× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 874b030956eac249182b3b4171341c9276b60060c6fe0eee38910648fd8bf4d9
File name: output.114298225.txt
Detection ratio: 43 / 67
Analysis date: 2018-11-11 20:59:05 UTC ( 22 hours, 49 minutes ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40641441 20181111
AhnLab-V3 Trojan/Win32.Kryptik.R240790 20181111
ALYac Spyware.Ursnif 20181111
Antiy-AVL Trojan/Win32.Kryptik 20181111
Arcabit Trojan.Generic.D26C23A1 20181111
Avast Win32:DangerousSig [Trj] 20181111
AVG Win32:DangerousSig [Trj] 20181111
BitDefender Trojan.GenericKD.40641441 20181111
CAT-QuickHeal Trojan.Skeeyah 20181111
CrowdStrike Falcon (ML) malicious_confidence_60% (W) 20181022
Cyren W32/Trojan.QGJH-4446 20181111
DrWeb Trojan.Gozi.316 20181111
Emsisoft Trojan-Spy.Ursnif (A) 20181111
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GJJQ 20181111
F-Secure Trojan.GenericKD.40641441 20181111
Fortinet W32/GenKryptik.CGQP!tr 20181111
GData Trojan.GenericKD.40641441 20181111
Ikarus Trojan.Win32.Krypt 20181111
Sophos ML heuristic 20181108
K7AntiVirus Trojan ( 0053b2bc1 ) 20181111
K7GW Trojan ( 0053b2bc1 ) 20181109
Kaspersky Trojan-Spy.Win32.Agent.jqkh 20181111
Malwarebytes Trojan.MalPack.ADB 20181111
McAfee Emotet-FHW!3E31DB27D1D7 20181111
McAfee-GW-Edition Emotet-FHW!3E31DB27D1D7 20181111
Microsoft Trojan:Win32/Skeeyah.A!rfn 20181111
eScan Trojan.GenericKD.40641441 20181111
NANO-Antivirus Trojan.Win32.Gozi.fjsycv 20181111
Panda Trj/CI.A 20181111
Qihoo-360 Win32/Trojan.Spy.dff 20181111
Sophos AV Mal/Generic-S 20181111
Symantec Trojan Horse 20181111
Tencent Win32.Trojan-spy.Agent.Llhh 20181111
TrendMicro TROJ_FRS.VSN0FH18 20181111
TrendMicro-HouseCall TROJ_FRS.VSN0FH18 20181111
VBA32 TrojanSpy.Agent 20181109
VIPRE Trojan.Win32.Generic!BT 20181111
ViRobot Trojan.Win32.Z.Agent.402624 20181111
Webroot W32.Trojan.Gen 20181111
Yandex TrojanSpy.Agent!0xvaEufwuaI 20181109
Zillya Trojan.Agent.Win32.975372 20181109
ZoneAlarm by Check Point Trojan-Spy.Win32.Agent.jqkh 20181111
AegisLab 20181111
Alibaba 20180921
Avast-Mobile 20181111
Avira (no cloud) 20181111
Babable 20180918
Baidu 20181109
Bkav 20181110
ClamAV 20181111
CMC 20181111
Cybereason 20180225
Cylance 20181111
F-Prot 20181111
Jiangmin 20181111
Kingsoft 20181111
MAX 20181111
Palo Alto Networks (Known Signatures) 20181111
Rising 20181111
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181107
Symantec Mobile Insight 20181108
TACHYON 20181111
TheHacker 20181108
TotalDefense 20181111
Trustlook 20181111
Zoner 20181111
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© Microsoft Co

Product wfw wf
Original name wfw.fwf
Internal name Soft
File version 11.00.9600.16428 (wr2_df.121013
Description XSFt4y gewKJIo
Signature verification A certificate was explicitly revoked by its issuer.
Signing date 10:11 PM 7/29/2018
Signers
[+] LOKALIX LIMITED
Status Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer COMODO RSA Code Signing CA
Valid from 1:00 AM 7/12/2018
Valid to 12:59 AM 7/13/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 1737D4616252AC21C6E9F9DA2C062A3B5301D569
Serial number 00 B5 2F C0 0F F7 D3 3B 4E C4 11 3F B9 CA A4 E3 95
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 5/9/2013
Valid to 12:59 AM 5/9/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 1/19/2010
Valid to 12:59 AM 1/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] COMODO SHA-1 Time Stamping Signer
Status Valid
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 12/31/2015
Valid to 7:40 PM 7/9/2019
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 03A5B14663EB12023091B84A6D6A68BC871DE66B
Serial number 16 88 F0 39 25 5E 63 8E 69 14 39 07 E6 33 0B
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-07-29 21:11:56
Entry Point 0x00004308
Number of sections 5
PE sections
Overlays
MD5 8319328b4da972c7987aa4e4946f8b25
File type data
Offset 397312
Size 5312
Entropy 7.44
PE imports
ClusterRegCloseKey
CertGetCRLContextProperty
LocaleNameToLCID
FreeLibrary
GetLastError
RaiseException
GetProcessShutdownParameters
LocalAlloc
IsSystemResumeAutomatic
LocalFree
InterlockedExchange
CreateTimerQueue
LoadLibraryA
GetProcAddress
GetFileSize
GetPrivateProfileStructW
MprAdminPortDisconnect
SetupGetBackupInformationW
PathUnExpandEnvStringsA
LoadCursorA
WSAIsBlocking
Number of PE resources by type
RT_ICON 5
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 8
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
XSFt4y gewKJIo

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
376832

EntryPoint
0x4308

OriginalFileName
wfw.fwf

MIMEType
application/octet-stream

LegalCopyright
Microsoft Co

FileVersion
11.00.9600.16428 (wr2_df.121013

TimeStamp
2018:07:29 22:11:56+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Soft

ProductVersion
11.00.9600.16

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
FEf4 ef dgdsger

CodeSize
24576

ProductName
wfw wf

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 3e31db27d1d789d1ce5307de2ace46b4
SHA1 4c116447a6088295fc9c3f830b0b6a2b106bd8f3
SHA256 874b030956eac249182b3b4171341c9276b60060c6fe0eee38910648fd8bf4d9
ssdeep
3072:pRmA2ivn2EVvAeoDK3uX8Ky/1craETK0/SryFoWiYc+/vcbef50JUaRKV/1aDVn4:PVpLvKK33f/1crpbP

authentihash 78472601d111d4732fb316e53c4a8efec947d7ce8fe62f97934a6e948792bab1
imphash 656dc224660e93910ad250914dd447a5
File size 393.2 KB ( 402624 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
revoked-cert peexe signed overlay

VirusTotal metadata
First submission 2018-07-30 05:17:42 UTC ( 3 months, 2 weeks ago )
Last submission 2018-11-11 20:59:05 UTC ( 22 hours, 49 minutes ago )
File names wfw.fwf
run.exe
874b030956eac249182b3b4171341c9276b60060c6fe0eee38910648fd8bf4d9_run.exe
output.114298225.txt
Soft
run.exe
run.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!