× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7246ac074ff1705049eaf3d3e8112e4c0484d2dd5a0b87a4403683c89b80a591
File name: SteamService.exe
Detection ratio: 0 / 54
Analysis date: 2014-11-03 10:51:31 UTC ( 4 years ago )
Antivirus Result Update
Ad-Aware 20141103
AegisLab 20141103
Yandex 20141102
AhnLab-V3 20141102
Antiy-AVL 20141103
Avast 20141103
AVG 20141103
Avira (no cloud) 20141103
AVware 20141031
Baidu-International 20141031
BitDefender 20141103
Bkav 20141027
ByteHero 20141103
CAT-QuickHeal 20141103
ClamAV 20141103
CMC 20141103
Comodo 20141103
Cyren 20141103
DrWeb 20141103
Emsisoft 20141103
ESET-NOD32 20141103
F-Prot 20141031
F-Secure 20141102
Fortinet 20141103
GData 20141103
Ikarus 20141103
Jiangmin 20141102
K7AntiVirus 20141031
K7GW 20141031
Kaspersky 20141103
Kingsoft 20141103
Malwarebytes 20141103
McAfee 20141103
McAfee-GW-Edition 20141103
Microsoft 20141103
eScan 20141101
NANO-Antivirus 20141103
Norman 20141103
nProtect 20141031
Qihoo-360 20141103
Rising 20141103
Sophos AV 20141103
SUPERAntiSpyware 20141101
Symantec 20141103
Tencent 20141103
TheHacker 20141102
TotalDefense 20141102
TrendMicro 20141103
TrendMicro-HouseCall 20141103
VBA32 20141031
VIPRE 20141103
ViRobot 20141103
Zillya 20141101
Zoner 20141031
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2007

Publisher Valve
Product Steam Client Service
Original name SteamSer.exe
Internal name Steam Client Service
File version 01.67.20.08
Description Steam Client Service (buildbot_winslave04_steam_steam_rel_client_win32@winslave04)
Signature verification Signed file, verified signature
Signing date 9:24 PM 2/15/2013
Signers
[+] Valve
Status Valid
Issuer None
Valid from 1:00 AM 9/28/2012
Valid to 12:59 AM 11/24/2015
Valid usage Code Signing
Algorithm SHA1
Thumbprint CB84B870FAB19BE50ACFD1663414488852B8934A
Serial number 47 A9 38 ED C7 AE AC 8D C7 1D CB B4 B4 F6 11 F8
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer None
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer None
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm SHA1
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer None
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer None
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer None
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm MD5
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-02-15 20:24:46
Entry Point 0x0003C33A
Number of sections 5
PE sections
PE imports
LookupPrivilegeValueA
RegCloseKey
RegDeleteValueA
OpenServiceA
ChangeServiceConfigA
RegQueryValueExA
AdjustTokenPrivileges
ControlService
RegCreateKeyExA
DeleteService
SetSecurityDescriptorDacl
CloseServiceHandle
OpenProcessToken
RegSetValueExA
CreateServiceA
QueryServiceStatus
ConvertStringSidToSidA
RegOpenKeyExW
SetServiceObjectSecurity
RegisterEventSourceA
ChangeServiceConfig2A
RegOpenKeyExA
RegEnumValueA
DuplicateTokenEx
SetServiceStatus
CreateProcessAsUserA
GetSecurityDescriptorDacl
RegEnumKeyExW
RegEnumKeyExA
RegQueryInfoKeyA
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
SetNamedSecurityInfoA
QueryServiceObjectSecurity
InitializeSecurityDescriptor
QueryServiceStatusEx
DeregisterEventSource
StartServiceA
SetEntriesInAclA
OpenSCManagerA
ReportEventA
GetStdHandle
GetDriveTypeW
GetFileAttributesA
WaitForSingleObject
DebugBreak
GetFileAttributesW
GetExitCodeProcess
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LoadLibraryExW
FreeEnvironmentStringsW
HeapWalk
SetStdHandle
GetCPInfo
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
SetThreadAffinityMask
HeapReAlloc
GetStringTypeW
SetFileAttributesA
GetOEMCP
LocalFree
HeapLock
GetThreadPriority
InitializeCriticalSection
FindClose
InterlockedDecrement
GetFullPathNameW
OutputDebugStringA
SetLastError
DeviceIoControl
GetModuleFileNameW
CopyFileA
ExitProcess
FlushFileBuffers
GetModuleFileNameA
RaiseException
HeapSetInformation
LoadLibraryExA
SetConsoleCtrlHandler
SetHandleCount
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetLocalTime
SetProcessAffinityMask
SetFilePointer
InterlockedExchangeAdd
GetExitCodeThread
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
MoveFileExA
SetEnvironmentVariableA
TerminateProcess
VirtualQuery
SetEndOfFile
GetCurrentThreadId
GetProcAddress
SetCurrentDirectoryA
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
Process32First
LoadLibraryW
OpenThread
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
Process32Next
LeaveCriticalSection
GetFileSize
OpenProcess
CreateDirectoryA
DeleteFileA
GetStartupInfoW
CreateDirectoryW
GlobalLock
GetProcessHeap
FindFirstFileA
WTSGetActiveConsoleSessionId
HeapValidate
FindNextFileA
ExpandEnvironmentStringsA
SetEvent
GetProcessAffinityMask
CreateFileW
GetConsoleWindow
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
LCMapStringW
GetSystemInfo
lstrlenA
GetConsoleCP
GetEnvironmentStringsW
GlobalUnlock
GlobalAlloc
RemoveDirectoryA
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
ProcessIdToSessionId
GetProcessHeaps
HeapQueryInformation
GetCurrentDirectoryA
HeapSize
GetCommandLineA
InterlockedCompareExchange
GetCurrentThread
QueryPerformanceFrequency
TlsFree
GetModuleHandleA
HeapUnlock
ReadFile
SetConsoleTitleA
CloseHandle
GetACP
GetModuleHandleW
CreateProcessA
WideCharToMultiByte
IsValidCodePage
HeapCreate
VirtualFree
Sleep
GetFileAttributesExA
VirtualAlloc
SysFreeString
VariantClear
SysAllocString
SHGetMalloc
ShellExecuteA
SHGetSpecialFolderPathA
SHGetFolderPathA
SHStrDupW
SHDeleteKeyA
SHDeleteKeyW
GetWindowThreadProcessId
EmptyClipboard
GetWindowTextLengthA
GetWindowRect
EndDialog
SetDlgItemTextA
EnumWindows
IsWindowVisible
GetDesktopWindow
SetDlgItemInt
MessageBoxA
wsprintfA
GetDlgItem
CloseClipboard
DialogBoxParamA
ShowWindow
GetDlgItemInt
SetClipboardData
SetWindowPos
OpenClipboard
PropVariantClear
CoCreateInstance
CoUninitialize
CoInitialize
CoInitializeEx
PE exports
Number of PE resources by type
RT_VERSION 2
RT_ICON 1
RT_MESSAGETABLE 1
RT_MANIFEST 1
SCID 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 5
NEUTRAL 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
181760

