× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 92532ba136c0c67ec4cfa69d2bd86086728bae5f6f3614f2ed2b720adce21fbd
File name: 845ced65ee8d3ada63fb940f4dfd4e51
Detection ratio: 26 / 57
Analysis date: 2016-10-05 10:18:36 UTC ( 2 years, 4 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.98533 20161005
AhnLab-V3 Backdoor/Win32.Androm.N2118059603 20161005
Arcabit Trojan.Razy.D180E5 20161005
Avast Win32:Trojan-gen 20161005
Avira (no cloud) TR/Crypt.ZPACK.kinwd 20161005
BitDefender Gen:Variant.Razy.98533 20161005
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
Emsisoft Gen:Variant.Razy.98533 (B) 20161005
ESET-NOD32 a variant of Win32/GenKryptik.FKO 20161005
F-Secure Gen:Variant.Razy.98533 20161005
Fortinet W32/Androm.FKO!tr.bdr 20161005
GData Gen:Variant.Razy.98533 20161005
Sophos ML virus.win32.sality.at 20160928
K7AntiVirus Trojan ( 004f99a51 ) 20161005
K7GW Trojan ( 004f99a51 ) 20161005
Kaspersky Backdoor.Win32.Androm.kwdi 20161005
McAfee Artemis!845CED65EE8D 20161005
McAfee-GW-Edition Artemis 20161005
eScan Gen:Variant.Razy.98533 20161005
NANO-Antivirus Trojan.Win32.ZPACK.egrcnq 20161005
Panda Trj/CI.A 20161004
Qihoo-360 HEUR/QVM10.1.0000.Malware.Gen 20161005
Rising Malware.Obscure/Heur!1.A121-t8VenbhqAvN (cloud) 20161005
Sophos AV Mal/Generic-S 20161005
Symantec Heur.AdvML.B 20161005
TrendMicro-HouseCall TROJ_GEN.R00JH0DIU16 20161005
AegisLab 20161005
Alibaba 20161003
ALYac 20160930
Antiy-AVL 20161005
AVG 20161005
AVware 20161005
Baidu 20161001
Bkav 20161004
CAT-QuickHeal 20161005
ClamAV 20161005
CMC 20161003
Comodo 20161005
Cyren 20161005
DrWeb 20161005
F-Prot 20161005
Ikarus 20161005
Jiangmin 20161005
Kingsoft 20161005
Malwarebytes 20161005
Microsoft 20161005
nProtect 20161005
SUPERAntiSpyware 20161004
Tencent 20161005
TheHacker 20161005
TotalDefense 20160920
TrendMicro 20161005
VBA32 20161004
VIPRE 20161005
ViRobot 20161005
Yandex 20161004
Zillya 20161003
Zoner 20161005
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification A certificate was explicitly revoked by its issuer.
Signing date 7:15 AM 9/28/2016
Signers
[+] INSTANT
Status Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer COMODO RSA Code Signing CA
Valid from 1:00 AM 9/19/2016
Valid to 12:59 AM 9/20/2017
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 3EAE691A0034C5CD52E0CFB2F51837C9722214CA
Serial number 50 98 3F 81 A9 AA 37 22 DE 6F 19 AF F3 B5 D3 E8
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 5/9/2013
Valid to 12:59 AM 5/9/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE?
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 1/19/2010
Valid to 12:59 AM 1/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-09-17 20:53:18
Entry Point 0x00003DF8
Number of sections 4
PE sections
Overlays
MD5 0636e9e4838a69a2037b727a5bd06fbf
File type data
Offset 344576
Size 6392
Entropy 7.40
PE imports
RegCreateKeyExW
RegEnumValueW
RegCloseKey
OpenProcessToken
RegSetValueExW
FreeSid
RegOpenKeyExW
RegEnumKeyExW
RegEnumKeyW
CheckTokenMembership
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyW
RegDeleteKeyW
RegDeleteValueW
AllocateAndInitializeSid
RegQueryValueExW
RegQueryValueW
GetFileTitleW
GetWindowExtEx
SetMapMode
TextOutW
CreateFontIndirectW
SetBkMode
GetRgnBox
SaveDC
CreateRectRgnIndirect
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
GetMapMode
SelectObject
DeleteObject
GetObjectW
SetTextColor
ExtTextOutW
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
GetViewportExtEx
PtVisible
ExtSelectClipRgn
ScaleViewportExtEx
SetViewportExtEx
SetWindowExtEx
GetTextColor
DPtoLP
Escape
SetBkColor
GetBkColor
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
ReleaseMutex
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
HeapDestroy
DebugBreak
GetFileAttributesW
lstrcmpW
GetExitCodeProcess
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
UnhandledExceptionFilter
SetErrorMode
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetFileTime
