× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8c271670dc56a1d952fbfbd4bfe6605af0dd2a898267c031ae890ff28dbd6375
File name: quickconnect.exe
Detection ratio: 3 / 37
Analysis date: 2012-07-14 13:19:22 UTC ( 6 years, 7 months ago ) View latest
Antivirus Result Update
Avast Win32:PUP-gen [PUP] 20120714
Kaspersky not-a-virus:RemoteAdmin.Win32.RMS.o 20120714
NOD32 a variant of Win32/RemoteAdmin.RemoteUtilities.A 20120714
AhnLab-V3 20120714
AntiVir 20120714
Antiy-AVL 20120712
AVG 20120714
BitDefender 20120714
CAT-QuickHeal 20120714
ClamAV 20120713
Commtouch 20120714
Comodo 20120714
Emsisoft 20120714
F-Prot 20120713
F-Secure 20120714
Fortinet 20120714
GData 20120714
Ikarus 20120714
Jiangmin 20120714
K7AntiVirus 20120714
McAfee 20120714
McAfee-GW-Edition 20120714
Microsoft 20120714
nProtect 20120714
Panda 20120714
PCTools 20120714
Rising 20120713
Sophos AV 20120714
SUPERAntiSpyware 20120714
TheHacker 20120713
TotalDefense 20120713
TrendMicro 20120714
TrendMicro-HouseCall 20120713
VBA32 20120712
VIPRE 20120714
ViRobot 20120714
VirusBuster 20120714
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2012 Usoris Systems LLC. All rights reserved.

Product Remote Utilities
Original name RUT Module
File version 5.2
Description RUT Component
Signature verification Signed file, verified signature
Signing date 5:30 PM 7/12/2012
Signers
[+] Usoris Systems LLC
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer DigiCert Assured ID Code Signing CA-1
Valid from 1:00 AM 11/24/2011
Valid to 1:00 PM 11/28/2012
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 5BA5875C00404AED2CF75B2A80DAB9E8563A9F32
Serial number 03 EE 40 D5 6B 7E 36 3E 2E EC C7 05 0C 4C 0A 7E
[+] DigiCert Assured ID Code Signing CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 PM 2/11/2011
Valid to 1:00 PM 2/10/2026
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 409AA4A74A0CDA7C0FEE6BD0BB8823D16B5F1875
Serial number 0F A8 49 06 15 D7 00 A0 BE 21 76 FD C5 EC 6D BD
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
Counter signers
[+] DigiCert Timestamp Responder
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer DigiCert Assured ID CA-1
Valid from 1:00 AM 4/4/2012
Valid to 1:00 AM 4/18/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 51AEC7BA27E71A65D36BE1125B6909EE031119AC
Serial number 03 8B 96 F0 70 D9 E2 1E 55 A5 42 67 92 E1 C8 3A
[+] DigiCert Assured ID CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2021
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing
Algorithm sha1RSA
Thumbrint 0FFCEA9938D8B0645EBDFF9580FAF94B543913E7
Serial number 0A 04 DF 21 74 5D 4D 2B 8C EA 33 72 05 00 50 E9
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbrint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
Packers identified
F-PROT 7Z
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-04-28 11:38:20
Entry Point 0x000121CF
Number of sections 4
PE sections
Overlays
MD5 9463e8fb091d626bc39d825d3732c0b3
File type data
Offset 146944
Size 6345664
Entropy 8.00
PE imports
GetDeviceCaps
GetCurrentObject
DeleteDC
CreateFontIndirectW
SelectObject
StretchBlt
GetObjectW
SetStretchBltMode
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetUserDefaultUILanguage
SetThreadLocale
GetLastError
SetCurrentDirectoryW
GetStdHandle
EnterCriticalSection
TerminateThread
lstrlenA
GetModuleFileNameW
GlobalFree
WaitForSingleObject
GetVersionExW
SetEvent
MulDiv
FindNextFileW
SystemTimeToFileTime
FindResourceExA
ExpandEnvironmentStringsW
lstrlenW
GetLocalTime
DeleteCriticalSection
GetStartupInfoA
GetSystemDefaultUILanguage
GetDriveTypeW
SizeofResource
CompareFileTime
GetDiskFreeSpaceExW
GetFileSize
LockResource
SetFileTime
GetCommandLineW
CreateThread
GetSystemDefaultLCID
MultiByteToWideChar
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
GetLocaleInfoW
SuspendThread
RemoveDirectoryW
GetModuleHandleA
lstrcpyW
SetFileAttributesW
lstrcmpiA
WideCharToMultiByte
SetEnvironmentVariableW
SetFilePointer
GetSystemDirectoryW
ReadFile
GetTempPathW
ResetEvent
GetSystemTimeAsFileTime
FindFirstFileW
GlobalMemoryStatusEx
lstrcmpW
GetModuleHandleW
LoadLibraryA
LocalFree
FormatMessageW
ResumeThread
GetFileAttributesW
CreateEventW
GetExitCodeThread
lstrcmpiW
InitializeCriticalSection
LoadResource
WriteFile
CreateFileW
GlobalAlloc
VirtualFree
FindClose
lstrcatW
Sleep
IsBadReadPtr
SetEndOfFile
CloseHandle
ExitProcess
GetProcAddress
VirtualAlloc
GetEnvironmentVariableW
SetLastError
LeaveCriticalSection
_purecall
__p__fmode
malloc
??1type_info@@UAE@XZ
memset
_wcsnicmp
__dllonexit
_controlfp
_except_handler3
??2@YAPAXI@Z
strncmp
_onexit
_wtol
exit
_XcptFilter
memcmp
__setusermatherr
__p__commode
_acmdln
_CxxThrowException
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
_adjust_fdiv
??3@YAXPAX@Z
free
__getmainargs
_initterm
memmove
memcpy
_beginthreadex
_exit
_EH_prolog
__set_app_type
OleLoadPicture
VariantClear
SysAllocString
SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW
SHGetSpecialFolderPathW
SHGetMalloc
SetFocus
GetParent
EndDialog
DrawTextW
DefWindowProcW
KillTimer
GetMessageW
ShowWindow
MessageBeep
SetWindowPos
GetClassNameA
wvsprintfW
GetSystemMetrics
SetWindowLongW
IsWindow
SendMessageW
GetWindowRect
ClientToScreen
CharUpperW
MessageBoxA
GetSystemMenu
GetWindowDC
GetWindow
GetSysColor
DispatchMessageW
CopyImage
ReleaseDC
GetMenu
GetWindowLongW
DrawIconEx
SetWindowTextW
GetDlgItem
SystemParametersInfoW
LoadImageW
GetDC
ScreenToClient
wsprintfA
SetTimer
CallWindowProcW
DialogBoxIndirectParamW
EnableWindow
GetClientRect
GetWindowTextW
EnableMenuItem
LoadIconW
GetWindowTextLengthW
CreateWindowExW
wsprintfW
GetKeyState
DestroyWindow
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
Number of PE resources by type
RT_ICON 8
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
RUSSIAN 9
ENGLISH US 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
74752

