× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8bfd8682eb415e1655af459a761296e5300ca51e6d7a1ba82c6954084b8e5555
File name: 8bfd8682eb415e1655af459a761296e5300ca51e6d7a1ba82c6954084b8e5555
Detection ratio: 1 / 65
Analysis date: 2018-02-12 08:52:01 UTC ( 1 year ago ) View latest
Antivirus Result Update
Jiangmin Trojan.Clicker.as 20180212
Ad-Aware 20180212
AegisLab 20180212
AhnLab-V3 20180212
Alibaba 20180209
ALYac 20180212
Antiy-AVL 20180212
Arcabit 20180212
Avast 20180212
Avast-Mobile 20180212
AVG 20180212
Avira (no cloud) 20180212
AVware 20180210
Baidu 20180208
BitDefender 20180212
Bkav 20180209
CAT-QuickHeal 20180212
ClamAV 20180212
CMC 20180212
Comodo 20180212
CrowdStrike Falcon (ML) 20170201
Cybereason 20180205
Cylance 20180212
Cyren 20180212
DrWeb 20180212
eGambit 20180212
Emsisoft 20180212
Endgame 20171130
ESET-NOD32 20180212
F-Prot 20180212
F-Secure 20180212
Fortinet 20180212
GData 20180212
Sophos ML 20180121
K7AntiVirus 20180212
K7GW 20180212
Kaspersky 20180212
Kingsoft 20180212
Malwarebytes 20180212
MAX 20180212
McAfee 20180212
McAfee-GW-Edition 20180212
Microsoft 20180212
eScan 20180212
NANO-Antivirus 20180212
nProtect 20180212
Palo Alto Networks (Known Signatures) 20180212
Panda 20180211
Qihoo-360 20180212
Rising 20180212
SentinelOne (Static ML) 20180115
Sophos AV 20180212
SUPERAntiSpyware 20180212
Symantec 20180212
Symantec Mobile Insight 20180212
Tencent 20180212
TheHacker 20180208
TrendMicro-HouseCall 20180212
Trustlook 20180212
VBA32 20180209
VIPRE 20180212
ViRobot 20180212
Webroot 20180212
WhiteArmor 20180205
Yandex 20180210
Zillya 20180209
ZoneAlarm by Check Point 20180212
Zoner 20180212
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 11:10 PM 12/13/2017
Signers
[+] NASA Jet Propulsion Laboratory
Status Valid
Issuer DigiCert EV Code Signing CA (SHA2)
Valid from 1:00 AM 7/14/2016
Valid to 1:00 PM 7/18/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint F413BBB43B97AB224CD0608B2BD1BAC5393853A6
Serial number 0A B3 C0 85 89 B2 5C 46 07 BE 72 B6 5D EB 41 C1
[+] DigiCert EV Code Signing CA (SHA2)
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 1:00 PM 4/18/2012
Valid to 1:00 PM 4/18/2027
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 60EE3FC53D4BDFD1697AE5BEAE1CAB1C0F3AD4E3
Serial number 03 F1 B4 E1 5F 3A 82 F1 14 96 78 B3 D7 D8 47 5C
[+] DigiCert High Assurance EV Root CA
Status Valid
Issuer Baltimore CyberTrust Root
Valid from 6:58 PM 7/25/2012
Valid to 6:57 PM 7/25/2019
Valid usage All
Algorithm sha1RSA
Thumbprint 714D266A2CE469CB8A76B0AC01F3471E43BF1E22
Serial number 07 27 75 8A
[+] DigiCert Baltimore Root
Status Valid
Issuer Baltimore CyberTrust Root
Valid from 7:46 PM 5/12/2000
Valid to 12:59 AM 5/13/2025
Valid usage Server Auth, Email Protection, Client Auth, Code Signing, OCSP Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint D4DE20D05E66FC53FE1A50882C78DB2852CAE474
Serial number 02 00 00 B9
Counter signers
[+] DigiCert Timestamp Responder
Status Valid
Issuer DigiCert Assured ID CA-1
Valid from 1:00 AM 10/22/2014
Valid to 1:00 AM 10/22/2024
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 614D271D9102E30169822487FDE5DE00A352B01D
Serial number 03 01 9A 02 3A FF 58 B1 6B D6 D5 EA E6 17 F0 66
[+] DigiCert Assured ID CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2021
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing
Algorithm sha1RSA
Thumbrint 19A09B5A36F4DD99727DF783C17A51231A56C117
Serial number 06 FD F9 03 96 03 AD EA 00 0A EB 3F 27 BB BA 1B
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbrint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
Packers identified
F-PROT NSIS, appended
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-04-02 03:20:13
Entry Point 0x0000312A
Number of sections 5
PE sections
Overlays
MD5 3b548d4176f6df364306860d63292c45
File type data
Offset 119808
Size 36805240
Entropy 7.99
PE imports
RegDeleteKeyA
RegCloseKey
RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SelectObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetBkColor
DeleteObject
SetTextColor
GetLastError
ReadFile
lstrlenA
lstrcmpiA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
GetTickCount
SetFileTime
GlobalUnlock
GetModuleFileNameA
RemoveDirectoryA
GetShortPathNameA
GetCurrentProcess
LoadLibraryExA
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GlobalLock
SetFileAttributesA
GetModuleHandleA
GetTempPathA
CreateThread
GetFileAttributesA
SetFilePointer
lstrcmpA
FindFirstFileA
WriteFile
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
GetSystemDirectoryA
GetDiskFreeSpaceA
ExpandEnvironmentStringsA
GetFullPathNameA
FreeLibrary
MoveFileA
CreateProcessA
GlobalAlloc
SearchPathA
FindClose
Sleep
CreateFileA
ExitProcess
GetVersion
GetProcAddress
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
SHFileOperationA
CharPrevA
GetMessagePos
EndPaint
SystemParametersInfoA
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
GetClassInfoA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
ScreenToClient
SetDlgItemTextA
MessageBoxIndirectA
LoadImageA
GetDlgItemTextA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
FindWindowExA
DrawTextA
CreatePopupMenu
wsprintfA
DialogBoxParamA
SetClipboardData
IsWindowVisible
SendMessageA
CloseClipboard
GetClientRect
SetTimer
GetDlgItem
CreateDialogParamA
SetWindowTextA
EnableMenuItem
RegisterClassA
InvalidateRect
GetWindowLongA
SendMessageTimeoutA
CreateWindowExA
LoadCursorA
TrackPopupMenu
DestroyWindow
FillRect
ShowWindow
CharNextA
CallWindowProcA
GetSystemMenu
EmptyClipboard
EnableWindow
SetForegroundWindow
OpenClipboard
ExitWindowsEx
SetCursor
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_DIALOG 7
RT_ICON 7
RT_BITMAP 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 17
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:04:02 04:20:13+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
24576

