× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7d43ab9302937fc8ee86674f4f0de22a3a1952754eee12a25b7e5eeda6cade11
File name: intensityv.exe
Detection ratio: 3 / 64
Analysis date: 2018-06-06 06:15:34 UTC ( 10 months, 2 weeks ago )
Antivirus Result Update
AhnLab-V3 PUP/Win32.TopBar.C211834 20180605
Malwarebytes PUP.Optional.SubShop 20180606
Webroot Pua.Subshop 20180606
Ad-Aware 20180606
AegisLab 20180606
Alibaba 20180604
ALYac 20180606
Antiy-AVL 20180606
Arcabit 20180606
Avast 20180606
Avast-Mobile 20180606
AVG 20180606
Avira (no cloud) 20180606
AVware 20180606
Babable 20180406
Baidu 20180606
Bkav 20180605
CAT-QuickHeal 20180605
ClamAV 20180606
CMC 20180606
Comodo 20180606
CrowdStrike Falcon (ML) 20180202
Cylance 20180606
Cyren 20180606
DrWeb 20180606
eGambit 20180606
Emsisoft 20180606
Endgame 20180507
ESET-NOD32 20180606
F-Prot 20180606
F-Secure 20180606
Fortinet 20180606
GData 20180606
Ikarus 20180605
Sophos ML 20180601
Jiangmin 20180606
K7AntiVirus 20180606
K7GW 20180606
Kaspersky 20180606
Kingsoft 20180606
MAX 20180606
McAfee 20180606
McAfee-GW-Edition 20180606
Microsoft 20180606
eScan 20180606
NANO-Antivirus 20180606
Panda 20180605
Qihoo-360 20180606
Rising 20180606
SentinelOne (Static ML) 20180225
Sophos AV 20180606
SUPERAntiSpyware 20180606
Symantec 20180606
TACHYON 20180605
Tencent 20180606
TheHacker 20180606
TotalDefense 20180605
TrendMicro 20180606
TrendMicro-HouseCall 20180606
Trustlook 20180606
VBA32 20180605
VIPRE 20180606
ViRobot 20180605
Yandex 20180529
ZoneAlarm by Check Point 20180606
Zoner 20180606
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
yearsoft

Product Sub Shop
Original name Sub Shop
Internal name Sub Shop
File version 1.0.0.2
Description Sub Shop Application
Signature verification Signed file, verified signature
Signing date 10:14 AM 10/25/2013
Signers
[+] yearsoft
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Code Signing CA - G2
Valid from 2:00 AM 6/21/2013
Valid to 1:59 AM 6/22/2014
Valid usage Code Signing, 1.3.6.1.4.1.311.2.1.22
Algorithm sha1RSA
Thumbprint 9A8D1F61CDB929ADB9E0DD8A13112C9D7FC1810A
Serial number 1D 64 00 99 74 7B 7B 01 13 E4 E8 A2 26 D9 C7 98
[+] Thawte Code Signing CA - G2
Status Valid
Issuer thawte Primary Root CA
Valid from 2:00 AM 2/8/2010
Valid to 1:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 808D62642B7D1C4A9A83FD667F7A2A9D243FB1C7
Serial number 47 97 4D 78 73 A5 BC AB 0D 2F B3 70 19 2F CE 5E
[+] thawte
Status Valid
Issuer thawte Primary Root CA
Valid from 2:00 AM 11/17/2006
Valid to 1:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 91C6D6EE3E8AC86384E548C299295C756C817B81
Serial number 34 4E D5 57 20 D5 ED EC 49 F4 2F CE 37 DB 2B 6D
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 2:00 AM 10/18/2012
Valid to 1:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 2:00 AM 12/21/2012
Valid to 1:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 2:00 AM 1/1/1997
Valid to 1:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-10-25 08:10:41
Entry Point 0x00002B8D
Number of sections 5
PE sections
Overlays
MD5 475dc938971c892931ca27232e7f6914
File type data
Offset 39424
Size 5664
Entropy 7.37
PE imports
DuplicateTokenEx
LookupPrivilegeValueA
RevertToSelf
StartServiceCtrlDispatcherA
OpenProcessToken
SetServiceStatus
CreateProcessAsUserA
AdjustTokenPrivileges
SetTokenInformation
RegisterServiceCtrlHandlerA
CreateToolhelp32Snapshot
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
Process32First
WaitForSingleObject
SetEvent
QueryPerformanceCounter
HeapDestroy
HeapAlloc
GetModuleFileNameA
Process32Next
DeleteCriticalSection
SizeofResource
GetCurrentProcessId
OpenProcess
LockResource
ProcessIdToSessionId
HeapSize
GetProcessHeap
RaiseException
WideCharToMultiByte
WTSGetActiveConsoleSessionId
FindResourceExW
CloseHandle
GetSystemTimeAsFileTime
HeapReAlloc
DecodePointer
LoadResource
FindResourceW
CreateEventA
IsDebuggerPresent
EncodePointer
GetCurrentThreadId
LeaveCriticalSection
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z
?_Xbad_alloc@std@@YAXXZ
_purecall
strcat_s
??1type_info@@UAE@XZ
__crtTerminateProcess
memset
__dllonexit
_stricmp
_controlfp_s
_invoke_watson
_fmode
_cexit
?terminate@@YAXXZ
memcpy_s
??2@YAPAXI@Z
_lock
_onexit
__initenv
exit
_XcptFilter
_commode
__setusermatherr
strcpy_s
_initterm_e
_amsg_exit
_CxxThrowException
memmove_s
_unlock
_crt_debugger_hook
??3@YAXPAX@Z
_splitpath
__CxxFrameHandler3
_except_handler4_common
free
__getmainargs
_initterm
__crtUnhandledException
memmove
memcpy
_calloc_crt
__crtSetUnhandledExceptionFilter
_configthreadlocale
_exit
__set_app_type
CreateEnvironmentBlock
WTSQueryUserToken
Number of PE resources by type
RT_ICON 4
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
KOREAN 6
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
11.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.2

UninitializedDataSize
0

LanguageCode
Korean

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
28160

EntryPoint
0x2b8d

OriginalFileName
Sub Shop

MIMEType
application/octet-stream

LegalCopyright
yearsoft

FileVersion
1.0.0.2

TimeStamp
2013:10:25 10:10:41+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
Sub Shop

ProductVersion
3.0.0.9

FileDescription
Sub Shop Application

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
yearsoft

CodeSize
11264

ProductName
Sub Shop

ProductVersionNumber
3.0.0.9

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 cbf81672758ef4faaa19ba5555dee98e
SHA1 73706c3fa0078aedf7bd96c751e809eb76342703
SHA256 7d43ab9302937fc8ee86674f4f0de22a3a1952754eee12a25b7e5eeda6cade11
ssdeep
768:FKW4eyq0YBTf2N9LGpIMon3izrEHb1GpOmb9h:EWVeN5Ge3ivExGgmz

authentihash 055c4f4e4eab6bc2ad7475d2cd43597077f2e76a77e846a9cfbf9277dead5010
imphash 1288f053b94f2977bc10b55e3131c055
File size 44.0 KB ( 45088 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2013-11-10 23:55:28 UTC ( 5 years, 5 months ago )
Last submission 2018-06-06 06:15:34 UTC ( 10 months, 2 weeks ago )
File names aa
intensityv.exe
2886769
17255784
Sub Shop
UBebfetU.xltm
output.17255784.txt
a1kOYHwXM.wsf
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!