× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 67b9d3017cdf669622f31f0d2cf4405d2619a1d355dff4621a4a518b9e046c08
File name: 607146
Detection ratio: 2 / 57
Analysis date: 2016-04-28 00:46:08 UTC ( 2 years, 9 months ago ) View latest
Antivirus Result Update
Rising Malware.RDM.06!5.C 20160427
Zillya Adware.DomaIQ.Win32.1954 20160427
Ad-Aware 20160428
AegisLab 20160427
AhnLab-V3 20160427
Alibaba 20160427
ALYac 20160427
Antiy-AVL 20160428
Arcabit 20160428
Avast 20160428
AVG 20160428
Avira (no cloud) 20160428
AVware 20160428
Baidu 20160427
Baidu-International 20160427
BitDefender 20160428
Bkav 20160427
CAT-QuickHeal 20160427
ClamAV 20160427
CMC 20160425
Comodo 20160428
Cyren 20160428
DrWeb 20160427
Emsisoft 20160427
ESET-NOD32 20160427
F-Prot 20160427
F-Secure 20160427
Fortinet 20160427
GData 20160427
Ikarus 20160427
Jiangmin 20160427
K7AntiVirus 20160427
K7GW 20160427
Kaspersky 20160427
Kingsoft 20160428
Malwarebytes 20160427
McAfee 20160427
McAfee-GW-Edition 20160427
Microsoft 20160427
eScan 20160427
NANO-Antivirus 20160427
nProtect 20160427
Panda 20160427
Qihoo-360 20160428
Sophos AV 20160427
SUPERAntiSpyware 20160427
Symantec 20160428
Tencent 20160428
TheHacker 20160426
TotalDefense 20160426
TrendMicro 20160428
TrendMicro-HouseCall 20160428
VBA32 20160427
VIPRE 20160428
ViRobot 20160428
Yandex 20160427
Zoner 20160427
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2014 Art Plus Inc., Zagreb, Croatia

