× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 977cedd550a0e5066971a4edb4a9c46ee12ac0e203de417a93d6fa0e2651bd9f
File name: bb6.tkn
Detection ratio: 3 / 65
Analysis date: 2018-08-15 14:17:25 UTC ( 6 months, 1 week ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20180815
Cylance Unsafe 20180815
Endgame malicious (moderate confidence) 20180730
Ad-Aware 20180815
AegisLab 20180815
AhnLab-V3 20180815
ALYac 20180815
Antiy-AVL 20180815
Arcabit 20180815
Avast 20180815
Avast-Mobile 20180815
AVG 20180815
Avira (no cloud) 20180815
AVware 20180815
Babable 20180725
BitDefender 20180815
Bkav 20180815
CAT-QuickHeal 20180814
ClamAV 20180815
CMC 20180812
Comodo 20180815
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cyren 20180815
DrWeb 20180815
eGambit 20180815
Emsisoft 20180815
ESET-NOD32 20180815
F-Prot 20180815
F-Secure 20180815
Fortinet 20180815
GData 20180815
Ikarus 20180815
Sophos ML 20180717
Jiangmin 20180815
K7AntiVirus 20180815
K7GW 20180815
Kaspersky 20180815
Kingsoft 20180815
Malwarebytes 20180815
MAX 20180815
McAfee 20180815
McAfee-GW-Edition 20180815
Microsoft 20180815
NANO-Antivirus 20180815
Palo Alto Networks (Known Signatures) 20180815
Panda 20180815
Qihoo-360 20180815
Rising 20180815
SentinelOne (Static ML) 20180701
Sophos AV 20180815
SUPERAntiSpyware 20180815
Symantec 20180815
Symantec Mobile Insight 20180814
TACHYON 20180815
Tencent 20180815
TheHacker 20180815
TrendMicro 20180815
TrendMicro-HouseCall 20180815
Trustlook 20180815
VBA32 20180815
VIPRE 20180815
ViRobot 20180815
Webroot 20180815
Yandex 20180815
ZoneAlarm by Check Point 20180815
Zoner 20180815
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2008. All rights reserved.

Product Servefeet
Original name thischange.exe
Internal name thischange.exe
File version 8, 6, 1463, 6110
Signature verification Signed file, verified signature
Signers
[+] JANNA LTD
Status Valid
Issuer COMODO RSA Code Signing CA
Valid from 1:00 AM 8/10/2018
Valid to 12:59 AM 8/11/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint E231E943A6DBDE574CB7740DF5CAB728DA525487
Serial number 00 96 5F 29 51 F9 F1 4E D9 01 C7 8E 79 CB 49 8C 47
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 5/9/2013
Valid to 12:59 AM 5/9/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 1/19/2010
Valid to 12:59 AM 1/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-08-15 10:15:07
Entry Point 0x0001F4CA
Number of sections 4
PE sections
Overlays
MD5 433aa078a543bed9e43ca75da5db530b
File type data
Offset 632320
Size 3584
Entropy 7.39
PE imports
ImageList_SetBkColor
ImageList_Remove
InitCommonControlsEx
ImageList_Destroy
ImageList_SetIconSize
SetBkMode
CreateBitmap
MoveToEx
IntersectClipRect
GetClipBox
SetBkColor
SetTextColor
StretchDIBits
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetSystemTimeAsFileTime
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetConsoleCP
SetEvent
QueryPerformanceCounter
WaitForSingleObject
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
RtlUnwind
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
GetWindowsDirectoryW
GetConsoleMode
DecodePointer
GetFileSize
FreeEnvironmentStringsW
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
GetTickCount
IsDebuggerPresent
GetProcessHeap
GetProcAddress
LeaveCriticalSection
GetStartupInfoW
SetStdHandle
GetModuleFileNameW
HeapSetInformation
RaiseException
WideCharToMultiByte
RemoveDirectoryW
TlsFree
SetFilePointer
GetSystemDirectoryW
GetDiskFreeSpaceW
FindNextFileW
SetUnhandledExceptionFilter
WriteFile
ReadFile
IsProcessorFeaturePresent
FindFirstFileW
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
GetOEMCP
GetFileType
TerminateProcess
IsValidCodePage
HeapCreate
CreateFileW
CreateProcessW
FindClose
InterlockedDecrement
Sleep
SetLastError
SetEndOfFile
TlsSetValue
CreateFileA
EncodePointer
GetCurrentThreadId
InterlockedIncrement
ExitProcess
GetCurrentProcessId
WriteConsoleW
CloseHandle
MapWindowPoints
EmptyClipboard
GetSystemMetrics
BeginPaint
GetIconInfo
IsDialogMessageW
RegisterClassExW
LoadBitmapW
ValidateRect
SetWindowTextW
SendMessageTimeoutW
SystemParametersInfoW
ScreenToClient
GetWindowTextLengthW
PostMessageW
ClientToScreen
InvalidateRect
CoUninitialize
CoInitialize
CoTaskMemAlloc
CLSIDFromString
CoCreateInstance
CoTaskMemFree
Number of PE resources by type
RT_DIALOG 11
RT_ICON 9
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 23
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
8.6.1463.6110

LanguageCode
Neutral

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
ASCII

InitializedDataSize
743424

EntryPoint
0x1f4ca

OriginalFileName
thischange.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2008. All rights reserved.

FileVersion
8, 6, 1463, 6110

TimeStamp
2012:08:15 11:15:07+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
thischange.exe

ProductVersion
8, 6, 1463, 6110

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Platys Group Minute

CodeSize
156672

ProductName
Servefeet

ProductVersionNumber
8.6.1463.6110

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 ed5b3e6f62373e8ea21c2a69bcc8ad88
SHA1 d918e352f6dff675915df00955e41dd301d6e4e3
SHA256 977cedd550a0e5066971a4edb4a9c46ee12ac0e203de417a93d6fa0e2651bd9f
ssdeep
6144:1fqCtktxSRezYAR+IVTrgc4cLiSDZMfjmP0E2cdaF6XtXk7:ArSRe8AR+I1rDLhymP0S4ga7

authentihash 61ad81e2245cf100691b0a7eeec630d3a27a493b63071dfb1381585d63c6c15c
imphash d7436b311daf5b9f50e8db2a6cb87f88
File size 621.0 KB ( 635904 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (39.9%)
Win64 Executable (generic) (35.4%)
Win32 Dynamic Link Library (generic) (8.4%)
Win32 Executable (generic) (5.7%)
Win16/32 Executable Delphi generic (2.6%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2018-08-15 14:17:25 UTC ( 6 months, 1 week ago )
Last submission 2018-08-15 14:17:25 UTC ( 6 months, 1 week ago )
File names thischange.exe
bb2.tkn
bb6.tkn
aa9.tkn
aa1.tkn
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!