ImageVersion
0.0

ProductName
Steam Client Service

FileVersionNumber
1.67.20.8

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

LinkerVersion
10.0

FileDescription
Steam Client Service (buildbot_winslave04_steam_steam_rel_client_win32@winslave04)

CharacterSet
Unicode

SourceControlID
1672008

OriginalFilename
SteamSer.exe

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
01.67.20.08

TimeStamp
2013:02:15 21:24:46+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Steam Client Service

FileAccessDate
2014:11:03 11:51:49+01:00

ProductVersion
01.00.00.01

SubsystemVersion
5.1

OSVersion
5.1

FileCreateDate
2014:11:03 11:51:49+01:00

FileOS
Win32

LegalCopyright
Copyright (C) 2007

MachineType
Intel 386 or later, and compatibles

CompanyName
Valve Corporation

CodeSize
352768

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0x3c33a

ObjectFileType
Executable application

File identification
MD5 62c19b78555efc35fec72c285233a250
SHA1 2a863e34b04c2ca8eaae05723d0edc0dd84907da
SHA256 7246ac074ff1705049eaf3d3e8112e4c0484d2dd5a0b87a4403683c89b80a591
ssdeep
12288:seUtzRqoJGiifewZxt7sk2BgwwyIY/xpmxWWc7STh4gneJ1y6Sev:seUtzSfh732BnwTY/nzWESTh4gi46Sy

authentihash 66649fcc089faf23bed1dbaa1c859d190db8eeba2c44fd3fa8fb58b9aa81da57
imphash b6b5d13df23a8059838929ed008f64df
File size 530.4 KB ( 543144 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Tags
peexe signed

VirusTotal metadata
First submission 2013-02-16 15:00:37 UTC ( 5 years, 9 months ago )
Last submission 2014-11-03 10:51:31 UTC ( 4 years ago )
File names SteamSer.exe
SteamService.exe
steamservice.exe
Steam Client Service
SteamService.exe
STEAMSERVICE.EXE
SteamService.exe
SteamService.exe
vt-upload-lBy9NW
steamservice.exe
steamservice.exe
SteamService.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.