× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 79b3b5f1009fd40ecc4652e759f1a26c55aa9c284381e8ef012801a2526e9fc9
File name: vt-upload-9S9Fms
Detection ratio: 0 / 54
Analysis date: 2014-09-20 21:57:47 UTC ( 4 years, 7 months ago )
Antivirus Result Update
Ad-Aware 20140920
AegisLab 20140920
Yandex 20140920
AhnLab-V3 20140920
Antiy-AVL 20140920
Avast 20140920
AVG 20140920
Avira (no cloud) 20140920
AVware 20140920
Baidu-International 20140920
BitDefender 20140920
Bkav 20140920
ByteHero 20140920
CAT-QuickHeal 20140920
ClamAV 20140920
CMC 20140918
Comodo 20140920
Cyren 20140920
DrWeb 20140920
Emsisoft 20140920
ESET-NOD32 20140920
F-Prot 20140920
F-Secure 20140920
Fortinet 20140920
GData 20140920
Ikarus 20140920
Jiangmin 20140920
K7AntiVirus 20140919
K7GW 20140919
Kaspersky 20140920
Kingsoft 20140920
Malwarebytes 20140920
McAfee 20140920
McAfee-GW-Edition 20140920
Microsoft 20140920
eScan 20140920
NANO-Antivirus 20140920
Norman 20140920
nProtect 20140919
Panda 20140920
Qihoo-360 20140920
Rising 20140920
Sophos AV 20140920
SUPERAntiSpyware 20140920
Symantec 20140920
TheHacker 20140919
TotalDefense 20140920
TrendMicro 20140920
TrendMicro-HouseCall 20140920
VBA32 20140919
VIPRE 20140920
ViRobot 20140920
Zillya 20140920
Zoner 20140919
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Publisher ASUSTeK Computer Inc.
File version 1.0.2.6
Description TurboV EVO
Signature verification Signed file, verified signature
Signing date 11:24 AM 4/7/2010
Signers
[+] ASUSTeK Computer Inc.
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 8/3/2009
Valid to 12:59 AM 8/4/2012
Valid usage Code Signing
Algorithm SHA1
Thumbprint 64BC9DAE5710C93A9ACFED82EE5DCE0A9BA8D1A8
Serial number 12 D5 C9 E2 94 9D 48 AB AC CD 35 14 F0 FB 22 AD
[+] VeriSign Class 3 Code Signing 2009-2 CA
Status Valid
Issuer None
Valid from 1:00 AM 5/21/2009
Valid to 12:59 AM 5/21/2019
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbprint 12D4872BC3EF019E7E0B6F132480AE29DB5B1CA3
Serial number 65 52 26 E1 B2 2E 18 E1 59 0F 29 85 AC 22 E7 5C
[+] VeriSign Class 3 Public Primary Certification Authority (PCA3 G1 SHA1)
Status Valid
Issuer None
Valid from 1:00 AM 1/29/1996
Valid to 12:59 AM 8/3/2028
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm SHA1
Thumbprint A1DB6393916F17E4185509400415C70240B0AE6B
Serial number 3C 91 31 CB 1F F6 D0 1B 0E 9A B8 D0 44 BF 12 BE
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 6/15/2007
Valid to 12:59 AM 6/15/2012
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer None
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm MD5
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-04-07 10:24:36
Entry Point 0x00001000
Number of sections 8
PE sections
PE imports
SetSecurityDescriptorDacl
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegSetValueExA
RegQueryValueExA
InitializeSecurityDescriptor
AdjustTokenPrivileges
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
Ord(3)
Ord(11)
Ord(10)
Ord(1)
Ord(6)
Ord(7)
Ord(4)
Ord(13)
Ord(5)
Ord(2)
Ord(9)
ImageList_BeginDrag
ImageList_SetBkColor
ImageList_SetDragCursorImage
ImageList_Read
ImageList_DragMove
ImageList_Remove
ImageList_GetDragImage
ImageList_DrawEx
ImageList_SetIconSize
ImageList_Write
ImageList_GetImageCount
ImageList_Destroy
ImageList_Draw
ImageList_GetIconSize
ImageList_DragLeave
ImageList_GetBkColor
ImageList_ReplaceIcon
ImageList_DragEnter
ImageList_Add
ImageList_DragShowNolock
ImageList_Create
ImageList_EndDrag
GetDIBColorTable
DeleteEnhMetaFile
GetSystemPaletteEntries
SetBkMode
CreateHalftonePalette
SetStretchBltMode
GetCurrentPositionEx
SaveDC
GetWinMetaFileBits
CreateFontIndirectA
GetPaletteEntries
MaskBlt
GetClipBox
GetEnhMetaFilePaletteEntries
GetBitmapBits
Rectangle
GetObjectA
GetBrushOrgEx
ExcludeClipRect
PlayEnhMetaFile
LineTo
DeleteDC
RestoreDC
GetPixel
GetWindowOrgEx
SetPixel
SetWindowOrgEx
IntersectClipRect
BitBlt
CreateDIBSection
CopyEnhMetaFileA
RealizePalette
SetTextColor
GetDeviceCaps
RectVisible
SetEnhMetaFileBits
CreateBitmap
MoveToEx
CreatePalette
CreateBrushIndirect
CreateDIBitmap
GetStockObject
SelectPalette
SetBkColor
UnrealizeObject
GetDIBits
GdiFlush
SetROP2
GetDCOrgEx
CreateCompatibleDC
StretchBlt
SetBrushOrgEx
SelectObject
GetTextExtentPoint32A
PatBlt
GetTextMetricsA
SetDIBColorTable
GetEnhMetaFileHeader
CreateSolidBrush
Polyline
SetViewportOrgEx
GetTextExtentPointA
