× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 96205faf89702d2576ecf0d6057cf32b81d47ceaa851fc67378d548bf456a849
File name: f861696054f87bf501389bc71c5b7aa1.virus
Detection ratio: 45 / 68
Analysis date: 2018-06-25 20:34:32 UTC ( 2 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Strictor.163942 20180625
AhnLab-V3 PUP/Win32.Helper.R228406 20180625
ALYac Gen:Variant.Strictor.163942 20180625
Antiy-AVL Trojan/Win32.TSGeneric 20180625
Avast Win32:Adware-gen [Adw] 20180625
AVG Win32:Adware-gen [Adw] 20180625
Avira (no cloud) HEUR/AGEN.1017878 20180625
AVware Trojan.Win32.Generic!BT 20180625
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9982 20180625
BitDefender Gen:Variant.Strictor.163942 20180625
CAT-QuickHeal Trojan.Spigot 20180625
Comodo ApplicUnwnt 20180625
CrowdStrike Falcon (ML) malicious_confidence_70% (D) 20180530
Cyren W32/Trojan.JXMB-1481 20180625
DrWeb Adware.Spigot.139 20180625
Emsisoft Application.Toolbar (A) 20180625
Endgame malicious (high confidence) 20180612
ESET-NOD32 a variant of Win32/Adware.BrowserIO.D 20180625
F-Secure Gen:Variant.Johnnie.99111 20180625
Fortinet Riskware/BrowserIO 20180625
GData Gen:Variant.Strictor.163942 20180625
Ikarus AdWare.Spigot 20180625
Sophos ML heuristic 20180601
K7AntiVirus Adware ( 0052f35f1 ) 20180625
K7GW Adware ( 0052f35f1 ) 20180625
Kaspersky HEUR:Trojan-Ransom.Win32.Agent.gen 20180625
Malwarebytes Adware.Spigot 20180625
MAX malware (ai score=89) 20180625
McAfee Artemis!C981CB2164E7 20180625
McAfee-GW-Edition BehavesLike.Win32.Spigot.tc 20180625
Microsoft PUA:Win32/Spigot 20180625
eScan Gen:Variant.Strictor.163942 20180625
NANO-Antivirus Riskware.Win32.Spigot.fambeq 20180625
Panda PUP/BrowserIO 20180625
Rising Ransom.Agent!8.6B7 (CLOUD) 20180625
Sophos AV Generic PUA JK (PUA) 20180625
Symantec SMG.Heur!gen 20180625
Tencent Win32.Trojan.Agent.Ednd 20180625
TrendMicro Ransom_Agent.R004C0OFP18 20180625
TrendMicro-HouseCall Ransom_Agent.R004C0OFP18 20180625
VBA32 Adware.Spigot 20180625
VIPRE Trojan.Win32.Generic!BT 20180625
Yandex PUA.Spigot! 20180625
Zillya Trojan.Agent.Win32.892884 20180625
ZoneAlarm by Check Point HEUR:Trojan-Ransom.Win32.Agent.gen 20180625
AegisLab 20180625
Alibaba 20180625
Arcabit 20180625
Avast-Mobile 20180625
Babable 20180406
Bkav 20180625
ClamAV 20180625
CMC 20180625
Cybereason 20180225
Cylance 20180625
eGambit 20180625
F-Prot 20180625
Jiangmin 20180625
Kingsoft 20180625
Palo Alto Networks (Known Signatures) 20180625
Qihoo-360 20180625
SentinelOne (Static ML) 20180618
SUPERAntiSpyware 20180625
Symantec Mobile Insight 20180625
TACHYON 20180625
TheHacker 20180624
TotalDefense 20180625
Trustlook 20180625
ViRobot 20180625
Webroot 20180625
Zoner 20180625
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
File version 2.11.0.1
Signature verification Signed file, verified signature
Signers
[+] Architecture Software
Status Valid
Issuer GlobalSign CodeSigning CA - SHA256 - G3
Valid from 6:33 PM 5/26/2017
Valid to 8:34 PM 7/16/2018
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint BF5B8DD65FAD47324A36D42A8369F5C26E252A6D
Serial number 44 49 84 EB 75 6C A9 CA A0 A8 2F C3
[+] GlobalSign CodeSigning CA - SHA256 - G3
Status Valid
Issuer GlobalSign
Valid from 1:00 AM 6/15/2016
Valid to 1:00 AM 6/15/2024
Valid usage Code Signing, OCSP Signing
Algorithm sha256RSA
Thumbprint 090D03435EB2A8364F79B78CB173D35E8EB63558
Serial number 48 1B 6A 07 26 D2 E8 3F 26 02 D4 82 5A CD
[+] GlobalSign Root CA - R3
Status Valid
Issuer GlobalSign
Valid from 11:00 AM 3/18/2009
Valid to 11:00 AM 3/18/2029
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha256RSA
Thumbprint D69B561148F01C77C54578C10926DF5B856976AD
Serial number 04 00 00 00 00 01 21 58 53 08 A2
Packers identified
F-PROT NSIS
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-07-25 00:55:51
Entry Point 0x000033B6
Number of sections 5
PE sections
Overlays
MD5 7ff6b68a775f0af5f8c8e8d081348d9b
File type data
Offset 92160
Size 1070656
Entropy 8.00
PE imports
RegCreateKeyExW
RegEnumValueW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueExW
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
CreateFontIndirectW
SelectObject
CreateBrushIndirect
SetBkMode
SetBkColor
DeleteObject
SetTextColor
SetFilePointer
GetLastError
CopyFileW
GetShortPathNameW
lstrlenA
GetModuleFileNameW
GlobalFree
WaitForSingleObject
GetExitCodeProcess
ExitProcess
GlobalUnlock
GetFileAttributesW
lstrcmpiW
GetCurrentProcess
CompareFileTime
GetWindowsDirectoryW
GetFileSize
SetFileTime
GetCommandLineW
WideCharToMultiByte
SetErrorMode
MultiByteToWideChar
lstrlenW
CreateDirectoryW
DeleteFileW
GlobalLock
ReadFile
lstrcpyA
GetPrivateProfileStringW
WritePrivateProfileStringW
GetTempFileNameW
lstrcpynW
RemoveDirectoryW
ExpandEnvironmentStringsW
lstrcpyW
GetFullPathNameW
lstrcmpiA
CreateThread
SetEnvironmentVariableW
MoveFileExW
GetModuleHandleA
GetSystemDirectoryW
GetDiskFreeSpaceW
FindNextFileW
GetTempPathW
CloseHandle
FindFirstFileW
lstrcmpW
GetModuleHandleW
lstrcatW
FreeLibrary
SearchPathW
SetCurrentDirectoryW
WriteFile
CreateFileW
GlobalAlloc
CreateProcessW
FindClose
Sleep
MoveFileW
SetFileAttributesW
GetTickCount
GetVersion
GetProcAddress
LoadLibraryExW
MulDiv
SHBrowseForFolderW
SHFileOperationW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFileInfoW
EmptyClipboard
GetMessagePos
EndPaint
EndDialog
LoadBitmapW
SetClassLongW
DefWindowProcW
CharPrevW
PostQuitMessage
ShowWindow
SetWindowPos
SendMessageTimeoutW
GetSystemMetrics
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
EnableWindow
SetWindowTextW
DialogBoxParamW
AppendMenuW
IsWindowEnabled
GetDlgItemTextW
MessageBoxIndirectW
GetSysColor
CheckDlgButton
DispatchMessageW
CreateWindowExW
CreateDialogParamW
ReleaseDC
BeginPaint
CreatePopupMenu
SendMessageW
SetClipboardData
GetWindowLongW
FindWindowExW
IsWindowVisible
DestroyWindow
GetClientRect
SetTimer
GetDlgItem
SetForegroundWindow
SystemParametersInfoW
LoadImageW
EnableMenuItem
ScreenToClient
InvalidateRect
wsprintfA
CharNextW
CallWindowProcW
TrackPopupMenu
RegisterClassW
FillRect
CharNextA
SetDlgItemTextW
LoadCursorW
GetSystemMenu
GetClassInfoW
GetDC
wsprintfW
CloseClipboard
DrawTextW
SetCursor
ExitWindowsEx
OpenClipboard
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_ICON 7
RT_DIALOG 3
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 13
PE resources
ExifTool file metadata
UninitializedDataSize
2048

