× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6f01a50a5b8b0fdf009b1d9e32808b78e8111877932ac2fef8d748f82fe3a8aa
File name: 406020
Detection ratio: 0 / 54
Analysis date: 2016-02-09 06:27:08 UTC ( 3 years, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware 20160209
AegisLab 20160209
Yandex 20160206
AhnLab-V3 20160208
Alibaba 20160204
Antiy-AVL 20160209
Arcabit 20160209
Avast 20160209
AVG 20160209
Avira (no cloud) 20160209
Baidu-International 20160208
BitDefender 20160209
Bkav 20160204
ByteHero 20160209
CAT-QuickHeal 20160208
ClamAV 20160208
CMC 20160205
Comodo 20160209
Cyren 20160209
DrWeb 20160209
Emsisoft 20160209
ESET-NOD32 20160209
F-Prot 20160129
F-Secure 20160209
Fortinet 20160209
GData 20160209
Ikarus 20160209
Jiangmin 20160209
K7AntiVirus 20160208
K7GW 20160209
Kaspersky 20160209
Malwarebytes 20160208
McAfee 20160209
McAfee-GW-Edition 20160209
Microsoft 20160209
eScan 20160209
NANO-Antivirus 20160209
nProtect 20160205
Panda 20160208
Qihoo-360 20160209
Rising 20160208
Sophos AV 20160209
SUPERAntiSpyware 20160209
Symantec 20160208
Tencent 20160209
TheHacker 20160208
TotalDefense 20160208
TrendMicro 20160209
TrendMicro-HouseCall 20160209
VBA32 20160208
VIPRE 20160209
ViRobot 20160209
Zillya 20160208
Zoner 20160209
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
PC Shareware, Inc.

Description What The Bible Says About Installation
Signature verification Signed file, verified signature
Signing date 8:11 PM 9/29/2012
Signers
[+] PC Shareware, Inc.
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer UTN-USERFirst-Object
Valid from 11:00 PM 10/20/2009
Valid to 10:59 PM 10/20/2012
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 2FF22878117D97A585E1808CCABA0D9C08BDAADE
Serial number 00 C7 36 09 7C EC 14 EF D1 7A 59 84 94 FF A7 5F B1
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 05:31 PM 07/09/1999
Valid to 05:40 PM 07/09/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbprint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
Counter signers
[+] Symantec Time Stamping Services Signer - G3
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 11:00 PM 04/30/2012
Valid to 11:59 PM 12/31/2012
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 8FD99D63FB3AFBD534A4F6E31DACD27F59504021
Serial number 79 A2 A5 85 F9 D1 15 42 13 D9 B8 3E F6 B6 8D ED
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 12:00 AM 12/04/2003
Valid to 11:59 PM 12/03/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 01/01/1997
Valid to 11:59 PM 12/31/2020
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT Unicode, nameless, appended, ZIP, embedded
PEiD Wise Installer Stub
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1999-04-08 20:24:47
Entry Point 0x00001000
Number of sections 4
PE sections
Overlays
MD5 b08b29bc1046bddd5e796a37b115904f
File type data
Offset 2649088
Size 4152
Entropy 7.27
PE imports
GetTempPathA
CreateProcessA
MapViewOfFile
UnmapViewOfFile
WaitForSingleObject
DeleteFileA
WriteFile
CloseHandle
GetTempFileNameA
CreateFileMappingA
CreateFileA
GetCommandLineA
GetModuleFileNameA
GetShortPathNameA
wsprintfA
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_RCDATA 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
What The Bible Says About Installation

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
2648064

EntryPoint
0x1000

MIMEType
application/octet-stream

Subsystem
Windows GUI

TimeStamp
1999:04:08 22:24:47+02:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows 16-bit

LegalCopyright
PC Shareware, Inc.

MachineType
Intel 386 or later, and compatibles

CompanyName
PC Shareware, Inc.

CodeSize
512

FileSubtype
0

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 df40f8566f536b24567d91ea1f78a187
SHA1 5674f24baf29a4e882be4a6a7b623de0e65e1c32
SHA256 6f01a50a5b8b0fdf009b1d9e32808b78e8111877932ac2fef8d748f82fe3a8aa
ssdeep
49152:rhoGQouXn22qBg7RHdo70Fvc2y4wx7d6Heb5lkzBLLJBqo9p+scMr8Vf:d7QouXnoBoR9o70Fkvx56H2/kzB/n8T/

authentihash 76491e9d1c09a97b861379c910bb3136deb758ded372623fea10cf6affb033a7
imphash 81638d02019c0bfcaaf23a9c69f2f12c
File size 2.5 MB ( 2653240 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Wise Installer executable (91.3%)
Win64 Executable (generic) (5.3%)
Win32 Dynamic Link Library (generic) (1.2%)
Win32 Executable (generic) (0.8%)
OS/2 Executable (generic) (0.3%)
Tags
peexe wise signed overlay

VirusTotal metadata
First submission 2012-10-04 01:43:00 UTC ( 6 years, 7 months ago )
Last submission 2018-06-13 21:47:13 UTC ( 11 months, 1 week ago )
File names c7656099880f9af1349f7cb829c9908b10563c84
biblesay10.exe
1351075562-biblesay2.exe
biblesay2.exe
6F01A50A5B8B0FDF009B1D9E32808B78E8111877932AC2FEF8D748F82FE3A8AA
biblesay10.exe
406020
6f01a50a5b8b0fdf009b1d9e32808b78e8111877932ac2fef8d748f82fe3a8aa
biblesay2.exe
df40f8566f536b24567d91ea1f78a187.5674f24baf29a4e882be4a6a7b623de0e65e1c32
output.37643431.txt
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Runtime DLLs
UDP communications