× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7fa8b58ef9e7d6c59a5d7a9fb7cc2a435bed1a638246da95fb8b563dc905ba72
File name: xblzy_70315.exe
Detection ratio: 0 / 51
Analysis date: 2014-03-30 17:54:30 UTC ( 3 weeks, 2 days ago )
Probably harmless! There are strong indicators suggesting that this file is safe to use.
Antivirus Result Update
AVG 20140330
Ad-Aware 20140330
AegisLab 20140330
Agnitum 20140329
AhnLab-V3 20140330
AntiVir 20140330
Antiy-AVL 20140330
Avast 20140330
Baidu-International 20140330
BitDefender 20140330
Bkav 20140329
ByteHero 20140330
CAT-QuickHeal 20140330
CMC 20140328
ClamAV 20140330
Commtouch 20140330
Comodo 20140330
DrWeb 20140330
ESET-NOD32 20140330
Emsisoft 20140330
F-Prot 20140330
F-Secure 20140330
Fortinet 20140330
GData 20140330
Ikarus 20140330
Jiangmin 20140330
K7AntiVirus 20140328
K7GW 20140328
Kaspersky 20140330
Kingsoft 20140330
Malwarebytes 20140330
McAfee 20140330
McAfee-GW-Edition 20140330
MicroWorld-eScan 20140330
Microsoft 20140330
NANO-Antivirus 20140330
Norman 20140330
Panda 20140330
Qihoo-360 20140330
Rising 20140330
SUPERAntiSpyware 20140330
Sophos 20140330
Symantec 20140330
TheHacker 20140329
TotalDefense 20140329
TrendMicro 20140330
TrendMicro-HouseCall 20140330
VBA32 20140328
VIPRE 20140330
ViRobot 20140330
nProtect 20140330
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Publisher Beijing baidu Netcom science and technology co.ltd
File version 1.0.875.52
Signature verification Signed file, verified signature
Signing date 6:52 AM 12/5/2013
Signers
[+] Beijing baidu Netcom science and technology co.ltd
Status Valid
Valid from 1:00 AM 2/27/2012
Valid to 12:59 AM 2/27/2015
Valid usage Code Signing
Algorithm SHA1
Thumbrint D60C12D1FDB9E45551A00C8815CCD486C043945B
Serial number 56 65 97 19 56 9B E0 7B 77 5A 1B 22 75 E2 D8 3A
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbrint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm SHA1
Thumbrint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm MD5
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT NSIS, NSIS, appended, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-02-24 19:19:59
Entry Point 0x000039E3
Number of sections 6
PE sections
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegEnumValueW
RegOpenKeyExW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueExW
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
CreateFontIndirectW
SetBkMode
CreateBrushIndirect
SelectObject
SetBkColor
DeleteObject
SetTextColor
GetLastError
WriteFile
CopyFileW
GetShortPathNameW
LoadLibraryA
lstrlenA
GetModuleFileNameW
GlobalFree
WaitForSingleObject
GetVersionExW
GetExitCodeProcess
FindFirstFileW
ExitProcess
GlobalUnlock
GetFileAttributesW
lstrlenW
GetCurrentProcess
CompareFileTime
FindNextFileW
GetFileSize
OpenProcess
SetFileTime
GetCommandLineW
GetWindowsDirectoryW
SetErrorMode
MultiByteToWideChar
CreateDirectoryW
SetFilePointer
GlobalLock
GetPrivateProfileStringW
WritePrivateProfileStringW
GetTempFileNameW
lstrcpynW
RemoveDirectoryW
ExpandEnvironmentStringsW
lstrcpyW
GetFullPathNameW
lstrcmpiA
CreateThread
LoadLibraryW
GetModuleHandleA
GetSystemDirectoryW
GetDiskFreeSpaceW
ReadFile
GetTempPathW
CloseHandle
DeleteFileW
lstrcmpA
lstrcmpW
GetModuleHandleW
lstrcatW
lstrcpynA
FreeLibrary
SearchPathW
WideCharToMultiByte
lstrcmpiW
SetCurrentDirectoryW
lstrcpyA
CreateFileW
GlobalAlloc
CreateProcessW
FindClose
Sleep
MoveFileW
SetFileAttributesW
GetTickCount
GetVersion
GetProcAddress
LoadLibraryExW
MulDiv
SHBrowseForFolderW
SHFileOperationW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFileInfoW
EmptyClipboard
GetMessagePos
EndPaint
EndDialog
LoadBitmapW
SetClassLongW
DefWindowProcW
CharPrevW
PostQuitMessage
ShowWindow
SetWindowPos
wvsprintfW
GetSystemMetrics
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
EnableWindow
GetDC
CharUpperW
DialogBoxParamW
GetClassInfoW
AppendMenuW
CharNextW
IsWindowEnabled
GetDlgItemTextW
MessageBoxIndirectW
GetSysColor
CheckDlgButton
DispatchMessageW
GetAsyncKeyState
BeginPaint
CreatePopupMenu
SendMessageW
SetCursor
SetClipboardData
GetWindowLongW
FindWindowExW
IsWindowVisible
SetForegroundWindow
SetWindowTextW
GetDlgItem
SystemParametersInfoW
LoadImageW
EnableMenuItem
ScreenToClient
InvalidateRect
CreateDialogParamW
wsprintfA
SetTimer
CallWindowProcW
TrackPopupMenu
RegisterClassW
FillRect
IsDlgButtonChecked
CharNextA
SetDlgItemTextW
LoadCursorW
GetSystemMenu
SendMessageTimeoutW
CreateWindowExW
wsprintfW
CloseClipboard
GetClientRect
DrawTextW
DestroyWindow
ExitWindowsEx
OpenClipboard
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_ICON 7
RT_DIALOG 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 13
CHINESE SIMPLIFIED 1
ExifTool file metadata
UninitializedDataSize
16896

