× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 63df759ba2e651c041eb7bc67fa1c4f53a0a913dd6e02ee581f549f2465c6041
File name: mcpclite.exe
Detection ratio: 0 / 54
Analysis date: 2016-02-08 10:13:16 UTC ( 2 years, 9 months ago ) View latest
Antivirus Result Update
Ad-Aware 20160208
AegisLab 20160208
Yandex 20160206
AhnLab-V3 20160208
Alibaba 20160204
Antiy-AVL 20160208
Arcabit 20160208
Avast 20160208
AVG 20160208
Avira (no cloud) 20160207
Baidu-International 20160207
BitDefender 20160208
Bkav 20160204
ByteHero 20160208
CAT-QuickHeal 20160208
ClamAV 20160206
CMC 20160205
Comodo 20160208
Cyren 20160208
DrWeb 20160208
Emsisoft 20160208
ESET-NOD32 20160208
F-Prot 20160129
F-Secure 20160208
Fortinet 20160208
GData 20160208
Ikarus 20160208
Jiangmin 20160208
K7AntiVirus 20160208
K7GW 20160208
Kaspersky 20160208
Malwarebytes 20160208
McAfee 20160208
McAfee-GW-Edition 20160208
Microsoft 20160208
eScan 20160208
NANO-Antivirus 20160208
nProtect 20160205
Panda 20160207
Qihoo-360 20160208
Rising 20160208
Sophos AV 20160208
SUPERAntiSpyware 20160208
Symantec 20160207
Tencent 20160208
TheHacker 20160206
TotalDefense 20160208
TrendMicro 20160208
TrendMicro-HouseCall 20160208
VBA32 20160208
VIPRE 20160208
ViRobot 20160208
Zillya 20160208
Zoner 20160208
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 12:00 PM 6/4/2015
Signers
[+] Visualware Inc
Status Valid
Issuer GlobalSign CodeSigning CA - G2
Valid from 5:10 PM 1/16/2014
Valid to 5:10 PM 1/16/2017
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint C101D99C69523DF1FC8C4F7F4577D1400E5556E7
Serial number 11 21 45 15 51 EA 2B 3D 99 2F F2 EF A9 EE 9E 09 04 F2
[+] GlobalSign CodeSigning CA - G2
Status Valid
Issuer GlobalSign Root CA
Valid from 11:00 AM 4/13/2011
Valid to 11:00 AM 4/13/2019
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 9000401777DD2B43393D7B594D2FF4CBA4516B38
Serial number 04 00 00 00 00 01 2F 4E E1 35 5C
[+] GlobalSign
Status Valid
Issuer GlobalSign Root CA
Valid from 1:00 PM 9/1/1998
Valid to 1:00 PM 1/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbprint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
Counter signers
[+] GlobalSign TSA for MS Authenticode - G2
Status Valid
Issuer GlobalSign Timestamping CA - G2
Valid from 1:00 AM 2/3/2015
Valid to 1:00 AM 3/3/2026
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint B36308B4D4CDED4FCFBD66B955FAE3BFB12C29E6
Serial number 11 21 06 A0 81 D3 3F D8 7A E5 82 4C C1 6B 52 09 4E 03
[+] GlobalSign Timestamping CA - G2
Status Valid
Issuer GlobalSign Root CA
Valid from 11:00 AM 4/13/2011
Valid to 1:00 PM 1/28/2028
Valid usage All
Algorithm sha1RSA
Thumbrint C0E49D2D7D90A5CD427F02D9125694D5D6EC5B71
Serial number 04 00 00 00 00 01 2F 4E E1 52 D7
[+] GlobalSign
Status Valid
Issuer GlobalSign Root CA
Valid from 1:00 PM 9/1/1998
Valid to 1:00 PM 1/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbrint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-12-19 18:55:35
Entry Point 0x000026C8
Number of sections 4
PE sections
Overlays
MD5 08efd129d2901c406e2f3002bd03161b
File type data
Offset 13312
Size 1517832
Entropy 8.00
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetStdHandle
GetFileAttributesA
WaitForSingleObject
GetExitCodeProcess
GetTickCount
GetModuleFileNameA
RemoveDirectoryA
GetStartupInfoA
GetFileSize
CreateDirectoryA
DeleteFileA
SetStdHandle
GetTempPathA
GetModuleHandleA
ReadFile
GetCurrentProcessId
WriteFile
FindFirstFileA
FindNextFileA
SetEnvironmentVariableA
CreateProcessA
GetEnvironmentVariableA
FindClose
CreateFileA
SetCurrentDirectoryA
CloseHandle
__p__fmode
memset
strcat
printf
fflush
strlen
_except_handler3
strtok
__p__commode
exit
sprintf
__setusermatherr
_controlfp
_XcptFilter
_acmdln
_adjust_fdiv
free
__getmainargs
calloc
memcpy
strstr
strcpy
_initterm
_exit
__set_app_type
strcmp
_iob
ShellExecuteA
MessageBoxA
Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2005:12:19 19:55:35+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
6656

LinkerVersion
6.0

EntryPoint
0x26c8

InitializedDataSize
5632

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 528888910ed11c7a6c22543c16c72196
SHA1 4c9293c3a9dadcbb36acdb0aec7f1c628710326d
SHA256 63df759ba2e651c041eb7bc67fa1c4f53a0a913dd6e02ee581f549f2465c6041
ssdeep
24576:unzABXFT5Nkp28OTkjPz+ynIAtuf+zsQ5jhT+aYk8ypUzeVKcOsh7x7XZaTt4:GzukUZwb+ynttuf+zsAT+rk8QUSVv7BM

authentihash 59f41d63e469a1e236275cf84d44b6cef744685c421abb8c38e4869d9b8fa089
imphash 5bc8b985c4b2d62c465f2a804d2b059d
File size 1.5 MB ( 1531144 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2015-06-24 18:00:34 UTC ( 3 years, 4 months ago )
Last submission 2016-05-07 21:13:17 UTC ( 2 years, 6 months ago )
File names 688833
mcpclite.exe
63DF759BA2E651C041EB7BC67FA1C4F53A0A913DD6E02EE581F549F2465C6041.exe
mcpclite.exe
mcpclite.exe
download
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections