× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6477278e9b67857eb0a811325c689215eb91e37d5f9f3a27c615d3697c9b3c0f
File name: 500216b0f27488606259a6b6c8804353
Detection ratio: 0 / 70
Analysis date: 2019-02-08 13:31:55 UTC ( 3 months, 2 weeks ago )
Antivirus Result Update
Acronis 20190207
Ad-Aware 20190208
AegisLab 20190208
AhnLab-V3 20190208
Alibaba 20180921
ALYac 20190208
Antiy-AVL 20190208
Arcabit 20190208
Avast 20190208
Avast-Mobile 20190208
AVG 20190208
Avira (no cloud) 20190208
Babable 20180917
Baidu 20190201
BitDefender 20190208
Bkav 20190201
CAT-QuickHeal 20190208
ClamAV 20190208
CMC 20190208
Comodo 20190208
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cylance 20190208
Cyren 20190208
DrWeb 20190208
eGambit 20190208
Emsisoft 20190208
Endgame 20181108
ESET-NOD32 20190208
F-Prot 20190208
F-Secure 20190208
Fortinet 20190208
GData 20190208
Ikarus 20190208
Sophos ML 20181128
Jiangmin 20190208
K7AntiVirus 20190208
K7GW 20190208
Kaspersky 20190208
Kingsoft 20190208
Malwarebytes 20190208
MAX 20190208
McAfee 20190208
McAfee-GW-Edition 20190208
Microsoft 20190208
eScan 20190208
NANO-Antivirus 20190208
Palo Alto Networks (Known Signatures) 20190208
Panda 20190208
Qihoo-360 20190208
Rising 20190208
SentinelOne (Static ML) 20190203
Sophos AV 20190207
SUPERAntiSpyware 20190206
Symantec 20190208
Symantec Mobile Insight 20190206
TACHYON 20190207
Tencent 20190208
TheHacker 20190203
TotalDefense 20190206
Trapmine 20190123
TrendMicro 20190208
TrendMicro-HouseCall 20190208
Trustlook 20190208
VBA32 20190208
ViRobot 20190208
Webroot 20190208
Yandex 20190207
Zillya 20190208
ZoneAlarm by Check Point 20190208
Zoner 20190207
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© 2018 AO Kaspersky Lab. All Rights Reserved

