× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 79c8cf4ca6540299e6b1006e27dff9d88ee212a415cf1ac3c474c74cb40b061f
File name: rad74d93.tmp.exe
Detection ratio: 13 / 57
Analysis date: 2016-10-01 11:55:40 UTC ( 2 years, 4 months ago )
Antivirus Result Update
Avira (no cloud) TR/Crypt.ZPACK.kvjaz 20161001
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
ESET-NOD32 a variant of Win32/GenKryptik.FKO 20161001
Sophos ML virus.win32.sality.at 20160928
K7GW Trojan ( 004f99a51 ) 20161001
Kaspersky Backdoor.Win32.Androm.kwkf 20161001
McAfee Artemis!1D59AFE9BE58 20161001
McAfee-GW-Edition Artemis 20161001
NANO-Antivirus Trojan.Win32.ZPACK.egrpbm 20161001
Qihoo-360 HEUR/QVM10.1.0000.Malware.Gen 20161001
Rising Malware.Obscure/Heur!1.A121-VHpumYZrSC (cloud) 20161001
Sophos AV Mal/Generic-S 20161001
Symantec Heur.AdvML.B 20161001
Ad-Aware 20161001
AegisLab 20161001
AhnLab-V3 20160930
Alibaba 20160930
ALYac 20160930
Antiy-AVL 20161001
Arcabit 20161001
Avast 20161001
AVG 20161001
AVware 20161001
Baidu 20161001
BitDefender 20161001
Bkav 20161001
CAT-QuickHeal 20161001
ClamAV 20161001
CMC 20160930
Comodo 20161001
Cyren 20161001
DrWeb 20161001
Emsisoft 20161001
F-Prot 20160926
F-Secure 20161001
Fortinet 20161001
GData 20161001
Ikarus 20161001
Jiangmin 20161001
K7AntiVirus 20161001
Kingsoft 20161001
Malwarebytes 20161001
Microsoft 20161001
eScan 20161001
nProtect 20161001
Panda 20161001
SUPERAntiSpyware 20161001
Tencent 20161001
TheHacker 20161001
TrendMicro 20161001
TrendMicro-HouseCall 20161001
VBA32 20161001
VIPRE 20161001
ViRobot 20161001
Yandex 20160930
Zillya 20160929
Zoner 20161001
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification A certificate was explicitly revoked by its issuer.
Signing date 12:42 PM 9/28/2016
Signers
[+] INSTANT
Status Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer COMODO RSA Code Signing CA
Valid from 1:00 AM 9/19/2016
Valid to 12:59 AM 9/20/2017
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 3EAE691A0034C5CD52E0CFB2F51837C9722214CA
Serial number 50 98 3F 81 A9 AA 37 22 DE 6F 19 AF F3 B5 D3 E8
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 5/9/2013
Valid to 12:59 AM 5/9/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE?
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 1/19/2010
Valid to 12:59 AM 1/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-30 18:37:29
Entry Point 0x00003DF8
Number of sections 4
PE sections
Overlays
MD5 6725b77580fa5b693b8432c997103a90
File type data
Offset 345600
Size 6392
Entropy 7.40
PE imports
RegCreateKeyExW
RegEnumValueW
RegCloseKey
OpenProcessToken
RegSetValueExW
FreeSid
RegOpenKeyExW
RegEnumKeyExW
RegEnumKeyW
CheckTokenMembership
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyW
RegDeleteKeyW
RegDeleteValueW
AllocateAndInitializeSid
RegQueryValueExW
RegQueryValueW
GetFileTitleW
GetWindowExtEx
SetMapMode
TextOutW
CreateFontIndirectW
SetBkMode
GetRgnBox
SaveDC
CreateRectRgnIndirect
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
GetMapMode
SelectObject
DeleteObject
GetObjectW
SetTextColor
ExtTextOutW
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
GetViewportExtEx
PtVisible
ExtSelectClipRgn
ScaleViewportExtEx
SetViewportExtEx
SetWindowExtEx
GetTextColor
DPtoLP
Escape
SetBkColor
GetBkColor
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
ReleaseMutex
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
HeapDestroy
DebugBreak
GetFileAttributesW
lstrcmpW
GetExitCodeProcess
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
UnhandledExceptionFilter
SetErrorMode
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetFileTime
WideCharToMultiByte
GetStringTypeA
WriteFile
MoveFileA
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetEvent
LocalFree
FormatMessageW
BeginUpdateResourceW