ImageVersion
0.0

ProductName
Remote Utilities

FileVersionNumber
5.2.1.0

LanguageCode
Neutral

FileFlagsMask
0x0008

FileDescription
RUT Component

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
RUT Module

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
5.2

TimeStamp
2011:04:28 12:38:20+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
5.2

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Unknown (0x50004)

LegalCopyright
Copyright 2012 Usoris Systems LLC. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Usoris Systems LLC

CodeSize
71680

FileSubtype
0

ProductVersionNumber
5.2.1.0

EntryPoint
0x121cf

ObjectFileType
Executable application

File identification
MD5 bab04de10afd27e15ae95dd79fd2de68
SHA1 39479d3af6257677e2974c52e6bdf76f765c26e9
SHA256 8c271670dc56a1d952fbfbd4bfe6605af0dd2a898267c031ae890ff28dbd6375
ssdeep
98304:rKR4W+DUH9XUq8UEpSKUksbUw3V2HCegJ8WvmGZamvKVEB9Coz7jRi21wDk+:re4LDUH9Eq8jpSDpoie+bamvKuDLRK

authentihash 6d999c489944ea65b054b3b236169cf92df0175b120c1dce2ded3514b681db43
imphash c769210c368165fcb9c03d3f832f55eb
File size 6.2 MB ( 6492608 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Generic Win/DOS Executable (50.0%)
DOS Executable Generic (49.9%)
Tags
peexe armadillo signed overlay

VirusTotal metadata
First submission 2012-07-14 13:19:22 UTC ( 6 years, 7 months ago )
Last submission 2012-07-24 07:40:35 UTC ( 6 years, 6 months ago )
File names file-4245882_exe
RUT Module
quickconnect.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Opened mutexes
Runtime DLLs
UDP communications