× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 727c1c8dd1454814582f6c26fefd3ef0949864199d85c99129d554417234b5f3
File name: Sitecafe.exe
Detection ratio: 0 / 55
Analysis date: 2014-11-16 19:53:03 UTC ( 4 years, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware 20141116
AegisLab 20141116
Yandex 20141116
AhnLab-V3 20141116
Antiy-AVL 20141116
Avast 20141116
AVG 20141116
Avira (no cloud) 20141116
AVware 20141116
Baidu-International 20141107
BitDefender 20141116
Bkav 20141115
ByteHero 20141116
CAT-QuickHeal 20141114
ClamAV 20141116
CMC 20141114
Comodo 20141116
Cyren 20141116
DrWeb 20141116
Emsisoft 20141116
ESET-NOD32 20141116
F-Prot 20141116
F-Secure 20141116
Fortinet 20141116
GData 20141116
Ikarus 20141116
Jiangmin 20141116
K7AntiVirus 20141114
K7GW 20141115
Kaspersky 20141116
Kingsoft 20141116
Malwarebytes 20141116
McAfee 20141116
McAfee-GW-Edition 20141116
Microsoft 20141116
eScan 20141116
NANO-Antivirus 20141116
Norman 20141116
nProtect 20141114
Panda 20141116
Qihoo-360 20141116
Rising 20141116
Sophos AV 20141116
SUPERAntiSpyware 20141116
Symantec 20141116
Tencent 20141116
TheHacker 20141115
TotalDefense 20141116
TrendMicro 20141116
TrendMicro-HouseCall 20141116
VBA32 20141114
VIPRE 20141116
ViRobot 20141116
Zillya 20141115
Zoner 20141112
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 5:27 PM 11/2/2010
Signers
[+] PROVISIO GmbH
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer GlobalSign ObjectSign CA
Valid from 5:00 PM 12/8/2008
Valid to 5:00 PM 12/8/2010
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 856588AC5D68A0337606A4384DC792075FE133B0
Serial number 01 00 00 00 00 01 1E 17 8C ED 64
[+] GlobalSign ObjectSign CA
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer GlobalSign Primary Object Publishing CA
Valid from 11:00 AM 1/22/2004
Valid to 12:00 PM 1/27/2017
Valid usage All
Algorithm sha1RSA
Thumbprint B859853EF366AC9335763C340A87BD208113055F
Serial number 04 00 00 00 00 01 1E 44 A5 EC BE
[+] GlobalSign Primary Object Publishing CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer GlobalSign Root CA
Valid from 2:00 PM 1/28/1999
Valid to 1:00 PM 1/27/2017
Valid usage All
Algorithm sha1RSA
Thumbprint 1AAF4DF10D36215E09E4EEFD70E340C2E4DECF38
Serial number 04 00 00 00 00 01 1E 44 A5 E2 4E
[+] GlobalSign Root CA - R1
Status Valid
Issuer GlobalSign Root CA
Valid from 1:00 PM 9/1/1998
Valid to 1:00 PM 1/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbprint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
Counter signers
[+] GlobalSign Time Stamping Authority
Status The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer GlobalSign Timestamping CA
Valid from 10:32 AM 12/21/2009
Valid to 10:32 AM 12/22/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint AEDF7DF76BBA2410D67DBAF18F5BA15B417E496C
Serial number 01 00 00 00 00 01 25 B0 B4 CC 01
[+] GlobalSign Timestamping CA
Status Valid
Issuer GlobalSign Root CA
Valid from 12:00 PM 3/18/2009
Valid to 1:00 PM 1/28/2028
Valid usage All
Algorithm sha1RSA
Thumbrint 958D23902D5448314F2F811034356A58255CDC9B
Serial number 04 00 00 00 00 01 20 19 C1 90 66
[+] GlobalSign Root CA - R1
Status Valid
Issuer GlobalSign Root CA
Valid from 1:00 PM 9/1/1998
Valid to 1:00 PM 1/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbrint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
Packers identified
F-PROT appended, maxorder, docwrite, NSIS, UTF-8, Unicode, CAB
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-12-05 22:50:46
Entry Point 0x0000323C
Number of sections 5
PE sections
Overlays
MD5 0f9668a6f9fa57fb4a9239d0da69ab9d
File type data
Offset 132608
Size 85428952
Entropy 8.00
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
RegDeleteValueA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SetBkMode
CreateBrushIndirect
CreateFontIndirectA
SelectObject
SetBkColor
DeleteObject
SetTextColor
GetLastError
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
ExitProcess
SetFileTime
GlobalUnlock
GetModuleFileNameA
LoadLibraryA
GetShortPathNameA
GetCurrentProcess
LoadLibraryExA
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GlobalLock
SetFileAttributesA
SetFilePointer
GetTempPathA
CreateThread
lstrcmpiA
GetModuleHandleA
lstrcmpA
ReadFile
WriteFile
FindFirstFileA
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
RemoveDirectoryA
GetSystemDirectoryA
GetDiskFreeSpaceA
ExpandEnvironmentStringsA
GetFullPathNameA
FreeLibrary
MoveFileA
CreateProcessA
GlobalAlloc
SearchPathA
FindClose
Sleep
CreateFileA
GetTickCount
GetVersion
GetProcAddress
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
SHFileOperationA
EmptyClipboard
GetMessagePos
EndPaint
CharPrevA
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
SetWindowTextA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
ScreenToClient
SetDlgItemTextA
MessageBoxIndirectA
LoadImageA
GetDlgItemTextA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
FindWindowExA
SystemParametersInfoA
CreatePopupMenu
wsprintfA
DialogBoxParamA
SetClipboardData
IsWindowVisible
GetClassInfoA
SetForegroundWindow
GetClientRect
CreateWindowExA
GetDlgItem
CreateDialogParamA
DrawTextA
EnableMenuItem
RegisterClassA
InvalidateRect
GetWindowLongA
SendMessageTimeoutA
SetTimer
LoadCursorA
TrackPopupMenu
SendMessageA
FillRect
ShowWindow
OpenClipboard
CharNextA
CallWindowProcA
GetSystemMenu
EnableWindow
CloseClipboard
DestroyWindow
ExitWindowsEx
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_ICON 5
RT_DIALOG 3
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 10
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2009:12:05 23:50:46+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
23552

