× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6d286e0adb4e03b9a62c456a81168937f60acd0b7f9cd0d659f6b541e356abee
File name: zbetcheckin_tracker_312555as.exe
Detection ratio: 37 / 68
Analysis date: 2018-11-16 20:44:27 UTC ( 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40756496 20181116
AhnLab-V3 Trojan/Win32.Skeeyah.R244952 20181116
ALYac Spyware.Ursnif 20181116
Arcabit Trojan.Generic.D26DE510 20181116
Avast Win32:DangerousSig [Trj] 20181116
AVG Win32:DangerousSig [Trj] 20181116
Avira (no cloud) TR/Kryptik.ieokv 20181116
BitDefender Trojan.GenericKD.40756496 20181116
CrowdStrike Falcon (ML) malicious_confidence_70% (D) 20181022
Cylance Unsafe 20181116
Cyren W32/Trojan.XLSF-3441 20181116
DrWeb Trojan.Gozi.363 20181116
Emsisoft Trojan.GenericKD.40756496 (B) 20181116
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/GenKryptik.CQXB 20181116
F-Secure Trojan.GenericKD.40756496 20181116
Fortinet W32/GenKryptik.CQXB!tr 20181116
GData Trojan.GenericKD.40756496 20181116
Ikarus Trojan.Win32.Krypt 20181116
Sophos ML heuristic 20181108
K7AntiVirus Trojan ( 005410741 ) 20181116
K7GW Trojan ( 005410741 ) 20181116
Kaspersky Trojan-Spy.Win32.Ursnif.aepc 20181116
McAfee Artemis!2B52D984D486 20181116
McAfee-GW-Edition Artemis!Trojan 20181116
Microsoft Trojan:Win32/Tiggre!plock 20181116
eScan Trojan.GenericKD.40756496 20181116
NANO-Antivirus Trojan.Win32.Ursnif.fkesyg 20181116
Panda Trj/CI.A 20181116
Qihoo-360 Win32/Trojan.Spy.fd1 20181116
Rising Backdoor.Vawtrak!8.11D (CLOUD) 20181116
Sophos AV Mal/Generic-S 20181116
Symantec Trojan.Gen.2 20181116
TrendMicro-HouseCall TROJ_GEN.R05FH0CKF18 20181116
VBA32 BScope.TrojanSpy.Ursnif 20181116
Webroot W32.Trojan.GenKD 20181116
ZoneAlarm by Check Point Trojan-Spy.Win32.Ursnif.aepc 20181116
AegisLab 20181116
Alibaba 20180921
Antiy-AVL 20181116
Avast-Mobile 20181116
Babable 20180918
Baidu 20181116
Bkav 20181116
CAT-QuickHeal 20181116
ClamAV 20181116
CMC 20181116
Cybereason 20180225
eGambit 20181116
F-Prot 20181116
Jiangmin 20181116
Kingsoft 20181116
Malwarebytes 20181116
MAX 20181116
Palo Alto Networks (Known Signatures) 20181116
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181114
Symantec Mobile Insight 20181108
TACHYON 20181116
Tencent 20181116
TheHacker 20181113
TotalDefense 20181116
TrendMicro 20181116
Trustlook 20181116
VIPRE 20181116
ViRobot 20181116
Yandex 20181115
Zillya 20181116
Zoner 20181116
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright 2016 The Apache Software Foundation.

Product Apache HTTP Server
Original name httpd.exe
Internal name httpd.exe
File version 2.4.25
Description Apache HTTP Server
Comments Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Signature verification A certificate was explicitly revoked by its issuer.
Signing date 7:11 AM 11/13/2018
Signers
[+] Victino Limited
Status Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer COMODO RSA Code Signing CA
Valid from 11:00 PM 10/11/2018
Valid to 10:59 PM 10/12/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 91EF650EC8CB480635B49C4D23506340406A242F
Serial number 00 96 75 F5 27 A4 98 31 DF 36 0C B4 CB 13 6F CF 98
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 11:00 PM 05/08/2013
Valid to 10:59 PM 05/08/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 01/19/2010
Valid to 11:59 PM 01/18/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] DigiCert Timestamp Responder
Status Valid
Issuer DigiCert Assured ID CA-1
Valid from 11:00 PM 10/21/2014
Valid to 11:00 PM 10/21/2024
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 614D271D9102E30169822487FDE5DE00A352B01D
Serial number 03 01 9A 02 3A FF 58 B1 6B D6 D5 EA E6 17 F0 66
[+] DigiCert Assured ID CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 12:00 AM 11/10/2006
Valid to 12:00 AM 11/10/2021
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing
Algorithm sha1RSA
Thumbrint 19A09B5A36F4DD99727DF783C17A51231A56C117
Serial number 06 FD F9 03 96 03 AD EA 00 0A EB 3F 27 BB BA 1B
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 12:00 AM 11/10/2006
Valid to 12:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbrint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2074-08-02 17:36:38
Entry Point 0x00002430
Number of sections 6
PE sections
Overlays
MD5 9daee6e60c3c105e932de69d4d0ae1c4
File type data
Offset 311296
Size 7552
Entropy 7.24
PE imports
SetSecurityDescriptorOwner
CryptEnumProviderTypesW
RegQueryInfoKeyW
JetTerm2
GetCharWidthFloatA
GetModuleHandleW
DsBindWithCredW
PathRemoveExtensionA
CreateWindowStationA
ToAscii
SetClipboardViewer
midiInStart
Number of PE resources by type
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
290816

ImageVersion
0.0

ProductName
Apache HTTP Server

FileVersionNumber
2.4.25.0

UninitializedDataSize
4294905856

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
httpd.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.4.25

TimeStamp
2074:08:02 19:36:38+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
httpd.exe

ProductVersion
2.4.25

FileDescription
Apache HTTP Server

OSVersion
5.0

FileOS
Win32

LegalCopyright
Copyright 2016 The Apache Software Foundation.

MachineType
Intel 386 or later, and compatibles

CompanyName
Apache Software Foundation

CodeSize
20480

FileSubtype
0

ProductVersionNumber
2.4.25.0

DistributedBy
The Apache Haus

EntryPoint
0x2430

ObjectFileType
Executable application

Execution parents
File identification
MD5 2b52d984d4863db4bfc4901c2d82c54c
SHA1 1c9947bb4e48c2afa5f02ce7c59539531a993959
SHA256 6d286e0adb4e03b9a62c456a81168937f60acd0b7f9cd0d659f6b541e356abee
ssdeep
1536:glhc9MLyRR5AB4yxIAGWVV9+PmW49KBEPgjC+EhqIHkC5oi7E:glh2MGRQB4qIWokRHkCG

authentihash 9cdc2c63526d19b572acf9375967dd7b15ee3c29c4d5bcf1deb0287730aff049
imphash 99c3bb22296edaa6606a5feb0290d47b
File size 311.4 KB ( 318848 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
revoked-cert peexe signed overlay

VirusTotal metadata
First submission 2018-11-13 16:22:00 UTC ( 3 months ago )
Last submission 2018-12-29 12:37:33 UTC ( 1 month, 2 weeks ago )
File names output.114519064.txt
zbetcheckin_tracker_312555as.exe
release_665.exe
812321.exe
peanoroll.exe
output.114503278.txt
httpd.exe
output.114507833.txt
312555as.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.