× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 723be27746efd81f8f0807bdfb670d1904f928cfd6a79ab9efa6ffe711de7408
File name: spf.exe
Detection ratio: 0 / 70
Analysis date: 2019-04-20 08:18:03 UTC ( 1 month ago ) View latest
Antivirus Result Update
Acronis 20190419
Ad-Aware 20190420
AegisLab 20190420
AhnLab-V3 20190419
Alibaba 20190401
ALYac 20190420
Arcabit 20190420
Avast 20190420
Avast-Mobile 20190415
AVG 20190420
Avira (no cloud) 20190419
Babable 20180918
Baidu 20190318
BitDefender 20190420
Bkav 20190420
CAT-QuickHeal 20190418
ClamAV 20190419
CMC 20190321
Comodo 20190420
CrowdStrike Falcon (ML) 20190212
Cybereason 20190417
Cylance 20190420
Cyren 20190420
DrWeb 20190420
eGambit 20190420
Emsisoft 20190420
Endgame 20190403
ESET-NOD32 20190420
F-Prot 20190420
F-Secure 20190420
FireEye 20190420
Fortinet 20190420
GData 20190420
Ikarus 20190420
Sophos ML 20190313
Jiangmin 20190420
K7AntiVirus 20190420
K7GW 20190420
Kaspersky 20190420
Kingsoft 20190420
Malwarebytes 20190420
MAX 20190420
MaxSecure 20190419
McAfee 20190420
McAfee-GW-Edition 20190420
Microsoft 20190420
eScan 20190420
NANO-Antivirus 20190420
Palo Alto Networks (Known Signatures) 20190420
Panda 20190419
Qihoo-360 20190420
Rising 20190420
SentinelOne (Static ML) 20190418
Sophos AV 20190420
SUPERAntiSpyware 20190418
Symantec 20190419
Symantec Mobile Insight 20190418
TACHYON 20190420
Tencent 20190420
TheHacker 20190419
TotalDefense 20190416
Trapmine 20190325
TrendMicro-HouseCall 20190420
Trustlook 20190420
VBA32 20190419
ViRobot 20190419
Webroot 20190420
Yandex 20190419
Zillya 20190419
ZoneAlarm by Check Point 20190420
Zoner 20190419
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Sygate Technologies, Inc.

File version 5.6.2808
Description Sygate Personal Firewall
Signature verification Signed file, verified signature
Signing date 4:44 AM 10/16/2004
Signers
[+] Sygate Technologies, Inc.
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Class 3 Code Signing 2001 CA
Valid from 12:00 AM 07/02/2004
Valid to 11:59 PM 07/10/2005
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint D3AB7E7A7F17D2A724B894E2A8F6C81A40D9E589
Serial number 2B 7B 1D 7E 42 AF BF 6F E5 A8 32 EA CB DC 9D FA
[+] VeriSign Class 3 Code Signing 2001 CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Class 3 Public Primary Certification Authority
Valid from 01:00 AM 12/03/2001
Valid to 12:59 AM 12/03/2011
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 492DF2FDB6E8BDC799DC84E7513A3CDE31B8698A
Serial number 6D A2 7A E9 29 2E B6 DD C0 A8 00 1D 47 6E 3B 69
[+] VeriSign Class 3 Public Primary CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 01:00 AM 01/29/1996
Valid to 11:59 PM 08/01/2028
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm md2RSA
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
Counter signers
[+] VeriSign Time Stamping Services Signer
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 01:00 AM 12/04/2003
Valid to 12:59 AM 12/04/2008
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 817E78267300CB0FE5D631357851DB366123A690
Serial number 0D E9 2B F0 D4 D8 29 88 18 32 05 09 5E 9A 76 88
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 01:00 AM 12/04/2003
Valid to 12:59 AM 12/04/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 01:00 AM 01/01/1997
Valid to 12:59 AM 01/01/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-05-23 20:35:44
Entry Point 0x00002968
Number of sections 5
PE sections
Overlays
MD5 ea3b318b83c57a85721ea9a1d697064e
File type data
Offset 9223168
Size 5272
Entropy 7.20
PE imports
CloseServiceHandle
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegSetValueExA
RegQueryValueA
RegQueryValueExA
AdjustTokenPrivileges
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
OpenSCManagerA
GetDeviceCaps
DosDateTimeToFileTime
GetUserDefaultLangID
lstrlenA
lstrcmpiA
GlobalFree
WaitForSingleObject
GetPrivateProfileIntA
FreeLibrary
ExitProcess
SetFileTime
GlobalUnlock
GetVersionExA
LoadLibraryA
GetModuleFileNameA
GetCurrentProcess
_lwrite
SizeofResource
GetPrivateProfileStringA
lstrcatA
LockResource
CreateDirectoryA
DeleteFileA
SetErrorMode
_llseek
GetCommandLineA
GlobalLock
_lread
GetFileTime
_lcreat
GetTempPathA
GetProcAddress
GetModuleHandleA
lstrcmpA
lstrcpyA
_lopen
_lclose
CloseHandle
GetTempFileNameA
GetSystemDirectoryA
ExpandEnvironmentStringsA
FreeResource
GetExitCodeProcess
LoadResource
GlobalAlloc
LocalFileTimeToFileTime
Sleep
CreateFileA
FindResourceA
SetCurrentDirectoryA
ShellExecuteExA
wsprintfA
SetTimer
SetWindowTextA
LoadStringA
DispatchMessageA
EnableWindow
EndDialog
CharNextA
GetDlgItemTextA
SendMessageA
MessageBoxA
PeekMessageA
GetDlgItem
CreateDialogParamA
TranslateMessage
DialogBoxParamA
ShowWindow
ExitWindowsEx
GetDC
DestroyWindow
setsockopt
socket
gethostbyname
recv
send
WSAAsyncSelect
WSAStartup
WSACleanup
ioctlsocket
connect
shutdown
htons
closesocket
WSAGetLastError
PE exports
Number of PE resources by type
RT_DIALOG 3
RT_ICON 1
RT_STRING 1
AVI 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 8
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
4.0