Product Kaspersky Password Manager
Original name Setup
File version 9.0.0.944
Description Kaspersky Password Manager [9.0.0.944.0.25.0]
Signature verification Signed file, verified signature
Signing date 8:43 AM 4/10/2018
Signers
[+] Kaspersky Lab
Status Valid
Issuer DigiCert High Assurance Code Signing CA-1
Valid from 11:00 PM 06/01/2017
Valid to 11:00 AM 07/08/2020
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 3C92C9274AB6D3DD520B13029A2490C4A1D98BC0
Serial number 0F 9D 91 C6 AB A8 6F 4E 54 CB B9 EF 57 E6 83 46
[+] DigiCert High Assurance Code Signing CA-1
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 12:00 PM 02/11/2011
Valid to 12:00 PM 02/10/2026
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint E308F829DC77E80AF15EDD4151EA47C59399AB46
Serial number 02 C4 D1 E5 8A 4A 68 0C 56 8D A3 04 7E 7E 4D 5F
[+] DigiCert
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 12:00 AM 11/10/2006
Valid to 12:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
Serial number 02 AC 5C 26 6A 0B 40 9B 8F 0B 79 F2 AE 46 25 77
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 11:00 PM 10/17/2012
Valid to 11:59 PM 12/29/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 12/21/2012
Valid to 11:59 PM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 01/01/1997
Valid to 11:59 PM 12/31/2020
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-10-23 16:49:05
Entry Point 0x00003530
Number of sections 5
PE sections
Overlays
MD5 29b219fe712730efcf547e8db8c5415d
File type data
Offset 7635968
Size 129024
Entropy 7.79
PE imports
GetTokenInformation
SetSecurityDescriptorDacl
CreateWellKnownSid
OpenProcessToken
AddAccessAllowedAce
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
SetSecurityDescriptorSacl
HeapSize
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetSystemTimeAsFileTime
EnterCriticalSection
LCMapStringW
RemoveDirectoryW
WaitForSingleObject
FreeLibrary
QueryPerformanceCounter
HeapReAlloc
IsDebuggerPresent
EncodePointer
TlsAlloc
GetOEMCP
GetEnvironmentStringsW
FlushFileBuffers
RtlUnwind
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
SetFilePointerEx
FreeEnvironmentStringsW
CreateDirectoryW
DeleteFileW
GetProcAddress
InitializeSListHead
TlsFree
GetFileType
SetStdHandle
RaiseException
WideCharToMultiByte
GetModuleFileNameW
MoveFileExW
GetModuleHandleA
FindNextFileW
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
GetCommandLineA
TerminateProcess
GetACP
FindFirstFileExW
DecodePointer
GetModuleHandleW
HeapAlloc
GetTempPathW
GetConsoleCP
GetModuleHandleExW
IsValidCodePage
LoadResource
FindResourceW
CreateFileW
CreateProcessW
FindClose
TlsGetValue
Sleep
WriteConsoleW
TlsSetValue
ExitProcess
GetCurrentThreadId
GetProcessHeap
SetLastError
LeaveCriticalSection
UuidCreate
Number of PE resources by type
RT_VERSION 19
RT_ICON 7
RT_GROUP_ICON 1
RT_RCDATA 1
RT_MANIFEST 1
Number of PE resources by language
RUSSIAN 10
ENGLISH US 2
SWEDISH 1
TURKISH DEFAULT 1
DANISH DEFAULT 1
NORWEGIAN BOKMAL 1
FINNISH DEFAULT 1
GERMAN 1
CHINESE TRADITIONAL 1
FRENCH 1
CHINESE SIMPLIFIED 1
PORTUGUESE BRAZILIAN 1
SPANISH MODERN 1
POLISH DEFAULT 1
DUTCH 1
KOREAN 1
SPANISH MEXICAN 1
PORTUGUESE 1
ITALIAN 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
14.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
9.0.0.944

LanguageCode
Chinese (Traditional)

FileFlagsMask
0x003f

FileDescription
Kaspersky Password Manager [9.0.0.944.0.25.0]

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
7559168

EntryPoint
0x3530

OriginalFileName
Setup

MIMEType
application/octet-stream

LegalCopyright
2018 AO Kaspersky Lab

FileVersion
9.0.0.944

TimeStamp
2017:10:23 09:49:05-07:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
9.0.0.944

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Kaspersky Lab

CodeSize
75776

ProductName
Kaspersky Password Manager

ProductVersionNumber
9.0.0.944

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 500216b0f27488606259a6b6c8804353
SHA1 f5f608dedfa8ae61bceae268006ef9a22195bb86
SHA256 6477278e9b67857eb0a811325c689215eb91e37d5f9f3a27c615d3697c9b3c0f
ssdeep
98304:SmOq6RWsKUEq6eOmsh79pkjYZ41kGQiFO7ESOQewHi4/NzQuyOJRn/31RYgJ/:SmBnsf7Gl9pW1kGQ+w0cYu/

authentihash a7c348818ebe53c6d2a35ced868bba2c802f9836088e4ba310e2dedc76e12584
imphash 547822a0e05507d9c8b1e599434a1125
File size 7.4 MB ( 7764992 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows ActiveX control (75.3%)
Win64 Executable (generic) (17.8%)
Win32 Executable (generic) (2.9%)
OS/2 Executable (generic) (1.3%)
Generic Win/DOS Executable (1.2%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2018-04-12 16:52:14 UTC ( 1 year, 1 month ago )
Last submission 2019-01-01 15:24:48 UTC ( 4 months, 3 weeks ago )
File names kpm.exe
kpm_v9.0.1.947.exe
Setup
kpm.exe
kpm.exe
kpm.exe
kpm.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.