× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8acfd9eece774c7d52f3c8110f991e53222f1aebcd122b210759b8f43d7b9738
File name: vcs_diamond_cnt.exe
Detection ratio: 0 / 54
Analysis date: 2015-12-10 05:49:54 UTC ( 3 years, 1 month ago )
Antivirus Result Update
Ad-Aware 20151211
AegisLab 20151211
Yandex 20151210
AhnLab-V3 20151211
Alibaba 20151208
Antiy-AVL 20151211
Arcabit 20151211
Avast 20151211
AVG 20151211
Avira (no cloud) 20151211
AVware 20151211
Baidu-International 20151211
BitDefender 20151211
Bkav 20151210
ByteHero 20151211
CAT-QuickHeal 20151209
ClamAV 20151211
CMC 20151211
Comodo 20151209
Cyren 20151211
DrWeb 20151211
Emsisoft 20151211
ESET-NOD32 20151211
F-Prot 20151211
F-Secure 20151211
Fortinet 20151211
GData 20151211
Ikarus 20151211
Jiangmin 20151210
K7AntiVirus 20151211
K7GW 20151211
Kaspersky 20151211
Malwarebytes 20151211
McAfee 20151211
McAfee-GW-Edition 20151211
Microsoft 20151211
eScan 20151211
NANO-Antivirus 20151211
nProtect 20151211
Panda 20151210
Qihoo-360 20151211
Rising 20151210
SUPERAntiSpyware 20151211
Symantec 20151210
Tencent 20151211
TheHacker 20151209
TotalDefense 20151211
TrendMicro 20151211
TrendMicro-HouseCall 20151211
VBA32 20151210
VIPRE 20151211
ViRobot 20151211
Zillya 20151211
Zoner 20151211
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
AVSOFT Corp.

Publisher AVSOFT CORP.
File version 8.2.03
Description AV VCS DIAMOND Demo
Signature verification Signed file, verified signature
Signing date 4:26 PM 8/24/2015
Signers
[+] AVSOFT CORP.
Status Valid
Issuer None
Valid from 1:00 AM 5/27/2014
Valid to 12:59 AM 7/26/2017
Valid usage Code Signing
Algorithm SHA1
Thumbprint CC6D9CC8AA08C8F94212340D329A1447D117F9F6
Serial number 27 F1 A3 59 40 CA 6E 55 85 F0 B2 5F 43 76 5D 1E
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer None
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer None
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm SHA1
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer None
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer None
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer None
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm MD5
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-08-16 18:13:16
Entry Point 0x00001000
Number of sections 3
PE sections
Overlays
MD5 9a05e706ba65a0be419be9239f699b2d
File type data
Offset 38449152
Size 6384
Entropy 7.33
PE imports
GetTempPathA
CreateProcessA
MapViewOfFile
UnmapViewOfFile
WaitForSingleObject
DeleteFileA
GetExitCodeProcess
WriteFile
CloseHandle
GetTempFileNameA
CreateFileMappingA
CreateFileA
GetCommandLineA
GetModuleFileNameA
GetShortPathNameA
wsprintfA
Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_RCDATA 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
NEUTRAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
7.1

ImageVersion
0.0

FileVersionNumber
8.2.3.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
38449152

EntryPoint
0x1000

MIMEType
application/octet-stream

TimeStamp
2007:08:16 19:13:16+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows 16-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
AVSOFT Corp.

CodeSize
1024

FileSubtype
0

ProductVersionNumber
1032.4455.0.0

Warning
Possibly corrupt Version resource

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 82a5f9fe715e28b9d7f9e2a0e4550384
SHA1 e8c85ecd95271b2f734edd690b15241b2627ade6
SHA256 8acfd9eece774c7d52f3c8110f991e53222f1aebcd122b210759b8f43d7b9738
ssdeep
786432:XOJVkoZLplIgjDKcBY60AW1DDL8AV9u73EkHM/HiLh0mdAp1C0:+JHZLHSoI98uI7hHMfcLA

authentihash 7799d73e85441261d156d5408f5e2cb539c9c2281b75bb4226b74c6c79f6bed9
imphash a604c6ea79d5ea984febff3382a81f77
File size 36.7 MB ( 38455536 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2015-08-28 12:08:14 UTC ( 3 years, 4 months ago )
Last submission 2015-10-22 22:00:51 UTC ( 3 years, 2 months ago )
File names vcs_diamond_aff.exe
8ACFD9EECE774C7D52F3C8110F991E53222F1AEBCD122B210759B8F43D7B9738
vcs_diamond_aff.exe
vcs_diamond.exe
vcs_diamond_cnt.exe
vcs_diamond (1).exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!