× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 602a959ed9e085feb65f5cb13f9ad62fa4b5f515fb6320eb51e5fb0ea9139f5d
File name: windows-vulnerability-scanner-3027-jetelecharge.exe
Detection ratio: 0 / 57
Analysis date: 2016-12-31 03:17:21 UTC ( 1 year, 8 months ago )
Antivirus Result Update
Ad-Aware 20161231
AegisLab 20161230
AhnLab-V3 20161230
Alibaba 20161223
ALYac 20161231
Antiy-AVL 20161231
Arcabit 20161231
Avast 20161231
AVG 20161231
Avira (no cloud) 20161230
AVware 20161231
Baidu 20161207
BitDefender 20161231
Bkav 20161229
CAT-QuickHeal 20161230
ClamAV 20161231
CMC 20161230
Comodo 20161230
CrowdStrike Falcon (ML) 20161024
Cyren 20161231
DrWeb 20161231
Emsisoft 20161231
ESET-NOD32 20161231
F-Prot 20161231
F-Secure 20161231
Fortinet 20161231
GData 20161231
Ikarus 20161230
Sophos ML 20161216
Jiangmin 20161231
K7AntiVirus 20161230
K7GW 20161231
Kaspersky 20161231
Kingsoft 20161231
Malwarebytes 20161231
McAfee 20161231
McAfee-GW-Edition 20161231
Microsoft 20161231
eScan 20161231
NANO-Antivirus 20161231
nProtect 20161231
Panda 20161230
Qihoo-360 20161231
Rising 20161231
Sophos AV 20161231
SUPERAntiSpyware 20161230
Symantec 20161231
Tencent 20161231
TheHacker 20161229
TotalDefense 20161230
TrendMicro 20161231
TrendMicro-HouseCall 20161231
Trustlook 20161231
VBA32 20161229
VIPRE 20161231
ViRobot 20161231
WhiteArmor 20161221
Yandex 20161230
Zillya 20161230
Zoner 20161230
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2013