GetEnhMetaFileBits
SetWinMetaFileBits
DeleteObject
CreateCompatibleBitmap
CreatePenIndirect
SetThreadLocale
GetStdHandle
FileTimeToDosDateTime
GetFileAttributesA
SetEvent
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
SetErrorMode
GetCPInfo
InterlockedExchange
WriteFile
WaitForSingleObject
SetThreadAffinityMask
GetDiskFreeSpaceA
GetStringTypeW
GetOEMCP
LocalFree
ResumeThread
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
InterlockedDecrement
FormatMessageA
OutputDebugStringA
SetLastError
TlsAlloc
HeapAlloc
GetModuleFileNameA
EnumCalendarInfoA
LoadLibraryExA
GetPrivateProfileStringA
SetConsoleCtrlHandler
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
CreateMutexA
SetFilePointer
CreateThread
GetExitCodeThread
GlobalAddAtomA
MulDiv
ExitThread
GlobalAlloc
SetEndOfFile
GetVersion
LeaveCriticalSection
CallNamedPipeW
HeapFree
EnterCriticalSection
SetHandleCount
FreeLibrary
GetTickCount
CallNamedPipeA
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
CreateDirectoryA
DeleteFileA
GetProcAddress
GetProcessHeap
GlobalReAlloc
FindFirstFileA
lstrcpyA
CompareStringA
FindNextFileA
GlobalLock
CreateEventA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
GlobalDeleteAtom
GetSystemInfo
lstrlenA
GlobalFree
GetThreadLocale
GlobalUnlock
VirtualQuery
FileTimeToLocalFileTime
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
WideCharToMultiByte
GetCommandLineA
GetCurrentThread
GetSystemDefaultLangID
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
lstrcpynA
GetACP
GetCurrentThreadId
FreeResource
SizeofResource
VirtualFree
Sleep
FindResourceA
VirtualAlloc
IsEqualGUID
CoUninitialize
CoInitialize
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
SysReAllocStringLen
GetErrorInfo
SysFreeString
VariantChangeTypeEx
ShellExecuteA
Shell_NotifyIconA
SHGetFolderPathA
RedrawWindow
GetForegroundWindow
DrawTextW
EnableScrollBar
DestroyMenu
PostQuitMessage
LoadBitmapA
SetWindowPos
IsWindow
SetTimer
DispatchMessageA
EndPaint
SetMenuItemInfoA
WindowFromPoint
SetActiveWindow
GetDC
GetCursorPos
DrawTextA
GetClassInfoA
GetMenu
UnregisterClassA
DefFrameProcA
GetClientRect
AllowSetForegroundWindow
CharLowerBuffA
SetScrollPos
CallNextHookEx
TrackPopupMenu
GetTopWindow
ShowCursor
wsprintfA
MsgWaitForMultipleObjects
GetMenuStringA
GetWindowTextA
DestroyWindow
DrawEdge
GetParent
UpdateWindow
SetPropA
EqualRect
EnumWindows
DefMDIChildProcA
ShowWindow
SetClassLongA
DrawFrameControl
GetDesktopWindow
TranslateMDISysAccel
EnableWindow
SetWindowPlacement
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
ActivateKeyboardLayout
InsertMenuItemA
GetIconInfo
LoadStringA
ScrollWindow
GetSystemMetrics
IsZoomed
GetWindowPlacement
GetKeyboardLayoutList
DrawMenuBar
EnableMenuItem
RegisterClassA
GetMenuItemCount
GetWindowLongA
CreateWindowExA
OemToCharA
GetActiveWindow
GetKeyboardLayout
FillRect
EnumThreadWindows
CharNextA
CreateMenu
PtInRect
IsChild
IsDialogMessageA
MapWindowPoints
MapVirtualKeyA
ReleaseCapture
SetCapture
BeginPaint
OffsetRect
SetFocus
GetScrollPos
KillTimer
TrackMouseEvent
RegisterWindowMessageA
DefWindowProcA
DrawFocusRect
GetClipboardData
CharLowerA
IsIconic
SetScrollRange
GetWindowRect
InflateRect
PostMessageA
DrawIcon
IntersectRect
SetWindowLongA
RemovePropA
CreatePopupMenu
CheckMenuItem
GetSubMenu
GetLastActivePopup
DrawIconEx
GetDCEx
BringWindowToTop
ClientToScreen
InsertMenuA
LoadCursorA
LoadIconA
GetKeyboardState
SetWindowsHookExA
GetMenuItemInfoA
AttachThreadInput
GetMenuState
ShowOwnedPopups
GetSystemMenu
GetMenuItemID
SetForegroundWindow
ExitWindowsEx
ReleaseDC
GetScrollRange
GetScrollInfo
GetCapture
WaitMessage
ScreenToClient
FindWindowA
RemoveMenu
GetWindowThreadProcessId
ShowScrollBar
GetPropA
SetMenu
RegisterClipboardFormatA
IsRectEmpty
MessageBoxA
GetWindowDC
DestroyCursor
AdjustWindowRectEx
LoadKeyboardLayoutA
GetSysColor
SetScrollInfo
GetKeyState
SystemParametersInfoA
DestroyIcon
GetKeyNameTextA
IsWindowVisible
WinHelpA
FrameRect
SetRect
DeleteMenu
InvalidateRect
SendMessageA
SetWindowTextA
CreateIcon
CallWindowProcA
GetCursor
GetFocus
GetKeyboardType
UnhookWindowsHookEx
SetCursor
WinVerifyTrust
PE exports
Number of PE resources by type
RT_STRING 12
RT_RCDATA 12
RT_GROUP_CURSOR 7
RT_ICON 7
RT_CURSOR 7
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 38
CHINESE TRADITIONAL 9
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
139264

