× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7a8a5298f0a5e8222f3746b429a18dbdaeb8bbc7a4070ef4490824ffda0b2c66
File name: ScreenLogger.exe
Detection ratio: 2 / 57
Analysis date: 2015-03-20 00:24:04 UTC ( 2 years, 3 months ago )
Antivirus Result Update
Cyren W32/ZemanaTestTool.BFFX-6567 20150319
F-Prot W32/ZemanaTestTool 20150319
Ad-Aware 20150320
AegisLab 20150320
Yandex 20150319
AhnLab-V3 20150319
Alibaba 20150320
ALYac 20150319
Antiy-AVL 20150319
Avast 20150320
AVG 20150320
Avira (no cloud) 20150320
AVware 20150320
Baidu-International 20150319
BitDefender 20150320
Bkav 20150319
ByteHero 20150320
CAT-QuickHeal 20150319
ClamAV 20150320
CMC 20150317
Comodo 20150319
DrWeb 20150320
Emsisoft 20150320
ESET-NOD32 20150320
F-Secure 20150320
Fortinet 20150320
GData 20150320
Ikarus 20150319
Jiangmin 20150319
K7AntiVirus 20150320
K7GW 20150319
Kaspersky 20150319
Kingsoft 20150320
Malwarebytes 20150319
McAfee 20150319
McAfee-GW-Edition 20150319
Microsoft 20150320
eScan 20150319
NANO-Antivirus 20150320
Norman 20150319
nProtect 20150319
Panda 20150318
Qihoo-360 20150320
Rising 20150319
Sophos 20150319
SUPERAntiSpyware 20150319
Symantec 20150320
Tencent 20150320
TheHacker 20150319
TotalDefense 20150319
TrendMicro 20150320
TrendMicro-HouseCall 20150320
VBA32 20150319
VIPRE 20150320
ViRobot 20150319
Zillya 20150319
Zoner 20150319
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© Zemana Ltd. All rights reserved.

Publisher Zemana Information Technologies Industry Limited
Product Zemana Spy Simulation Leak Test
Original name ScreenLogger.exe
File version 1.0.0.33
Description Zemana Spy Simulation Leak Test
Comments Zemana Spy Simulation Leak Test
Signature verification Signed file, verified signature
Signing date 3:51 PM 2/29/2008
Signers
[+] Zemana Information Technologies Industry Limited
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 12/4/2007
Valid to 12:59 AM 12/4/2008
Valid usage Code Signing
Algorithm SHA1
Thumbprint 4CAF1D9A941608B8442740FF7DC1DD6E3EF6509D
Serial number 07 B5 34 F8 31 D8 C2 E1 4D 2D B7 19 09 07 8D 8C
[+] VeriSign Class 3 Code Signing 2004 CA
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 7/16/2004
Valid to 12:59 AM 7/16/2014
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbprint 197A4AEBDB25F0170079BB8C73CB2D655E0018A4
Serial number 41 91 A1 5A 39 78 DF CF 49 65 66 38 1D 4C 75 C2
[+] VeriSign Class 3 Public Primary CA
Status Valid
Issuer None
Valid from 1:00 AM 1/29/1996
Valid to 12:59 AM 8/2/2028
Valid usage Email Protection, Client Auth, Code Signing, Server Auth
Algorithm MD2
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 6/15/2007
Valid to 12:59 AM 6/15/2012
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer None
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm MD5
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-02-29 14:50:41
Entry Point 0x00147580
Number of sections 3
PE sections
PE imports
RegCloseKey
ImageList_Add
BitBlt
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
VariantInit
ShellExecuteA
VerQueryValueA
Number of PE resources by type
RT_ICON 16
RT_STRING 13
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_RCDATA 6
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 33
NEUTRAL 19
PE resources
ExifTool file metadata
LegalTrademarks
Zemana Ltd. All rights reserved.

UninitializedDataSize
1077248

Comments
Zemana Spy Simulation Leak Test

LinkerVersion
5.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.33

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
49152

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
Zemana Ltd. All rights reserved.

FileVersion
1.0.0.33

TimeStamp
2008:02:29 15:50:41+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

ProductVersion
1.0.0.0

FileDescription
Zemana Spy Simulation Leak Test

OSVersion
4.0

OriginalFilename
ScreenLogger.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Zemana Ltd.

CodeSize
262144

ProductName
Zemana Spy Simulation Leak Test

ProductVersionNumber
1.0.0.33

EntryPoint
0x147580

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 db1d5a41647f83c454123f5be88c9a82
SHA1 fe4e2adff149a0ba71895f789a7f151f5afa8c6e
SHA256 7a8a5298f0a5e8222f3746b429a18dbdaeb8bbc7a4070ef4490824ffda0b2c66
ssdeep
6144:pSP+nZCRKzz/gx7veTrM8AVjH+7dMr/Vgd2Tx4G58y04rGOfsgm50LQrJOc:pS8ZCRK/4zefoVjHdr/VDTC4rGKre08n

authentihash 1f1ae812ff414b04668db45582bdbf5d9e74f76ddfbcff47ca57c9710530a62b
imphash 05f3a4dab15a9be63a5f5409a7406188
File size 308.4 KB ( 315800 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
Tags
peexe signed upx

VirusTotal metadata
First submission 2008-04-25 07:33:01 UTC ( 9 years, 2 months ago )
Last submission 2013-09-04 08:00:46 UTC ( 3 years, 9 months ago )
File names ScreenLogger.exe
screenlogger.exe
file-3175565_exe
ScreenLogger (teste para testar screenloggers, se aparecer uma notifica
smona131168137546957688262
ScreenLogger.exe
ScreenLogger_2_.exe
db1d5a41647f83c454123f5be88c9a82
vti-rescan
file-7945_exe
fe4e2adff149a0ba71895f789a7f151f5afa8c6e
ScreenLogger (teste para testar screenloggers, se aparecer uma notificao esta a funcionar bem).exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!