InitializedDataSize
445952

ImageVersion
6.0

FileVersionNumber
1.0.875.52

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x0000

CharacterSet
Windows, Chinese (Simplified)

LinkerVersion
10.0

MIMEType
application/octet-stream

FileVersion
1.0.875.52

TimeStamp
2012:02:24 20:19:59+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2014:03:30 18:51:49+01:00

ProductVersion
1.0.875.52

SubsystemVersion
5.0

OSVersion
5.0

FileCreateDate
2014:03:30 18:51:49+01:00

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
28672

FileSubtype
0

ProductVersionNumber
1.0.875.52

EntryPoint
0x39e3

ObjectFileType
Executable application

File identification
MD5 47da70367f865d3be53329601b0ccf6d
SHA1 ab5f531d3d1f50eb3006d785e0462495fb024626
SHA256 7fa8b58ef9e7d6c59a5d7a9fb7cc2a435bed1a638246da95fb8b563dc905ba72
ssdeep
49152:E5/wiyxUa3omd3pzMFxy/NJe7+ss7qo/Fmg7bqsnf:E5sUahp4Fofe7IOoAg7usf

imphash 32f3282581436269b3a75b6675fe3e08
File size 1.9 MB ( 1973664 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
nsis peexe signed

VirusTotal metadata
First submission 2013-12-12 20:25:15 UTC ( 4 months, 1 week ago )
Last submission 2014-03-11 14:09:02 UTC ( 1 month, 1 week ago )
File names xblzy_70322.exe
xblzy_70302.exe
xblzy_70304.rar
xblzy_70315.exe
47da70367f865d3be53329601b0ccf6d.exe
xblzy_70311.exe
47da70367f865d3be53329601b0ccf6d
xblzy_70354.exe
xblzy_70351.exe
xblzy_70305.exe
xblzy_70360.exe
xblzy_70304.rar.exe
xblzy_70304.exe
xblzy_70318.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!