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
119808

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x323c

OSVersion
4.0

ImageVersion
6.0

UninitializedDataSize
1024

File identification
MD5 68115083b88fca842ef7b5d0dd779a04
SHA1 aa4e0bad6651c5f420510a150a2f3f31e5b68d9a
SHA256 727c1c8dd1454814582f6c26fefd3ef0949864199d85c99129d554417234b5f3
ssdeep
1572864:jTkomXKEdj8Vc3aX4E7FTqP8Cw3nvt1Ac/zt728yvfnY5EkY14HnzyGu:j0XKyjvbkTqPvavH/zF7yHncEgHnO

authentihash f991b68fd447df08d573aac4b9295525e81b3126285f5d98f9ea67ef99f1758c
imphash 099c0646ea7282d232219f8807883be0
File size 81.6 MB ( 85561560 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID NSIS - Nullsoft Scriptable Install System (98.7%)
Win32 Executable (generic) (0.5%)
OS/2 Executable (generic) (0.2%)
Generic Win/DOS Executable (0.2%)
DOS Executable Generic (0.2%)
Tags
nsis peexe revoked-cert signed overlay

VirusTotal metadata
First submission 2014-09-30 13:29:36 UTC ( 4 years, 4 months ago )
Last submission 2016-04-07 01:34:54 UTC ( 2 years, 10 months ago )
File names 727C1C8DD1454814582F6C26FEFD3EF0949864199D85C99129D554417234B5F3
SiteCafe.exe
Sitecafe.exe
32882
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!