Product Protector Plus - Windows Vulnerability Scanner
Original name Winvulnscan.exe
Internal name Winvulnscan
File version 3, 0, 0, 2
Description Winvulnscan
Comments Protector Plus - Windows Vulnerability Scanner
Signature verification Signed file, verified signature
Signing date 10:32 AM 6/17/2013
Signers
[+] Proland Softwares Private Limited
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 2/22/2013
Valid to 12:59 AM 3/25/2014
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint A1210284D05349E761C14891736F1354DE3ACB77
Serial number 4B A7 BC EC 63 A1 29 FD E9 13 F9 63 C4 2C FA 69
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-06-13 09:39:43
Entry Point 0x0001165B
Number of sections 4
PE sections
Overlays
MD5 df33958208bb1ee18b866eb4fe187b16
File type data
Offset 872448
Size 6576
Entropy 7.30
PE imports
RegOpenKeyA
RegCloseKey
RegSetValueExA
RegQueryValueExA
GetUserNameA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
Ord(17)
ImageList_Destroy
GetWindowExtEx
SetMapMode
PatBlt
SaveDC
TextOutA
LPtoDP
CombineRgn
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetBkMode
SelectObject
DeleteObject
IntersectClipRect
BitBlt
CreateDIBSection
SetTextColor
GetObjectA
CreateFontA
CreateBitmap
RectVisible
GetStockObject
CreateDIBitmap
SetViewportOrgEx
ScaleWindowExtEx
SetBkColor
ExtTextOutA
PtVisible
GetTextExtentPointA
ExtCreateRegion
CreateCompatibleDC
Escape
ScaleViewportExtEx
SetViewportExtEx
SetWindowExtEx
GetTextColor
CreateSolidBrush
DPtoLP
GetMapMode
GetViewportExtEx
GetBkColor
GetStdHandle
FileTimeToSystemTime
GetFileAttributesA
GetDriveTypeA
HeapDestroy
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetFileTime
GetTempPathA
GetCPInfo
GetStringTypeA
WriteFile
HeapReAlloc
GetStringTypeW
GetFullPathNameA
GetOEMCP
LocalFree
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
TlsGetValue
FormatMessageA
SetLastError
InterlockedDecrement
GlobalFindAtomA
ExitProcess
FlushFileBuffers
GetModuleFileNameA
GetVolumeInformationA
UnhandledExceptionFilter
TerminateProcess
MultiByteToWideChar
GetModuleHandleA
CreateThread
GlobalAddAtomA
SetUnhandledExceptionFilter
MulDiv
GetDateFormatA
GetSystemDirectoryA
SetEnvironmentVariableA
GlobalMemoryStatus
GlobalFlags
GlobalAlloc
SetEndOfFile
GetVersion
InterlockedIncrement
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
FreeLibrary
GetTickCount
IsBadWritePtr
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
UnlockFile
GetFileSize
GlobalDeleteAtom
DeleteFileA
GetWindowsDirectoryA
GlobalLock
CompareStringW
GlobalReAlloc
lstrcmpA
FindFirstFileA
lstrcpyA
GetProfileStringA
GetTimeFormatA
GetComputerNameA
GetDiskFreeSpaceExA
DuplicateHandle
GetProcAddress
GetTimeZoneInformation
CopyFileA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
lstrlenA
GlobalFree
LCMapStringA
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
LockFile
FileTimeToLocalFileTime
GetEnvironmentStrings
WritePrivateProfileStringA
LockResource
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
ReadFile
GetProcessVersion
CloseHandle
lstrcpynA
GetACP
GetCurrentThreadId
SizeofResource
WideCharToMultiByte
HeapCreate
VirtualFree
Sleep
IsBadReadPtr
IsBadCodePtr
FindResourceA
VirtualAlloc
CompareStringA
VariantChangeType
VariantTimeToSystemTime
SysStringLen
SysAllocStringLen
VariantClear
SysAllocString
VariantCopy
SysFreeString
SysAllocStringByteLen
Ord(253)
ShellExecuteA
SetFocus
GetMessagePos
SetWindowRgn
SetMenuItemBitmaps
DestroyMenu
PostQuitMessage
GetForegroundWindow
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
GetWindowLongA
GrayStringA
CopyRect
GetMessageTime
SetActiveWindow
GetMenuItemID
GetCursorPos
DrawTextA
GetDlgCtrlID
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
GetNextDlgTabItem
CallNextHookEx
GetWindowTextLengthA
CopyAcceleratorTableA
GetTopWindow
ExcludeUpdateRgn
GetActiveWindow
GetWindowTextA
DestroyWindow
GetMessageA
GetParent
UpdateWindow
SetPropA
ShowWindow
GetPropA
GetNextDlgGroupItem
GetDesktopWindow
EnableWindow
LoadImageA
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
LoadStringA
GetWindowPlacement
EnableMenuItem
RegisterClassA
TabbedTextOutA
DrawFocusRect
CreateWindowExA
SetWindowContextHelpId
GetSysColorBrush
IsWindowUnicode
ReleaseDC
PtInRect
IsChild
IsDialogMessageA
MapWindowPoints
SetCapture
BeginPaint
OffsetRect
CopyIcon
RegisterWindowMessageA
DefWindowProcA
SendDlgItemMessageA
GetSystemMetrics
IsIconic
GetWindowRect
InflateRect
PostMessageA
ReleaseCapture
EnumChildWindows
SetWindowLongA
RemovePropA
SetWindowTextA
ShowCaret
GetSubMenu
GetLastActivePopup
GetDlgItem
GetMenuCheckMarkDimensions
ClientToScreen
GetClassLongA
GetCapture
LoadCursorA
LoadIconA
SetWindowsHookExA
GetMenuItemCount
GetMenuState
GetDC
SetForegroundWindow
PostThreadMessageA
MapDialogRect
IntersectRect
EndDialog
HideCaret
CharNextA
CreateDialogIndirectParamA
ScreenToClient
FindWindowA
MessageBeep
CheckMenuItem
UnhookWindowsHookEx
RegisterClipboardFormatA
MoveWindow
MessageBoxA
GetWindowDC
AdjustWindowRectEx
GetSysColor
GetKeyState
SystemParametersInfoA
IsWindowVisible
WinHelpA
SetRect
InvalidateRect
wsprintfA
DefDlgProcA
ValidateRect
CallWindowProcA
GetClassNameA
GetFocus
ModifyMenuA
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
OpenPrinterA
DocumentPropertiesA
ClosePrinter
GetFileTitleA
OleUninitialize
CLSIDFromString
CoTaskMemAlloc
StgCreateDocfileOnILockBytes
OleFlushClipboard
CoGetClassObject
CLSIDFromProgID
CoRevokeClassObject
CoFreeUnusedLibraries
CoRegisterMessageFilter
StgOpenStorageOnILockBytes
OleIsCurrentClipboard
CoTaskMemFree
CreateILockBytesOnHGlobal
OleInitialize
Number of PE resources by type
RT_BITMAP 40
RT_STRING 11
RT_DIALOG 4
RT_CURSOR 2
RT_GROUP_CURSOR 1
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 61
PE resources
ExifTool file metadata
LegalTrademarks
Protector Plus

