× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8071fa2ebbf80287f480a027d831825713c262240f0ac938e6751bf7ecfcd146
File name: ed4c9519-4398-44de-bf9b-1c04e0b9cd18.exe
Detection ratio: 33 / 57
Analysis date: 2015-10-06 00:07:51 UTC ( 1 year, 9 months ago )
Antivirus Result Update
Ad-Aware Gen:Application.Heur.tu1@mWkAIliO 20151006
Yandex PUA.Toolbar.CrossRider! 20151004
AhnLab-V3 PUP/Win32.CrossRider 20151005
Antiy-AVL GrayWare[WebToolbar:not-a-virus]/Win32.CrossRider.kti 20151006
Arcabit Application.Heur.EF311F 20151006
AVG Generic.95F 20151006
Avira (no cloud) ADWARE/CrossRider.Gen7 20151006
AVware Crossrider (fs) 20151005
BitDefender Gen:Application.Heur.tu1@mWkAIliO 20151006
Bkav W32.HfsAdware.B84E 20151005
CAT-QuickHeal PUA.BrightCircle.OD6 20151005
Comodo ApplicUnwnt 20151005
F-Secure Gen:Application.Heur.tu1@mWkAIliO 20151005
Fortinet Riskware/CrossRider 20151006
GData Gen:Application.Heur.tu1@mWkAIliO 20151006
K7AntiVirus Unwanted-Program ( 0040f9a31 ) 20151005
K7GW Unwanted-Program ( 0040f9a31 ) 20151005
Kaspersky not-a-virus:WebToolbar.Win32.CrossRider.kti 20151006
Malwarebytes PUP.Optional.SavePass 20151005
McAfee Artemis!8A0A88732886 20151006
McAfee-GW-Edition BehavesLike.Win32.PUP.fh 20151005
eScan Gen:Application.Heur.tu1@mWkAIliO 20151006
NANO-Antivirus Riskware.Win32.CrossRider.dvaajb 20151006
Panda Trj/Genetic.gen 20151005
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20151006
Rising PE:PUF.CrossRider!1.A157[F1] 20151005
Sophos AV AppRider (PUA) 20151005
SUPERAntiSpyware Adware.CrossRider/Variant 20151006
Symantec Trojan.Gen.2 20151005
Tencent Win32.Adware.Bp-browser.Luqs 20151006
TrendMicro TROJ_GEN.R047C0EHI15 20151006
VIPRE Crossrider (fs) 20151006
Zillya Adware.CrossRider.Win32.909 20151005
AegisLab 20151005
Alibaba 20150927
ALYac 20151006
Avast 20151006
Baidu-International 20151005
ByteHero 20151006
ClamAV 20151005
CMC 20151005
Cyren 20151006
DrWeb 20151006
Emsisoft 20151006
ESET-NOD32 20151006
F-Prot 20151006
Ikarus 20151006
Jiangmin 20151005
Kingsoft 20151006
Microsoft 20151005
nProtect 20151005
TheHacker 20151005
TotalDefense 20151006
TrendMicro-HouseCall 20151006
VBA32 20151005
ViRobot 20151005
Zoner 20151006
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright 2011