ImageVersion
0.0

FileVersionNumber
1.0.2.6

UninitializedDataSize
0

LanguageCode
Chinese (Traditional)

FileFlagsMask
0x003f

CharacterSet
Windows, Taiwan (Big5)

LinkerVersion
5.0

MIMEType
application/octet-stream

FileVersion
1.0.2.6

TimeStamp
2010:04:07 11:24:36+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2014:03:17 15:16:48+01:00

ProductVersion
1.02.06

FileDescription
TurboV EVO

OSVersion
4.0

FileCreateDate
2014:03:17 15:16:48+01:00

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
ASUSTeK Computer Inc.

CodeSize
712704

FileSubtype
0

ProductVersionNumber
1.0.2.6

EntryPoint
0x1000

ObjectFileType
Executable application

Execution parents
Compressed bundles
File identification
MD5 d518c4df30015be256aa28ffb9ec19c2
SHA1 4ebb8a910b14268a851793b9077cbda9075f6367
SHA256 79b3b5f1009fd40ecc4652e759f1a26c55aa9c284381e8ef012801a2526e9fc9
ssdeep
49152:LBUgS7FAntym/cpk8tlS0hm7iASE+qKmqBrSJ30bMAanfrKsJo05jrK8fIrKPs:zDnf/zBLA

authentihash 3d762291b7ebe7eaafe090093e0c8b77c48ec4567e3566c329ba4799639507d7
imphash 2736192a0033ec24323d56491e9310fd
File size 9.5 MB ( 9919104 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library - Borland C/C++ (72.3%)
InstallShield setup (14.1%)
Windows Screen Saver (4.2%)
DOS Executable Borland C++ (4.2%)
Win32 Dynamic Link Library (generic) (2.1%)
Tags
peexe signed

VirusTotal metadata
First submission 2013-06-15 22:02:08 UTC ( 5 years, 10 months ago )
Last submission 2014-03-17 14:16:24 UTC ( 5 years, 1 month ago )
File names TurboV_EVO.exe
TurboV_EVO.exe
turbov_evo.exe
TurboV_EVO.exe
TurboV_EVO.exe
TurboV_EVO.exe
vt-upload-9S9Fms
flareFile
TurboV_EVO.exe
turbov_evo.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!