FileVersionNumber
5.6.2808.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Sygate Personal Firewall

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
9268224

EntryPoint
0x2968

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
5.6.2808

TimeStamp
2002:05:23 22:35:44+02:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows 16-bit

LegalCopyright
Sygate Technologies, Inc.

MachineType
Intel 386 or later, and compatibles

CompanyName
Sygate Technologies, Inc.

CodeSize
19456

FileSubtype
0

ProductVersionNumber
5.6.2808.0

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
Compressed bundles
File identification
MD5 7c420b5be50635f3a2f73cf8e5c490c5
SHA1 0736bcd08c8f9378b8cd8b907a9bd350db991fe9
SHA256 723be27746efd81f8f0807bdfb670d1904f928cfd6a79ab9efa6ffe711de7408
ssdeep
196608:9mVf72alA1oMuWr45hrr2IqwPqAIQfAUx8Q/jwBU2S:w7xueJWGhrr2I/PeCxRjFZ

authentihash 061b6b14dbb0d29ddfa6e14abdd170d025b71f31b4e8d4953df5ab14985d257b
imphash 522ef498e59f40cf227e8201c43746f1
File size 8.8 MB ( 9228440 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Microsoft Update - Self Extracting Cabinet (69.7%)
Win32 EXE PECompact compressed (generic) (8.5%)
Win32 Executable MS Visual C++ (generic) (6.4%)
Win64 Executable (generic) (5.6%)
Microsoft Visual C++ compiled executable (generic) (3.3%)
Tags
software-collection overlay peexe signed via-tor

VirusTotal metadata
First submission 2007-07-15 23:06:56 UTC ( 11 years, 10 months ago )
Last submission 2019-04-07 21:34:28 UTC ( 1 month, 1 week ago )
File names spf5.exe
Sygate Personal Firewall 5.6.2808.exe
sygate-personal-firewall.exe
spf.exe
spf5.6.exe
Sygate Personal Firewall - sygate562808.exe
Sygate_personal_Firewall_5.6.2808
file
Sygate Personal Firewall.exe
spf.exe
Firewall Sygate Personal 5.6.2808.exe
sygate.exe
spf5.exe
spfجدار الحماية سايقت فاير ول.exe
test.exe
sygate personal firewall.exe
Sygate_Personal_Firewall.exe
spf_sigatefirewall_.exe
sygate-personal-firewall-159-jetelecharge.exe
sygatepf.exe
file-3238877_exe
SYGATE56.EXE
sygate562808-setup.exe
sygatefirewall.exe
spf_freeware.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!