× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 723be27746efd81f8f0807bdfb670d1904f928cfd6a79ab9efa6ffe711de7408
File name: spf5.exe
Detection ratio: 0 / 69
Analysis date: 2019-02-09 00:00:06 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
Acronis 20190208
Ad-Aware 20190208
AegisLab 20190208
AhnLab-V3 20190208
Alibaba 20180921
ALYac 20190208
Antiy-AVL 20190208
Arcabit 20190208
Avast 20190208
Avast-Mobile 20190208
AVG 20190208
Avira (no cloud) 20190208
Babable 20180918
Baidu 20190202
BitDefender 20190208
Bkav 20190201
CAT-QuickHeal 20190208
ClamAV 20190208
CMC 20190208
Comodo 20190208
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cyren 20190208
DrWeb 20190208
eGambit 20190209
Emsisoft 20190208
Endgame 20181108
ESET-NOD32 20190209
F-Prot 20190208
F-Secure 20190209
Fortinet 20190209
GData 20190209
Ikarus 20190208
Sophos ML 20181128
Jiangmin 20190208
K7AntiVirus 20190208
K7GW 20190208
Kaspersky 20190208
Kingsoft 20190209
Malwarebytes 20190209
MAX 20190209
McAfee 20190209
McAfee-GW-Edition 20190208
Microsoft 20190209
eScan 20190208
NANO-Antivirus 20190209
Palo Alto Networks (Known Signatures) 20190209
Panda 20190208
Qihoo-360 20190209
Rising 20190208
SentinelOne (Static ML) 20190203
Sophos AV 20190208
SUPERAntiSpyware 20190206
Symantec 20190209
Symantec Mobile Insight 20190207
TACHYON 20190208
Tencent 20190209
TheHacker 20190203
TotalDefense 20190206
Trapmine 20190123
TrendMicro 20190209
TrendMicro-HouseCall 20190208
Trustlook 20190209
VBA32 20190208
ViRobot 20190208
Webroot 20190209
Yandex 20190208
Zillya 20190208
ZoneAlarm by Check Point 20190208
Zoner 20190209
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Sygate Technologies, Inc.

File version 5.6.2808
Description Sygate Personal Firewall
Signature verification Signed file, verified signature
Signing date 3:44 AM 10/16/2004
Signers
[+] Sygate Technologies, Inc.
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Class 3 Code Signing 2001 CA
Valid from 11:00 PM 07/01/2004
Valid to 10:59 PM 07/10/2005
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint D3AB7E7A7F17D2A724B894E2A8F6C81A40D9E589
Serial number 2B 7B 1D 7E 42 AF BF 6F E5 A8 32 EA CB DC 9D FA
[+] VeriSign Class 3 Code Signing 2001 CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Class 3 Public Primary Certification Authority
Valid from 12:00 AM 12/03/2001
Valid to 11:59 PM 12/02/2011
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 492DF2FDB6E8BDC799DC84E7513A3CDE31B8698A
Serial number 6D A2 7A E9 29 2E B6 DD C0 A8 00 1D 47 6E 3B 69
[+] VeriSign Class 3 Public Primary CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 12:00 AM 01/29/1996
Valid to 10:59 PM 08/01/2028
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm md2RSA
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
Counter signers
[+] VeriSign Time Stamping Services Signer
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 12:00 AM 12/04/2003
Valid to 11:59 PM 12/03/2008
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 817E78267300CB0FE5D631357851DB366123A690
Serial number 0D E9 2B F0 D4 D8 29 88 18 32 05 09 5E 9A 76 88
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 12:00 AM 12/04/2003
Valid to 11:59 PM 12/03/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 01/01/1997
Valid to 11:59 PM 12/31/2020
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-05-23 20:35:44
Entry Point 0x00002968
Number of sections 5
PE sections
Overlays
MD5 ea3b318b83c57a85721ea9a1d697064e
File type data
Offset 9223168
Size 5272
Entropy 7.20
PE imports
CloseServiceHandle
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegSetValueExA
RegQueryValueA
RegQueryValueExA
AdjustTokenPrivileges
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
OpenSCManagerA
GetDeviceCaps
DosDateTimeToFileTime
GetUserDefaultLangID
lstrlenA
lstrcmpiA
GlobalFree
WaitForSingleObject
GetPrivateProfileIntA
FreeLibrary
ExitProcess
SetFileTime
GlobalUnlock
GetVersionExA
LoadLibraryA
GetModuleFileNameA
GetCurrentProcess
_lwrite
SizeofResource
GetPrivateProfileStringA
lstrcatA
LockResource
CreateDirectoryA
DeleteFileA
SetErrorMode
_llseek
GetCommandLineA
GlobalLock
_lread
GetFileTime
_lcreat
GetTempPathA
GetProcAddress
GetModuleHandleA
lstrcmpA
lstrcpyA
_lopen
_lclose
CloseHandle
GetTempFileNameA
GetSystemDirectoryA
ExpandEnvironmentStringsA
FreeResource
GetExitCodeProcess
LoadResource
GlobalAlloc
LocalFileTimeToFileTime
Sleep
CreateFileA
FindResourceA
SetCurrentDirectoryA
ShellExecuteExA
wsprintfA
SetTimer
SetWindowTextA
LoadStringA
DispatchMessageA
EnableWindow
EndDialog
CharNextA
GetDlgItemTextA
SendMessageA
MessageBoxA
PeekMessageA
GetDlgItem
CreateDialogParamA
TranslateMessage
DialogBoxParamA
ShowWindow
ExitWindowsEx
GetDC
DestroyWindow
setsockopt
socket
gethostbyname
recv
send
WSAAsyncSelect
WSAStartup
WSACleanup
ioctlsocket
connect
shutdown
htons
closesocket
WSAGetLastError
PE exports
Number of PE resources by type
RT_DIALOG 3
RT_ICON 1
RT_STRING 1
AVI 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 8
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
4.0

