddAtomW
GetFileSizeEx
LoadLibraryW
GetSystemDefaultUILanguage
WritePrivateProfileStructA
lstrcpyA
GetProfileStringA
GetTimeFormatA
GetMailslotInfo
FindFirstFileW
GetCommConfig
GetThreadSelectorEntry
IsValidCodePage
GetDefaultCommConfigW
GetLogicalDriveStringsW
GetPrivateProfileSectionNamesW
IsWinEventHookInstalled
GetParent
DrawTextExW
SwitchDesktop
GetClipboardOwner
GetMessageW
DefMDIChildProcA
LoadMenuW
GetLastInputInfo
DialogBoxParamW
GetDlgItemTextA
GetWindowTextLengthW
InsertMenuItemA
PrintWindow
DrawIconEx
LoadAcceleratorsA
EnumThreadWindows
DestroyAcceleratorTable
CloseDesktop
FindWindowExW
GetWindowInfo
GetMenuContextHelpId
GetFileVersionInfoW
FindFirstUrlCacheEntryExA
DeletePrinterDriverExW
fputc
malloc
towupper
free
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
2

FileVersionNumber
6.3.9600.16384

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Greek IBM 319 Keyboard Layout

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
56832

EntryPoint
0x491d

OriginalFileName
kbdhe319.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.3.9600.16384 (winblue_rtm.130821-1623)

TimeStamp
2013:04:25 21:22:27+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
kbdhe319 (3.13)

ProductVersion
6.3.9600.16384

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
795242121

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.3.9600.16384

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 f90a0dc02cc5ce3239f0b2894503e503
SHA1 924c3ab3321335eb28affc75cee77be2a05b363d
SHA256 58b6a5eea26566b1095cfb4393e087a6a1013176f958739c27792cdbdcf35897
ssdeep
3072:pv5ldntklcNsTwIFyUBT+C4725wbsZiaRBX:ZST0BUBP2FuX

authentihash 7331e32ca5986d88bff20e7dcc1ef67ee0e194c85a190de5242dfa8f0510862d
imphash 37e87d14985df8fa570c04618db3c149
File size 158.1 KB ( 161936 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
revoked-cert peexe signed overlay

VirusTotal metadata
First submission 2018-10-10 14:09:23 UTC ( 4 months, 1 week ago )
Last submission 2018-10-10 14:09:23 UTC ( 4 months, 1 week ago )
File names kbdhe319 (3.13)
overview.php2
kbdhe319.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.