LinkerVersion
6.0

ImageVersion
6.0

FileVersionNumber
2.11.0.1

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
ASCII

InitializedDataSize
141824

EntryPoint
0x33b6

MIMEType
application/octet-stream

FileVersion
2.11.0.1

TimeStamp
2016:07:25 01:55:51+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
2.11.0.1

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
25088

FileSubtype
0

ProductVersionNumber
2.11.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 f861696054f87bf501389bc71c5b7aa1
SHA1 7d07538f21423b082055892fcb12e50c15e4a103
SHA256 96205faf89702d2576ecf0d6057cf32b81d47ceaa851fc67378d548bf456a849
ssdeep
24576:RdtRKR7yXFNlMcc7xWzyXe0nyrFPZM7ZNe+d+8/zUX0rSbKnvW5ia7:fy70F0vNXfn+FSlPc4SkvWX7

authentihash 65401384b4309f286f94d8dd56c009682834b59a7e03e7408f5d10bdaca7811b
imphash 4ea4df5d94204fc550be1874e1b77ea7
File size 1.1 MB ( 1162816 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
nsis peexe signed overlay

VirusTotal metadata
First submission 2018-06-25 20:34:32 UTC ( 2 months, 3 weeks ago )
Last submission 2018-06-25 20:34:32 UTC ( 2 months, 3 weeks ago )
File names f861696054f87bf501389bc71c5b7aa1.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!