SubsystemVersion
4.0

Comments
Protector Plus - Windows Vulnerability Scanner

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.0.0.2

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Winvulnscan

CharacterSet
Unicode

InitializedDataSize
724992

EntryPoint
0x1165b

OriginalFileName
Winvulnscan.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2013

FileVersion
3, 0, 0, 2

TimeStamp
2013:06:13 10:39:43+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Winvulnscan

ProductVersion
3, 0, 0, 2

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Proland Software

CodeSize
172032

ProductName
Protector Plus - Windows Vulnerability Scanner

ProductVersionNumber
3.0.0.2

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 22a3ef9c7f2277281d8f3a207408ece3
SHA1 b2e57d29eb539987a9b1ffc6f40fa305c57027b5
SHA256 602a959ed9e085feb65f5cb13f9ad62fa4b5f515fb6320eb51e5fb0ea9139f5d
ssdeep
6144:YJU5R2G8YWUbsPHK58HJ3xk+0pFGCeC4cdrYI0Qnr6O:YWn2G8YRbiHk8c+EX/YLQnL

authentihash 6ddaa948e2691fefc1c9f6e71dc3cc959613d4e79a07717e2e483559625b2691
imphash cab2088331269601789be6ce34f3f9b6
File size 858.4 KB ( 879024 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (52.5%)
Windows screen saver (22.0%)
Win32 Dynamic Link Library (generic) (11.0%)
Win32 Executable (generic) (7.5%)
Generic Win/DOS Executable (3.3%)
Tags
peexe armadillo signed overlay

VirusTotal metadata
First submission 2013-06-17 11:55:37 UTC ( 5 years, 3 months ago )
Last submission 2016-12-31 03:17:21 UTC ( 1 year, 8 months ago )
File names 535-Winvulscan.exe
Winvulscan.exe
858-Winvulscan.exe
Winvulnscan
152-Winvulscan.exe
Winvulnscan.exe
Winvulscan = Windows Vulnerability Scanner 2.9 =0-57= сканер уязвимостей системы =.exe
417-Winvulscan.exe
Winvulscan-3.0.0.2.exe
windows-vulnerability-scanner-3027-jetelecharge.exe
Winvulscan-557.exe
Winvulscan_3.2.exe
file
windows-vulnerability-scanner-3027-jetelecharge.exe
Winvulscan.exe
windows-vulnerability-scanner-3027-jetelecharge.exe
Winvulscan.exe
22a3ef9c7f2277281d8f3a207408ece3
687-Winvulscan.exe
141481907174757-Winvulscan.exe
Winvulscan = Windows Vulnerability Scanner 2.9 = сканер уязвимостей системы =.exe
file-5643166_exe
windows-vulnerability-scanner-3027-jetelecharge.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.