× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6abf4544f60ac6117706727c241b97924e0c474f505838d0eb0491fc62b673cd
File name: F924CEC68BE776E41726EE765F469D50
Detection ratio: 19 / 56
Analysis date: 2016-04-20 12:09:20 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Generic.16157108 20160420
AegisLab Troj.Generic!c 20160420
ALYac Trojan.Generic.16157108 20160420
Arcabit Trojan.Generic.DF689B4 20160420
Avast Win32:Malware-gen 20160420
BitDefender Trojan.Generic.16157108 20160420
Emsisoft Trojan.Generic.16157108 (B) 20160420
F-Secure Trojan.Generic.16157108 20160420
Fortinet W32/POSStealer!tr 20160420
GData Trojan.Generic.16157108 20160420
McAfee RDN/Generic.hbg 20160420
McAfee-GW-Edition RDN/Generic.hbg 20160420
eScan Trojan.Generic.16157108 20160420
nProtect Trojan.Generic.16157108 20160420
Panda Trj/GdSda.A 20160419
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20160420
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20160420
Symantec Infostealer 20160420
ViRobot Worm.Win32.A.WBNA.123392[h] 20160420
AhnLab-V3 20160419
Alibaba 20160420
Antiy-AVL 20160420
AVG 20160420
AVware 20160420
Baidu 20160420
Baidu-International 20160420
Bkav 20160419
CAT-QuickHeal 20160420
ClamAV 20160420
CMC 20160415
Comodo 20160420
Cyren 20160420
DrWeb 20160420
ESET-NOD32 20160420
F-Prot 20160420
Ikarus 20160420
Jiangmin 20160420
K7AntiVirus 20160420
K7GW 20160420
Kaspersky 20160420
Kingsoft 20160420
Malwarebytes 20160420
Microsoft 20160420
NANO-Antivirus 20160420
Sophos AV 20160420
SUPERAntiSpyware 20160420
Tencent 20160420
TheHacker 20160419
TotalDefense 20160420
TrendMicro 20160420
TrendMicro-HouseCall 20160420
VBA32 20160420
VIPRE 20160420
Yandex 20160419
Zillya 20160420
Zoner 20160420
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification A certificate was explicitly revoked by its issuer.
Signers
[+] AMO-K Limited Liability Company
Status This certificate or one of the certificates in the certificate chain is not time valid., Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer COMODO RSA Code Signing CA
Valid from 1:00 AM 10/14/2015
Valid to 12:59 AM 7/29/2016
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 8A1BCF92EA961B8BC8817B0630F34607CCB5BFF2
Serial number 00 D0 8D 83 FF 11 8D F3 77 7E 37 1C 5C 48 2C CE 7B
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 5/9/2013
Valid to 12:59 AM 5/9/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 1/19/2010
Valid to 12:59 AM 1/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-10-26 07:37:00
Entry Point 0x00007905
Number of sections 5
PE sections
Overlays
MD5 45513ec57d6048ab1f490a196d8fb40b
File type raw G3 data
Offset 118272
Size 5120
Entropy 7.54
PE imports
CryptDestroyKey
CloseServiceHandle
ChangeServiceConfig2W
RegCloseKey
StartServiceW
OpenProcessToken
SetServiceStatus
CryptReleaseContext
RegQueryValueExA
OpenSCManagerW
CryptEncrypt
CryptAcquireContextW
AdjustTokenPrivileges
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
LookupPrivilegeValueW
CryptImportKey
RegOpenKeyExA
CreateServiceW
DnsFree
DnsQuery_A
GetAdaptersInfo
CreateToolhelp32Snapshot
HeapSize
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
CopyFileW
EnterCriticalSection
LCMapStringW
GetModuleFileNameW
WaitForSingleObject
SetEvent
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
GetStdHandle
Process32NextW
GetCommandLineA
DeleteCriticalSection
GetCurrentProcess
GetFileType
GetConsoleMode
SetThreadPriority
GetCurrentProcessId
OpenProcess
UnhandledExceptionFilter
IsValidCodePage
LoadLibraryExW
GetVolumeInformationW
TlsGetValue
MultiByteToWideChar
GetStartupInfoW
SetFilePointerEx
ReadProcessMemory
GetCPInfo
DeleteFileW
GetProcAddress
Process32FirstW
GetProcessHeap
SetStdHandle
RaiseException
CreateThread
LoadLibraryW
TlsFree
FreeEnvironmentStringsW
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
WriteFile
DecodePointer
CloseHandle
IsProcessorFeaturePresent
GetComputerNameA
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
GetOEMCP
TerminateProcess
GetConsoleCP
CreateEventW
WideCharToMultiByte
GetModuleHandleExW
InitializeCriticalSection
OutputDebugStringW
CreateFileW
VirtualQueryEx
InterlockedDecrement
Sleep
SetLastError
TlsSetValue
EncodePointer
GetCurrentThreadId
InterlockedIncrement
ExitProcess
WriteConsoleW
LeaveCriticalSection
ShellExecuteW
StrCmpW
CharLowerW
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:10:26 08:37:00+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
64512

LinkerVersion
11.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x7905

InitializedDataSize
60928

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 f924cec68be776e41726ee765f469d50
SHA1 f7125695a1c59970b7557362c67f81d93d871373
SHA256 6abf4544f60ac6117706727c241b97924e0c474f505838d0eb0491fc62b673cd
ssdeep
1536:y6YuwtuonMvaxUG/6yhGoTmqtWitFjPp+AceiSsWjcdLtup02gx4diJ:BPwtuonMiUGyyhEK7tJB+UULtuplgx4C

authentihash 990cd82692bd855319a72cc00ea31971824b48e775ca3112b8c281f7ea15a9b0
imphash daae8ecf287c7b5821cd49124f1a92f1
File size 120.5 KB ( 123392 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
revoked-cert peexe signed overlay

VirusTotal metadata
First submission 2016-02-13 23:42:12 UTC ( 3 years, 3 months ago )
Last submission 2018-02-12 16:36:52 UTC ( 1 year, 3 months ago )
File names F924CEC68BE776E41726EE765F469D50.virus
f924cec68be776e41726ee765f469d50
2016-05-24_6abf4544f60ac6117706727c241b97924e0c474f505838d0eb0491fc62b673cd
F924CEC68BE776E41726EE765F469D50
wme.exe
F924CEC68BE776E41726EE765F469D50.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
UDP communications