× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8ecbca0de44c82d1c7ffced288aa68c1247bb1255693cd1c5747fb6cef394b43
File name: dce3e33eb294f0a7688be5bea6b7e9d4_dce3e33eb294f0a7688be5bea6b7e9d4...
Detection ratio: 37 / 54
Analysis date: 2015-10-26 17:29:10 UTC ( 3 months, 2 weeks ago )
Antivirus Result Update
AVG Crypt_s.BIX 20151026
AVware Trojan.Win32.ZAccess.ma (v) 20151026
AhnLab-V3 Win-Trojan/Fareit.147048 20151026
Antiy-AVL Trojan[PSW]/Win32.Tepfer 20151026
Avast Win32:Fareit-HE [Trj] 20151026
Avira TR/PSW.Fareit.jjklr 20151026
Baidu-International Trojan.Win32.Fareit.A 20151026
BitDefender Gen:Variant.Kazy.220257 20151026
ClamAV Win.Trojan.Agent-401522 20151026
Comodo TrojWare.Win32.PSW.Tepfer.OPSIG 20151026
Cyren W32/Trojan.JRLM-8847 20151026
DrWeb Trojan.PWS.Stealer.1932 20151026
ESET-NOD32 Win32/PSW.Fareit.A 20151026
Emsisoft Gen:Variant.Kazy.220257 (B) 20151026
F-Prot W32/Trojan3.FLX 20151026
Fortinet W32/Lockscreen.LOA!tr 20151026
GData Gen:Variant.Kazy.220257 20151026
Ikarus Trojan.Win32.Reveton 20151026
Jiangmin Trojan/Generic.bjzuz 20151026
K7AntiVirus Trojan ( 0049f0ff1 ) 20151026
K7GW Trojan ( 0049f0ff1 ) 20151026
Kaspersky HEUR:Trojan.Win32.Generic 20151026
Malwarebytes Trojan.Downloader 20151026
McAfee ZeroAccess-FABY!DCE3E33EB294 20151026
McAfee-GW-Edition ZeroAccess-FABY!DCE3E33EB294 20151026
Microsoft Trojan:Win32/Bulta!rfn 20151026
NANO-Antivirus Trojan.Win32.Stealer.crtrls 20151026
Panda Trj/Genetic.gen 20151026
Rising PE:Trojan.Win32.Generic.15236C19!354642969 [F] 20151026
Sophos Mal/EncPk-AIT 20151026
Symantec Downloader.Ponik 20151026
Tencent Trojan.Win32.YY.Gen.4 20151026
TotalDefense Win32/Tnega.bUNEWWC 20151026
TrendMicro TSPY_FAREIT.ACU 20151026
TrendMicro-HouseCall TSPY_FAREIT.ACU 20151026
VBA32 BScope.Malware-Cryptor.Ponik 20151026
VIPRE Trojan.Win32.ZAccess.ma (v) 20151026
ALYac 20151026
AegisLab 20151026
Agnitum 20151026
Alibaba 20151026
Arcabit 20151026
Bkav 20151026
ByteHero 20151026
CAT-QuickHeal 20151026
CMC 20151026
F-Secure 20151026
MicroWorld-eScan 20151026
SUPERAntiSpyware 20151026
TheHacker 20151026
ViRobot 20151026
Zillya 20151026
Zoner 20151026
nProtect 20151026
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Publisher Opera Software ASA
Signature verification Certificate out of its validity period
Signers
[+] Opera Software ASA
Status Certificate out of its validity period
Valid from 1:00 AM 1/27/2010
Valid to 12:59 AM 1/29/2013
Valid usage Code Signing
Algorithm SHA1
Thumbprint 48F370008C8739B7A96E8EE4A3DCC2C78E9B20AF
Serial number 13 C8 35 1A EC E7 1C 73 11 58 98 0F 57 5F 41 33
[+] VeriSign Class 3 Code Signing 2009-2 CA
Status Valid
Valid from 1:00 AM 5/21/2009
Valid to 12:59 AM 5/21/2019
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbprint 12D4872BC3EF019E7E0B6F132480AE29DB5B1CA3
Serial number 65 52 26 E1 B2 2E 18 E1 59 0F 29 85 AC 22 E7 5C
[+] VeriSign Class 3 Public Primary CA
Status Valid
Valid from 1:00 AM 1/29/1996
Valid to 12:59 AM 8/2/2028
Valid usage Email Protection, Client Auth, Code Signing, Server Auth
Algorithm MD2
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-06-19 03:06:58
Link date 4:06 AM 6/19/2013
Entry Point 0x00002670
Number of sections 6
PE sections
Overlays
MD5 7598854501e1391594deb35d35839889
File type data
Offset 143872
Size 3176
Entropy 7.09
PE imports
DeleteEnhMetaFile
GetStockObject
VirtualAllocEx
GetProcAddress
LoadLibraryW
GetStartupInfoW
GetMessageA
LoadCursorA
LoadIconA
UpdateWindow
DispatchMessageA
EndPaint
BeginPaint
LoadCursorW
DefWindowProcA
GetClientRect
LoadIconW
TranslateMessage
PostQuitMessage
ShowWindow
RegisterClassExA
Number of PE resources by type
RT_ICON 14
RT_GROUP_ICON 2
RT_VERSION 1
Number of PE resources by language
ENGLISH US 17
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
2.5

ImageVersion
0.0

FileVersionNumber
5.1.2600.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
ASCII

InitializedDataSize
135680

EntryPoint
0x2670

MIMEType
application/octet-stream

TimeStamp
2013:06:19 04:06:58+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Hilgraeve, Inc.

CodeSize
7168

FileSubtype
0

ProductVersionNumber
5.1.2600.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 dce3e33eb294f0a7688be5bea6b7e9d4
SHA1 ea9baaa903b2993dd303692366ccfb5294f4ec27
SHA256 8ecbca0de44c82d1c7ffced288aa68c1247bb1255693cd1c5747fb6cef394b43
ssdeep
3072:QWiHHLMb1RKZP7S2jbxWGq0S2jbxWGqOg:0HobOR7SbGq0SbGqOg

authentihash 2e9cf269398359032e817f314a2360ba21bb3f17743cee8cee0643cd3247fbec
imphash 65043d6fd663d012efbb351d4bf49e36
File size 143.6 KB ( 147048 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ 4.x (88.6%)
Win32 Dynamic Link Library (generic) (4.3%)
Win32 Executable (generic) (2.9%)
Win16/32 Executable Delphi generic (1.3%)
Generic Win/DOS Executable (1.3%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2013-06-19 11:08:20 UTC ( 2 years, 7 months ago )
Last submission 2013-07-17 09:46:34 UTC ( 2 years, 6 months ago )
File names dce3e33eb294f0a7688be5bea6b7e9d4_dce3e33eb294f0a7688be5bea6b7e9d4.def.exe
DCE3E33EB294F0A7688BE5BEA6B7E9D4.exe
vti-rescan
dddd
DE53E929.EXE
file-5668185_
Opera-12.15-1748.i386.autoupdate.exe__
b9be3fe9d76660c60213a3b341e5618ffd53867a
8ecbca0de44c82d1c7ffced288aa68c1247bb1255693cd1c5747fb6cef394b43
dce3e33eb294f0a7688be5bea6b7e9d4
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/doc/pua.html .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!