File version 6.2.9.650
Description ArtPlus ePix - Wallpaper Calendar Install
Signature verification Signed file, verified signature
Signing date 1:25 PM 12/19/2014
Signers
[+] ART PLUS D.O.O.
Status This certificate or one of the certificates in the certificate chain is not time valid., Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer COMODO Code Signing CA 2
Valid from 12:00 AM 07/18/2014
Valid to 11:59 PM 07/17/2016
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint F1D711A74C16A1357C22FCF2D601A427FA9FB535
Serial number 02 6E 9F 82 0E 8F EE 94 0C 07 68 BD AA 6C 2B 50
[+] COMODO Code Signing CA 2
Status Valid
Issuer UTN-USERFirst-Object
Valid from 12:00 AM 08/24/2011
Valid to 10:48 AM 05/30/2020
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint B64771392538D1EB7A9281998791C14AFD0C5035
Serial number 10 70 9D 4F F5 54 08 D7 30 60 01 D8 EA 91 75 BB
[+] UTN-USERFirst-Object
Status Valid
Issuer AddTrust External CA Root
Valid from 08:09 AM 06/07/2005
Valid to 10:48 AM 05/30/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] The USERTrust Network™
Status Valid
Issuer AddTrust External CA Root
Valid from 10:48 AM 05/30/2000
Valid to 10:48 AM 05/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbprint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
Counter signers
[+] COMODO Time Stamping Signer
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer UTN-USERFirst-Object
Valid from 12:00 AM 05/10/2010
Valid to 11:59 PM 05/10/2015
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 3DBB6DB5085C6DD5A1CA7F9CF84ECB1A3910CAC8
Serial number 47 8A 8E FB 59 E1 D8 3F 0C E1 42 D2 A2 87 07 BE
[+] UTN-USERFirst-Object
Status Valid
Issuer AddTrust External CA Root
Valid from 08:09 AM 06/07/2005
Valid to 10:48 AM 05/30/2020
Valid usage All
Algorithm sha1RSA
Thumbrint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] The USERTrust Network™
Status Valid
Issuer AddTrust External CA Root
Valid from 10:48 AM 05/30/2000
Valid to 10:48 AM 05/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbrint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
Packers identified
PEiD BobSoft Mini Delphi -> BoB / BobSoft
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x000EF054
Number of sections 8
PE sections
Overlays
MD5 179e78464705e9387c7a3869ec21ccfe
File type data
Offset 1169920
Size 9593320
Entropy 8.00
PE imports
RegDeleteKeyA
RegFlushKey
RegCloseKey
GetUserNameA
RegQueryValueExA
RegSetValueExA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
RegEnumKeyExA
RegQueryInfoKeyA
ImageList_BeginDrag
ImageList_SetBkColor
InitCommonControls
ImageList_SetDragCursorImage
ImageList_Read
ImageList_GetDragImage
ImageList_Create
ImageList_DragMove
ImageList_DrawEx
ImageList_SetIconSize
ImageList_Write
ImageList_GetImageCount
ImageList_Destroy
ImageList_Draw
ImageList_GetIconSize
ImageList_DragLeave
ImageList_GetBkColor
ImageList_ReplaceIcon
ImageList_DragEnter
ImageList_Add
ImageList_DragShowNolock
ImageList_Remove
ImageList_EndDrag
GetOpenFileNameA
FindTextA
GetBrushOrgEx
GetDIBColorTable
DeleteEnhMetaFile
SetMapMode
GetWindowOrgEx
PatBlt
GetClipBox
GetCurrentPositionEx
SaveDC
ResizePalette
GdiFlush
GetTextMetricsA
MaskBlt
CreateBrushIndirect
SetStretchBltMode
GetEnhMetaFilePaletteEntries
GetPixel
Rectangle
BitBlt
GetObjectA
ExcludeClipRect
LineTo
DeleteDC
RestoreDC
SetBkMode
GetSystemPaletteEntries
SetPixel
EndDoc
CreateSolidBrush
StartPage
SetPaletteEntries
CreateHalftonePalette
CreateDIBSection
CopyEnhMetaFileA
RealizePalette
SetTextColor
GetDeviceCaps
MoveToEx
SetEnhMetaFileBits
IntersectClipRect
SetAbortProc
CreateDCA
CreateBitmap
CreateICA
RectVisible
CreatePalette
GetStockObject
CreateDIBitmap
SetViewportOrgEx
SelectPalette
CreatePenIndirect
ExtTextOutA
UnrealizeObject
GetDIBits
GetEnhMetaFileBits
SetBrushOrgEx
GetDCOrgEx
PlayEnhMetaFile
StretchBlt
StretchDIBits
GetBitmapBits
CreateCompatibleDC
CreateRoundRectRgn
SetROP2
EndPage
CreateFontIndirectA
SelectObject
StartDocA
GetNearestPaletteIndex
GetWinMetaFileBits
SetDIBColorTable
CreateCompatibleBitmap
GetEnhMetaFileHeader
GetPaletteEntries
SetWindowOrgEx
Polyline
DeleteMetaFile
GetTextExtentPointA
SetBkColor
SetWinMetaFileBits
DeleteObject
GetTextExtentPoint32A
EnumFontFamiliesExA
SetThreadLocale
GetStdHandle
FileTimeToDosDateTime
ReleaseMutex
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
GetLocalTime
DeleteCriticalSection
GetLocaleInfoA
LocalAlloc
ExpandEnvironmentStringsA
SetErrorMode
GetFullPathNameA
GetTempPathA
WideCharToMultiByte
InterlockedExchange
WriteFile
GetDiskFreeSpaceA
SetFileAttributesA
SetEvent
LocalFree
MoveFileA
ResumeThread
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
TlsGetValue
FormatMessageA
GetStringTypeExA
GetEnvironmentVariableA
GetUserDefaultLangID
GlobalFindAtomA
ExitProcess
GetModuleFileNameA
EnumCalendarInfoA