WideCharToMultiByte
GetStringTypeA
WriteFile
MoveFileA
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetEvent
LocalFree
FormatMessageW
BeginUpdateResourceW
LoadResource
GlobalHandle
OutputDebugStringW
FindClose
InterlockedDecrement
FormatMessageA
GetFullPathNameW
OutputDebugStringA
GetCurrentThread
GetEnvironmentVariableW
SetLastError
TlsGetValue
GlobalFindAtomW
UpdateResourceW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
EnumSystemLocalesA
LoadLibraryExA
EnumResourceLanguagesW
GetLogicalDriveStringsW
GetSystemDefaultLCID
LoadLibraryExW
MultiByteToWideChar
FatalAppExitA
SetFilePointerEx
GetPrivateProfileStringW
SetFilePointer
SetFileAttributesW
GlobalAddAtomW
CreateThread
SetEnvironmentVariableW
GetSystemDirectoryW
CreatePipe
GetExitCodeThread
SetUnhandledExceptionFilter
ConvertDefaultLocale
GetStartupInfoA
CreateMutexW
MulDiv
GetDateFormatA
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GetVersion
SetCurrentDirectoryW
GlobalAlloc
GetDiskFreeSpaceExW
SetEndOfFile
GetCurrentThreadId
GetProcAddress
WriteConsoleW
HeapFree
EnterCriticalSection
GetTimeZoneInformation
SetHandleCount
LoadLibraryW
EndUpdateResourceW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
CopyFileW
LeaveCriticalSection
UnlockFile
GetWindowsDirectoryW
GetFileSize
GlobalDeleteAtom
DeleteFileA
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GlobalLock
GetProcessHeap
CompareStringW
GlobalReAlloc
RemoveDirectoryW
FindNextFileW
HeapValidate
CompareStringA
FindFirstFileW
IsValidLocale
DuplicateHandle
GetUserDefaultLCID
GetTempPathW
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
InitializeCriticalSection
LocalReAlloc
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
FindResourceW
LCMapStringA
GetThreadLocale
GetVolumeInformationW
GetEnvironmentStringsW
GlobalUnlock
LockFile
lstrlenW
GetCPInfo
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetCommandLineW
GetCurrentDirectoryA
HeapSize
GetCommandLineA
WritePrivateProfileStringW
GetSystemDefaultLangID
RaiseException
TlsFree
GetModuleHandleA
ReadFile
GlobalFlags
CloseHandle
GetTimeFormatA
GetACP
GetModuleHandleW
FreeResource
GetEnvironmentStrings
CreateProcessA
IsValidCodePage
HeapCreate
FindResourceExW
VirtualQuery
VirtualFree
Sleep
VirtualAlloc
GetOEMCP
ResetEvent
PathIsUNCW
PathStripToRootW
PathAddBackslashW
PathFindExtensionW
PathFindFileNameW
GetSubMenu
GetMenuItemCount
LoadBitmapW
LoadCursorW
SetWindowTextW
LoadIconW
CreateWindowExW
RegisterClassExW
BringWindowToTop
ExitWindowsEx
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
ClosePrinter
DocumentPropertiesW
OpenPrinterW
OleUninitialize
CoTaskMemFree
CoTaskMemAlloc
StgCreateDocfileOnILockBytes
OleFlushClipboard
StgOpenStorageOnILockBytes
CLSIDFromProgID
CoRevokeClassObject
CoFreeUnusedLibraries
CoRegisterMessageFilter
OleIsCurrentClipboard
OleInitialize
CLSIDFromString
CreateILockBytesOnHGlobal
CoGetClassObject
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:09:17 21:53:18+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
97792

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
327680

SubsystemVersion
5.0

EntryPoint
0x3df8

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 845ced65ee8d3ada63fb940f4dfd4e51
SHA1 2473d673dff77adfc806224ba4b18581b309a005
SHA256 92532ba136c0c67ec4cfa69d2bd86086728bae5f6f3614f2ed2b720adce21fbd
ssdeep
6144:RA+IKq6lU3Q6+3/FfLRUxR+VavGIsF2PZFHdcJfG6:RJIKUQf/crOI227HL6

authentihash 7423a9718231f9126a2e089a5411592cccafc6ce4be1cac35899bdcfab301182
imphash ed3df7a507ece3db0941fa4d52ccfe6a
File size 342.7 KB ( 350968 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
revoked-cert peexe signed overlay

VirusTotal metadata
First submission 2016-10-05 10:18:36 UTC ( 2 years, 4 months ago )
Last submission 2016-10-05 10:18:36 UTC ( 2 years, 4 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Code injections in the following processes
Created mutexes
Runtime DLLs