Publisher Airplane Networks (BrightCircle Investments Limited)
Product SavePass 1.1
Original name SavePass 1.1.exe
Internal name SavePass 1.1
File version 1000.1000.1000.1000
Description SavePass 1.1 exe
Signature verification Signed file, verified signature
Signers
[+] Airplane Networks (BrightCircle Investments Limited)
Status Valid
Issuer None
Valid from 1:00 AM 12/1/2014
Valid to 12:59 AM 12/2/2015
Valid usage Code Signing
Algorithm SHA1
Thumbprint C963D8A4DBADF75C56C2A64124B7DEC89504F0D1
Serial number 00 AD A1 85 AF C7 F2 3D 3C 11 5D 61 3E 31 28 9B
[+] COMODO Code Signing CA 2
Status Valid
Issuer None
Valid from 1:00 AM 8/24/2011
Valid to 11:48 AM 5/30/2020
Valid usage Code Signing
Algorithm SHA1
Thumbprint B64771392538D1EB7A9281998791C14AFD0C5035
Serial number 10 70 9D 4F F5 54 08 D7 30 60 01 D8 EA 91 75 BB
[+] USERTrust
Status Valid
Issuer None
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm SHA1
Thumbprint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-24 23:02:14
Entry Point 0x000203D0
Number of sections 5
PE sections
Overlays
MD5 576dd173cd55a7e1992aaf1e906dfab3
File type data
Offset 312320
Size 4584
Entropy 7.35
PE imports
RegCreateKeyExW
RegEnumValueW
RegCloseKey
RegSetValueExW
RegDeleteValueW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegQueryValueExW
InitCommonControlsEx
GetDeviceCaps
DeleteDC
SelectObject
GetStockObject
CreateSolidBrush
GetObjectW
BitBlt
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetStdHandle
InterlockedPopEntrySList
HeapDestroy
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
InitializeSListHead
SetStdHandle
WideCharToMultiByte
GetDiskFreeSpaceW
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
InterlockedPushEntrySList
InitializeCriticalSection
LoadResource
FindClose
TlsGetValue
SetLastError
PeekNamedPipe
OpenThread
InterlockedDecrement
OutputDebugStringW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
lstrcmpiW
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
FlushInstructionCache
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
TerminateProcess
GetModuleHandleExW
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetFileSize
GetModuleHandleW
GetStartupInfoW
GlobalLock
GetProcessHeap
CompareStringW
FindNextFileW
FindFirstFileW
lstrcmpW
GetProcAddress
ReadConsoleW
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
GetConsoleCP
FindResourceW
GetEnvironmentStringsW
GlobalUnlock
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
InterlockedCompareExchange
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
OpenMutexW
GetACP
GetVersion
FindResourceExW
IsValidCodePage
GetTempPathW
VirtualFree
Sleep
VirtualAlloc
LoadRegTypeLib
OleCreateFontIndirect
SysStringLen
VarUI4FromStr
SysAllocStringLen
VariantClear
SysAllocString
LoadTypeLib
SysFreeString
GetErrorInfo
VariantInit
SetFocus
RedrawWindow
EndPaint
RegisterWindowMessageW
BeginPaint
GetFocus
DefWindowProcW
CreateAcceleratorTableW
RegisterClassExW
SetWindowPos
GetParent
SetWindowLongW
IsWindow
GetClassInfoExW
ScreenToClient
SetCapture
ReleaseCapture
GetWindow
PostMessageW
GetSysColor
GetDC
ReleaseDC
SendMessageW
UnregisterClassW
SetWindowTextW
GetDlgItem
MoveWindow
ClientToScreen
GetWindowTextW
InvalidateRect
CallWindowProcW
GetClassNameW
FillRect
GetClientRect
DestroyAcceleratorTable
GetDesktopWindow
LoadCursorW
GetWindowTextLengthW
CreateWindowExW
GetWindowLongW
InvalidateRgn
CharNextW
IsChild
DestroyWindow
VerQueryValueW
InternetCloseHandle
InternetSetOptionW
HttpSendRequestW
HttpOpenRequestW
CreateStreamOnHGlobal
OleUninitialize
CoTaskMemFree
CoInitialize
OleInitialize
CoGetClassObject
CoCreateInstance
CLSIDFromProgID
CoTaskMemRealloc
OleLockRunning
CoUninitialize
OleRun
CLSIDFromString
StringFromGUID2
CoTaskMemAlloc
Number of PE resources by type
RT_MANIFEST 1
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
HEBREW DEFAULT 1
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
11.0

ImageVersion
0.0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
103936

EntryPoint
0x203d0

Tag0100010001000
XInternalName

OriginalFileName
SavePass 1.1.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2011

TimeStamp
2014:12:25 00:02:14+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1000.1000.1000.1000

FileDescription
SavePass 1.1 exe

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
OB

CodeSize
218624

FileSubtype
0

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 8a0a887328863e529dd8c2646fa6c6ad
SHA1 1c746c458a70de6982afbc7805f204c1de5e9fb3
SHA256 8071fa2ebbf80287f480a027d831825713c262240f0ac938e6751bf7ecfcd146
ssdeep
6144:pKNjgR3SL6FvYJ5NlOehTmgVJTupTBRViJ:pMjY1FvYJ9OeFmgVNupTv

authentihash 2521b02aaad5e3d7dcd542d6a511ad64b52cf0cbc59668cf8c74838dc450280a
imphash 90c2e077cfd1b0f9a18192ddc9fc104a
File size 309.5 KB ( 316904 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2014-12-26 08:41:39 UTC ( 2 years, 6 months ago )
Last submission 2014-12-26 08:41:39 UTC ( 2 years, 6 months ago )
File names SavePass 1.1
SavePass 1.1.exe
ed4c9519-4398-44de-bf9b-1c04e0b9cd18.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created mutexes
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.