FileVersionNumber
5.6.2808.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Sygate Personal Firewall

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
9268224

EntryPoint
0x2968

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
5.6.2808

TimeStamp
2002:05:23 22:35:44+02:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows 16-bit

LegalCopyright
Sygate Technologies, Inc.

MachineType
Intel 386 or later, and compatibles

CompanyName
Sygate Technologies, Inc.

CodeSize
19456

FileSubtype
0

ProductVersionNumber
5.6.2808.0

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
Compressed bundles
File identification
MD5 7c420b5be50635f3a2f73cf8e5c490c5
SHA1 0736bcd08c8f9378b8cd8b907a9bd350db991fe9
SHA256 723be27746efd81f8f0807bdfb670d1904f928cfd6a79ab9efa6ffe711de7408
ssdeep
196608:9mVf72alA1oMuWr45hrr2IqwPqAIQfAUx8Q/jwBU2S:w7xueJWGhrr2I/PeCxRjFZ

authentihash 061b6b14dbb0d29ddfa6e14abdd170d025b71f31b4e8d4953df5ab14985d257b
imphash 522ef498e59f40cf227e8201c43746f1
File size 8.8 MB ( 9228440 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Microsoft Update - Self Extracting Cabinet (69.7%)
Win32 EXE PECompact compressed (generic) (8.5%)
Win32 Executable MS Visual C++ (generic) (6.4%)
Win64 Executable (generic) (5.6%)
Microsoft Visual C++ compiled executable (generic) (3.3%)
Tags
peexe via-tor overlay signed software-collection

VirusTotal metadata
First submission 2007-07-15 23:06:56 UTC ( 11 years, 8 months ago )
Last submission 2019-01-27 20:56:52 UTC ( 1 month, 2 weeks ago )
File names spf5.exe
Sygate Personal Firewall 5.6.2808.exe
sygate-personal-firewall.exe
spf.exe
spf5.6.exe
Sygate Personal Firewall - sygate562808.exe
Sygate_personal_Firewall_5.6.2808
file
Sygate Personal Firewall.exe
spf.exe
Firewall Sygate Personal 5.6.2808.exe
sygate.exe
spf5.exe
spfجدار الحماية سايقت فاير ول.exe
test.exe
sygate personal firewall.exe
Sygate_Personal_Firewall.exe
spf_sigatefirewall_.exe
sygate-personal-firewall-159-jetelecharge.exe
sygatepf.exe
file-3238877_exe
SYGATE56.EXE
sygate562808-setup.exe
sygatefirewall.exe
spf_freeware.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!