× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 92ad05fed8bb10a4d6843376e86af354376ec1a2d0a71acfbd98b13dd52b8015
Detection ratio: 1 / 67
Analysis date: 2018-06-19 00:07:03 UTC ( 7 months ago )
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9686 20180615
Ad-Aware 20180618
AegisLab 20180618
AhnLab-V3 20180618
Alibaba 20180615
ALYac 20180618
Antiy-AVL 20180619
Arcabit 20180619
Avast 20180618
Avast-Mobile 20180619
AVG 20180619
Avira (no cloud) 20180619
AVware 20180618
Babable 20180406
BitDefender 20180618
Bkav 20180618
CAT-QuickHeal 20180618
CMC 20180618
Comodo 20180618
CrowdStrike Falcon (ML) 20180530
Cybereason 20180225
Cylance 20180619
Cyren 20180619
DrWeb 20180618
eGambit 20180619
Emsisoft 20180618
Endgame 20180612
ESET-NOD32 20180619
F-Prot 20180618
F-Secure 20180619
Fortinet 20180618
GData 20180618
Ikarus 20180618
Sophos ML 20180601
Jiangmin 20180618
K7AntiVirus 20180618
K7GW 20180619
Kaspersky 20180618
Kingsoft 20180619
Malwarebytes 20180618
MAX 20180619
McAfee 20180618
McAfee-GW-Edition 20180618
Microsoft 20180619
eScan 20180618
NANO-Antivirus 20180618
Palo Alto Networks (Known Signatures) 20180619
Panda 20180618
Qihoo-360 20180619
Rising 20180618
SentinelOne (Static ML) 20180618
Sophos AV 20180618
SUPERAntiSpyware 20180618
Symantec 20180618
Symantec Mobile Insight 20180614
TACHYON 20180618
Tencent 20180619
TheHacker 20180613
TotalDefense 20180618
TrendMicro 20180618
TrendMicro-HouseCall 20180618
Trustlook 20180619
VBA32 20180618
VIPRE 20180619
ViRobot 20180618
Webroot 20180619
Yandex 20180618
Zillya 20180618
ZoneAlarm by Check Point 20180618
Zoner 20180619
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright 2012 Last.fm Ltd. ©

Product Last.fm Scrobbler
File version 2.1.36
Description Last.fm Installer
Comments This installation was built with Inno Setup.
Signature verification Certificate out of its validity period
Signers
[+] Last.fm Ltd
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 9/17/2010
Valid to 12:59 AM 9/18/2015
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 6400EEA71931A5B9EB9F4CA0DE5EC5DC74196062
Serial number 00 E8 54 10 E7 DB 16 63 45 D8 E4 09 14 59 AD EA 5B
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbprint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
Packers identified
F-PROT INNO, appended, UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00009B60
Number of sections 8
PE sections
Overlays
MD5 723d76692c6977457853cf611a7022aa
File type data
Offset 95232
Size 14820984
Entropy 8.00
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
CreateDirectoryA
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetLocaleInfoA
LocalAlloc
LockResource
IsDBCSLeadByte
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
CloseHandle
GetACP
GetFullPathNameA
LocalFree
CreateProcessA
GetModuleFileNameA
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
FindResourceA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 5
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 8
NEUTRAL 7
PE resources
ExifTool file metadata
FileDescription
Last.fm Installer

Comments
This installation was built with Inno Setup.

InitializedDataSize
56320

ImageVersion
6.0

ProductName
Last.fm Scrobbler

FileVersionNumber
2.1.36.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
2.25

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.1.36

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
2.1.36

SubsystemVersion
4.0

OSVersion
1.0

FileOS
Win32

LegalCopyright
Copyright 2012 Last.fm Ltd.

MachineType
Intel 386 or later, and compatibles

CompanyName
Last.fm

CodeSize
37888

FileSubtype
0

ProductVersionNumber
2.1.36.0

EntryPoint
0x9b60

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Compressed bundles
File identification
MD5 2210ff884b45d230d436560acf9c71eb
SHA1 8735aaa2651a3af9ff3e4f68cca1d0cd4ab658d9
SHA256 92ad05fed8bb10a4d6843376e86af354376ec1a2d0a71acfbd98b13dd52b8015
ssdeep
393216:iEhUjs8iVlQQ70yR/V4sOuDWFMhzkvf8oc1uxBZCFAs4F+la8F+Rm:3ws8mlQS9RfDcMfo06Xdsy+la89

authentihash 65f46a6a726ecd087920f12080a0e634c28a458a23074857a0dac5e82d07b435
imphash 884310b1928934402ea6fec1dbd3cf5e
File size 14.2 MB ( 14916216 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (76.6%)
Win32 Executable Delphi generic (9.9%)
Win32 Dynamic Link Library (generic) (4.5%)
Win32 Executable (generic) (3.1%)
Win16/32 Executable Delphi generic (1.4%)
Tags
peexe signed upx overlay

VirusTotal metadata
First submission 2013-09-03 15:55:59 UTC ( 5 years, 4 months ago )
Last submission 2018-02-16 19:43:07 UTC ( 11 months ago )
File names Last-1.fm-2.1.36.exe
Last.fm-2.1.36.exe
last.fm-2.1.36.exe
Last.fm-2.1.36.exe
HTTP-FWQf4S3rzj2NbX5M3e.exe
800-Last.fm-2.1.36.exe
Last.fm-2.1.36 (1).exe
LFMScrobbler213620170630-3460-5w4pws.exe
Last.fm-2.1.36.exe
installer.exe
myfile
Last.fm-2.1.36(1).exe
516025
Last.fm-2.1.36.exe
Last.fm-2.1.36.exe
file-6318161_exe
Last.fm-2.1.36.exe
Installer.exe
q422vitfdi5pt7z6j5umzioqzvflmwgz.exe
Last.fm-2.1.36.exe
Lastfm-Scrobbler2136.exe
Last.fm-2.1.36(1).exe
Last.fm-2.1.36.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!