LoadLibraryExA
WriteProfileStringA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
WritePrivateProfileSectionA
FindNextChangeNotification
CreateMutexA
GetModuleHandleA
CreateThread
GetExitCodeThread
GlobalAddAtomA
MulDiv
ExitThread
FindCloseChangeNotification
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
SetCurrentDirectoryA
EnterCriticalSection
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetVersionExA
LoadLibraryA
RtlUnwind
GetSystemDirectoryA
GetStartupInfoA
GetDateFormatA
GetFileSize
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetCPInfo
GetProcAddress
GlobalReAlloc
lstrcmpA
FindFirstFileA
lstrcpyA
GetProfileStringA
ResetEvent
GetComputerNameA
FindNextFileA
WaitForMultipleObjects
GlobalLock
WriteProfileSectionA
CreateEventA
CopyFileA
GetFileType
TlsSetValue
CreateFileA
LeaveCriticalSection
GetLastError
DosDateTimeToFileTime
GlobalDeleteAtom
FindFirstChangeNotificationA
GetSystemInfo
lstrlenA
GlobalFree
GetThreadLocale
GlobalUnlock
VirtualQuery
RemoveDirectoryA
GetShortPathNameA
FileTimeToLocalFileTime
SizeofResource
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
SetFileTime
GetCurrentDirectoryA
GetCommandLineA
OpenMutexA
RaiseException
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
GetVersion
FreeResource
CreateProcessA
VirtualFree
Sleep
FindResourceA
VirtualAlloc
CompareStringA
OleUninitialize
CoTaskMemFree
CoInitialize
OleInitialize
StgCreateDocfileOnILockBytes
StringFromCLSID
GetClassFile
CoCreateInstance
CreateBindCtx
CoUninitialize
OleSetMenuDescriptor
OleGetIconOfClass
CreateILockBytesOnHGlobal
CoTaskMemAlloc
VariantChangeType
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayPtrOfIndex
SysAllocStringLen
SafeArrayUnaccessData
VariantClear
SafeArrayCreate
SysReAllocStringLen
SafeArrayGetUBound
VariantCopy
GetErrorInfo
SysFreeString
SafeArrayPutElement
VariantInit
OleUIObjectPropertiesA
SHGetFileInfoA
ShellExecuteExA
DragFinish
DragAcceptFiles
SHGetDesktopFolder
SHGetSpecialFolderPathA
SHChangeNotify
SHGetSpecialFolderLocation
DragQueryFileA
SHGetMalloc
ShellExecuteA
RedrawWindow
GetMessagePos
EnableScrollBar
DestroyMenu
PostQuitMessage
GetForegroundWindow
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
SetMenuItemInfoA
CharUpperBuffA
WindowFromPoint
DrawIcon
SetActiveWindow
GetMenuItemID
GetCursorPos
ReleaseDC
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
CharLowerBuffA
SetScrollPos
CallNextHookEx
GetKeyboardState
ClientToScreen
GetTopWindow
ShowCursor
MsgWaitForMultipleObjects
ScrollWindow
GetWindowTextA
GetKeyState
PtInRect
DrawEdge
GetParent
UpdateWindow
SetPropA
EqualRect
EnumWindows
DefMDIChildProcA
ShowWindow
SetClassLongA
GetPropA
GetDesktopWindow
TranslateMDISysAccel
EnableWindow
SetWindowPlacement
PeekMessageA
ChildWindowFromPoint
GetClipboardData
TranslateMessage
IsWindowEnabled
GetWindow
ActivateKeyboardLayout
InsertMenuItemA
CreatePopupMenu
GetIconInfo
LoadStringA
SetParent
CharLowerA
IsZoomed
GetWindowPlacement
GetKeyboardLayoutList
DrawMenuBar
IsIconic
RegisterClassA
GetMenuItemCount
GetWindowLongA
SetTimer
OemToCharA
GetActiveWindow
ShowOwnedPopups
FillRect
EnumThreadWindows
CharNextA
WaitForInputIdle
GetSysColorBrush
CreateMenu
GetUpdateRect
DestroyWindow
IsChild
IsDialogMessageA
SetFocus
MapVirtualKeyA
SetCapture
BeginPaint
OffsetRect
GetScrollPos
KillTimer
RegisterWindowMessageA
DefWindowProcA
DrawFocusRect
MapWindowPoints
GetSystemMetrics
EnableMenuItem
SetScrollRange
GetWindowRect
InflateRect
PostMessageA
ReleaseCapture
GetScrollRange
SetWindowLongA
RemovePropA
SetWindowTextA
CheckMenuItem
GetSubMenu
GetLastActivePopup
DrawIconEx
CreateWindowExA
GetDlgItem
BringWindowToTop
ScreenToClient
InsertMenuA
LoadCursorA
LoadIconA
TrackPopupMenu
SetWindowsHookExA
GetMenuStringA
DestroyAcceleratorTable
GetMenuState
GetKeyboardLayout
GetSystemMenu
GetDC
SetForegroundWindow
CharToOemA
DrawTextA
IntersectRect
GetScrollInfo
GetCapture
WaitMessage
FindWindowA
RemoveMenu
GetWindowThreadProcessId
ShowScrollBar
DrawFrameControl
UnhookWindowsHookEx
RegisterClipboardFormatA
CallWindowProcA
MessageBoxA
GetClassNameA
GetWindowDC
DestroyCursor
AdjustWindowRectEx
LoadKeyboardLayoutA
GetSysColor
SetScrollInfo
GetMenuItemInfoA
SystemParametersInfoA
DestroyIcon
GetKeyNameTextA
IsWindowVisible
GetDCEx
WinHelpA
FrameRect
SetRect
DeleteMenu
InvalidateRect
DefFrameProcA
SendMessageTimeoutA
CreateAcceleratorTableA
CreateIcon
IsRectEmpty
GetCursor
GetFocus
GetKeyboardType
SetMenu
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
EnumPrintersA
OpenPrinterA
DocumentPropertiesA
ClosePrinter
Number of PE resources by type
RT_STRING 26
RT_BITMAP 15
RT_GROUP_CURSOR 10
RT_RCDATA 10
RT_CURSOR 10
RT_ICON 2
RT_DIALOG 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 62
SERBIAN DEFAULT 14
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
2.25

