× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 60e4a30923640b304890186950ea06d125afea59133715eba4d833f303754837
File name: Skater.exe
Detection ratio: 2 / 67
Analysis date: 2019-02-15 23:45:14 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
DrWeb Trojan.DownLoader27.28695 20190216
VBA32 Trojan.MSIL.Crypt 20190215
Acronis 20190213
Ad-Aware 20190216
AegisLab 20190216
AhnLab-V3 20190216
Alibaba 20180921
ALYac 20190216
Antiy-AVL 20190216
Arcabit 20190216
Avast 20190216
Avast-Mobile 20190216
AVG 20190216
Avira (no cloud) 20190216
Babable 20180918
Baidu 20190215
BitDefender 20190216
Bkav 20190216
CAT-QuickHeal 20190216
ClamAV 20190216
CMC 20190216
Comodo 20190216
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cylance 20190216
Cyren 20190216
eGambit 20190216
Emsisoft 20190216
Endgame 20190215
ESET-NOD32 20190216
F-Prot 20190216
F-Secure 20190216
Fortinet 20190216
GData 20190216
Ikarus 20190216
Sophos ML 20181128
Jiangmin 20190216
K7AntiVirus 20190216
K7GW 20190216
Kaspersky 20190216
Kingsoft 20190216
Malwarebytes 20190216
MAX 20190216
McAfee 20190216
McAfee-GW-Edition 20190215
Microsoft 20190216
eScan 20190216
NANO-Antivirus 20190216
Palo Alto Networks (Known Signatures) 20190216
Panda 20190216
Qihoo-360 20190216
Rising 20190216
SentinelOne (Static ML) 20190203
Sophos AV 20190216
SUPERAntiSpyware 20190213
Symantec 20190216
Symantec Mobile Insight 20190207
TACHYON 20190216
Tencent 20190216
TheHacker 20190215
TotalDefense 20190216
Trapmine 20190123
TrendMicro 20190216
TrendMicro-HouseCall 20190216
Trustlook 20190216
VIPRE 20190215
ViRobot 20190216
Webroot 20190216
Yandex 20190215
Zillya 20190215
ZoneAlarm by Check Point 20190216
Zoner 20190216
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 6:35 PM 2/3/2019
Signers
[+] Rustemsoft LLC
Status Valid
Issuer COMODO RSA Code Signing CA
Valid from 11:00 PM 05/07/2018
Valid to 10:59 PM 05/08/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 0CDC95263D5BA5BBC4B4F7A8D921FBFE46B32978
Serial number 00 EF 8E B3 C6 57 A4 C3 F2 3F ED DC B5 F7 F1 D9 C3
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 11:00 PM 05/08/2013
Valid to 10:59 PM 05/08/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 01/19/2010
Valid to 11:59 PM 01/18/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] COMODO SHA-256 Time Stamping Signer
Status Valid
Issuer UTN-USERFirst-Object
Valid from 12:00 AM 12/31/2015
Valid to 05:40 PM 07/09/2019
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 36527D4FA26A68F9EB4596F1D99ABB2C0EA76DFA
Serial number 4E B0 87 8F CC 24 35 36 B2 D8 C9 F7 BF 39 55 77
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 05:31 PM 07/09/1999
Valid to 05:40 PM 07/09/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
Packers identified
F-PROT NSIS, appended, UTF-8, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-03-19 13:58:02
Entry Point 0x0000402D
Number of sections 5
PE sections
Overlays
MD5 b50dc7dbab5c76f041378e1128e26076
File type data
Offset 36352
Size 28724400
Entropy 8.00
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SetBkMode
CreateBrushIndirect
CreateFontIndirectA
SelectObject
SetBkColor
DeleteObject
SetTextColor
GetUserDefaultLangID
ReadFile
LoadLibraryA
CreateFileMappingA
lstrcmpiA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
ExitProcess
SetFileTime
GlobalUnlock
GetModuleFileNameA
RemoveDirectoryA
GetShortPathNameA
GetCurrentProcess
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
MapViewOfFile
GetCommandLineA
GlobalLock
SetFileAttributesA
lstrlenA
GetTempPathA
CreateThread
GetFileAttributesA
SetFilePointer
FindFirstFileA
lstrcpyA
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
GetSystemDirectoryA
GetDiskFreeSpaceA
ExpandEnvironmentStringsA
GetFullPathNameA
FreeLibrary
MoveFileA
CreateProcessA
GetEnvironmentVariableA
UnmapViewOfFile
WriteFile
GlobalAlloc
SearchPathA
FindClose
Sleep
SetEndOfFile
CreateFileA
GetTickCount
GetProcAddress
SetCurrentDirectoryA
GetModuleHandleA
MulDiv
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
SHFileOperationA
EmptyClipboard
GetMessagePos
EndPaint
CharPrevA
EndDialog
DestroyWindow
PostQuitMessage
DefWindowProcA
CreatePopupMenu
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
RegisterClassA
SetDlgItemTextA
LoadImageA
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
FindWindowExA
SystemParametersInfoA
BeginPaint
GetClassInfoA
wsprintfA
ShowWindow
SetClipboardData
IsWindowVisible
SendMessageA
DialogBoxParamA
GetClientRect
SetTimer
GetDlgItem
SetForegroundWindow
CreateDialogParamA
DrawTextA
ScreenToClient
InvalidateRect
GetWindowLongA
SendMessageTimeoutA
CreateWindowExA
LoadCursorA
TrackPopupMenu
SetWindowTextA
FillRect
CharNextA
CallWindowProcA
EnableWindow
CloseClipboard
OpenClipboard
ExitWindowsEx
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
OleUninitialize
CoCreateInstance
OleInitialize
Number of PE resources by type
RT_DIALOG 6
RT_ICON 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 9
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2005:03:19 14:58:02+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
23552

LinkerVersion
6.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x402d

InitializedDataSize
165376

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
1024

File identification
MD5 1dc11c6e6376def73e48c4650a19379d
SHA1 4115ba23409c779aa192e381f2c59aacaf0ae41e
SHA256 60e4a30923640b304890186950ea06d125afea59133715eba4d833f303754837
ssdeep
393216:nuASCUti1NqJBKfS7wE79n17Z9zVQl+qlyM3fTiObHi30yKByhwAhxgx1KyVmcE3:RJSaSkAn5zVQlBlpeOTES3105cKG1Ap

authentihash b589ad54225e1ca5376ab4701f324af6e91f18670d041eedce0a6473f12813f1
imphash 1433f2e02f7db60c6c8547c52a3f8504
File size 27.4 MB ( 28760752 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID NSIS - Nullsoft Scriptable Install System (95.6%)
Win64 Executable (generic) (3.1%)
Win32 Executable (generic) (0.5%)
OS/2 Executable (generic) (0.2%)
Generic Win/DOS Executable (0.2%)
Tags
nsis peexe signed overlay

VirusTotal metadata
First submission 2019-02-03 21:22:54 UTC ( 1 month, 2 weeks ago )
Last submission 2019-03-24 20:04:06 UTC ( 1 day, 18 hours ago )
File names Skater.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!