LoadResource
GlobalHandle
OutputDebugStringW
FindClose
InterlockedDecrement
FormatMessageA
GetFullPathNameW
OutputDebugStringA
GetCurrentThread
GetEnvironmentVariableW
SetLastError
TlsGetValue
GlobalFindAtomW
UpdateResourceW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
EnumSystemLocalesA
LoadLibraryExA
EnumResourceLanguagesW
GetLogicalDriveStringsW
GetSystemDefaultLCID
LoadLibraryExW
MultiByteToWideChar
FatalAppExitA
SetFilePointerEx
GetPrivateProfileStringW
SetFilePointer
SetFileAttributesW
GlobalAddAtomW
CreateThread
SetEnvironmentVariableW
GetSystemDirectoryW
CreatePipe
GetExitCodeThread
SetUnhandledExceptionFilter
ConvertDefaultLocale
GetStartupInfoA
CreateMutexW
MulDiv
GetDateFormatA
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GetVersion
SetCurrentDirectoryW
GlobalAlloc
GetDiskFreeSpaceExW
SetEndOfFile
GetCurrentThreadId
GetProcAddress
WriteConsoleW
HeapFree
EnterCriticalSection
GetTimeZoneInformation
SetHandleCount
LoadLibraryW
EndUpdateResourceW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
CopyFileW
LeaveCriticalSection
UnlockFile
GetWindowsDirectoryW
GetFileSize
GlobalDeleteAtom
DeleteFileA
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GlobalLock
GetProcessHeap
CompareStringW
GlobalReAlloc
RemoveDirectoryW
FindNextFileW
HeapValidate
CompareStringA
FindFirstFileW
IsValidLocale
DuplicateHandle
GetUserDefaultLCID
GetTempPathW
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
InitializeCriticalSection
LocalReAlloc
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
FindResourceW
LCMapStringA
GetThreadLocale
GetVolumeInformationW
GetEnvironmentStringsW
GlobalUnlock
LockFile
lstrlenW
GetCPInfo
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetCommandLineW
GetCurrentDirectoryA
HeapSize
GetCommandLineA
WritePrivateProfileStringW
GetSystemDefaultLangID
RaiseException
TlsFree
GetModuleHandleA
ReadFile
GlobalFlags
CloseHandle
GetTimeFormatA
GetACP
GetModuleHandleW
FreeResource
GetEnvironmentStrings
CreateProcessA
IsValidCodePage
HeapCreate
FindResourceExW
VirtualQuery
VirtualFree
Sleep
VirtualAlloc
GetOEMCP
ResetEvent
PathIsUNCW
PathStripToRootW
PathAddBackslashW
PathFindExtensionW
PathFindFileNameW
GetSubMenu
GetMenuItemCount
LoadBitmapW
LoadCursorW
SetWindowTextW
LoadIconW
CreateWindowExW
RegisterClassExW
BringWindowToTop
ExitWindowsEx
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
ClosePrinter
DocumentPropertiesW
OpenPrinterW
OleUninitialize
CoTaskMemFree
CoTaskMemAlloc
StgCreateDocfileOnILockBytes
OleFlushClipboard
StgOpenStorageOnILockBytes
CLSIDFromProgID
CoRevokeClassObject
CoFreeUnusedLibraries
CoRegisterMessageFilter
OleIsCurrentClipboard
OleInitialize
CLSIDFromString
CreateILockBytesOnHGlobal
CoGetClassObject
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:08:30 19:37:29+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
97792

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
328704

SubsystemVersion
5.0

EntryPoint
0x3df8

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 1d59afe9be5899c51c4f62aaa6536e5c
SHA1 4ab4307b3755805474ff4897daf9fe58ffc033e9
SHA256 79c8cf4ca6540299e6b1006e27dff9d88ee212a415cf1ac3c474c74cb40b061f
ssdeep
6144:vP9hKXIly1G2Urub+dN32M9derp2pVym677WWGJHKK:v1hKVGtuo8oI761

authentihash 3cbf9717fdc6f27182c2869cd9e9c261df6031db810655be69001bc2dfe29b19
imphash ed3df7a507ece3db0941fa4d52ccfe6a
File size 343.7 KB ( 351992 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
revoked-cert peexe signed overlay

VirusTotal metadata
First submission 2016-10-01 11:55:40 UTC ( 2 years, 4 months ago )
Last submission 2016-10-01 11:55:40 UTC ( 2 years, 4 months ago )
File names rad74d93.tmp.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Code injections in the following processes
Created mutexes
Runtime DLLs
UDP communications