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
164864

SubsystemVersion
4.0

EntryPoint
0x312a

OSVersion
4.0

ImageVersion
6.0

UninitializedDataSize
1024

File identification
MD5 bddfd5bbf081107320470ad6cd161ded
SHA1 5305b705c9974a10348b0ce1d3a9e0c39705ed79
SHA256 8bfd8682eb415e1655af459a761296e5300ca51e6d7a1ba82c6954084b8e5555
ssdeep
786432:J6+EF4mGO4IqunNWPVPHqRsqkahPuxo/Kx9t5Kc1V2jzQSCm:J1W4Q4zuEPVqRsHahgB9nV18jcSD

authentihash f8776a8c63a2f298170b93855f627f17017e1bfc0f1ec8a1e6c045415b5dd474
imphash b76363e9cb88bf9390860da8e50999d2
File size 35.2 MB ( 36925048 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
nsis peexe signed overlay

VirusTotal metadata
First submission 2017-12-22 10:38:25 UTC ( 1 year, 1 month ago )
Last submission 2018-06-07 05:21:30 UTC ( 8 months, 2 weeks ago )
File names NASA's Eyes.exe
NASA's Eyes.exe
temp-installer.exe
temp-installer.exe
NASA's Eyes.exe
temp-installer.exe
temp-installer.exe
temp-installer.exe
NASA's Eyes (3).exe
NASA's Eyes.exe
temp-installer.exe
NASA's Eyes.exe
NASA's Eyes.exe
NASA's Eyes.exe
temp-installer.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!