ImageVersion
0.0

FileVersionNumber
6.2.9.650

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
ArtPlus ePix - Wallpaper Calendar Install

ImageFileCharacteristics
Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Windows, Latin1

InitializedDataSize
193536

EntryPoint
0xef054

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.2.9.650

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
6.2

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright 2014 Art Plus Inc., Zagreb, Croatia

MachineType
Intel 386 or later, and compatibles

CompanyName
Art Plus Inc.

CodeSize
975360

FileSubtype
0

ProductVersionNumber
6.2.9.650

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 c160cf6d52a474b98002c6a120d77234
SHA1 53bde3e2d1da9a2b21b40314eeb801ae440c8cd5
SHA256 67b9d3017cdf669622f31f0d2cf4405d2619a1d355dff4621a4a518b9e046c08
ssdeep
196608:hcPIkk71w0jerngfSyquTRzKH3gK2yd960pPcaOTwrbUio7wlr:hcwh7KeerngfSCnyyFTwPW8r

authentihash c6695b18e40116c71fab374a7a2f09479c1dd44f79b1ba0dcefe4cb4eb6d3153
imphash d9319517787801c702f1e54951fcc20a
File size 10.3 MB ( 10763240 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (53.9%)
Win32 Executable Delphi generic (17.7%)
DOS Borland compiled Executable (generic) (12.5%)
Win32 Executable (generic) (5.6%)
Win16/32 Executable Delphi generic (2.5%)
Tags
revoked-cert bobsoft peexe signed overlay

VirusTotal metadata
First submission 2015-01-07 14:48:17 UTC ( 4 years, 1 month ago )
Last submission 2016-03-07 02:13:41 UTC ( 2 years, 11 months ago )
File names iepixw.exe
607146
67b9d3017cdf669622f31f0d2cf4405d2619a1d355dff4621a4a518b9e046c08
iepixw.exe
iepixw.exe
iepixw.exe
iepixw.exe
iepixw.exe
iepixw.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V0115.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.