× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9b915929ff665789f2b144a30c64f1e1ecbfca39c081fd1aa9cbd5b76ab9716b
File name: eztalks-launcher.exe
Detection ratio: 0 / 57
Analysis date: 2015-03-11 10:17:39 UTC ( 4 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware 20150311
AegisLab 20150311
Yandex 20150310
AhnLab-V3 20150310
Alibaba 20150311
ALYac 20150311
Antiy-AVL 20150311
Avast 20150311
AVG 20150311
Avira (no cloud) 20150311
AVware 20150311
Baidu-International 20150311
BitDefender 20150311
Bkav 20150310
ByteHero 20150311
CAT-QuickHeal 20150311
ClamAV 20150311
CMC 20150304
Comodo 20150311
Cyren 20150311
DrWeb 20150311
Emsisoft 20150311
ESET-NOD32 20150311
F-Prot 20150311
F-Secure 20150311
Fortinet 20150310
GData 20150311
Ikarus 20150311
Jiangmin 20150310
K7AntiVirus 20150310
K7GW 20150311
Kaspersky 20150311
Kingsoft 20150311
Malwarebytes 20150311
McAfee 20150311
McAfee-GW-Edition 20150311
Microsoft 20150311
eScan 20150311
NANO-Antivirus 20150311
Norman 20150311
nProtect 20150310
Panda 20150311
Qihoo-360 20150311
Rising 20150310
Sophos AV 20150311
SUPERAntiSpyware 20150311
Symantec 20150311
Tencent 20150311
TheHacker 20150310
TotalDefense 20150311
TrendMicro 20150311
TrendMicro-HouseCall 20150311
VBA32 20150310
VIPRE 20150311
ViRobot 20150311
Zillya 20150310
Zoner 20150311
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2014

Product EZTalks Launcher
Original name extalks-Launcher.exe
Internal name Launcher
File version 1, 0, 0, 6
Description EZTalks Launcher
Signature verification Signed file, verified signature
Signing date 9:43 AM 1/31/2015
Signers
[+] CUMeeting Inc
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 8/7/2014
Valid to 12:59 AM 8/8/2015
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 67EB06231882D1AB5FBBDF8EE81E3D211221FBA9
Serial number 4B 03 9E 56 6E BA 7F FF 5C C0 99 FA 8D 2E 20 08
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-01-31 08:42:59
Entry Point 0x00009BCA
Number of sections 5
PE sections
Overlays
MD5 c2cc98ff73133261f8bca4a6e3209b3f
File type data
Offset 104960
Size 6456
Entropy 7.31
PE imports
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegOpenKeyW
RegQueryValueExW
DeleteDC
SetBkMode
CreatePen
GetStockObject
SelectObject
SetTextColor
GetObjectW
BitBlt
CreateCompatibleDC
Rectangle
CreateToolhelp32Snapshot
GetLastError
CopyFileW
EnterCriticalSection
lstrlenA
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
GetExitCodeProcess
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
GetFileAttributesW
Process32NextW
DeleteCriticalSection
GetCurrentProcess
GetCurrentProcessId
WideCharToMultiByte
UnhandledExceptionFilter
MultiByteToWideChar
GetStartupInfoW
DeleteFileW
InterlockedCompareExchange
Process32FirstW
CreateThread
SetFilePointer
GetExitCodeThread
InterlockedExchange
SetUnhandledExceptionFilter
GetTempPathW
CloseHandle
GetSystemTimeAsFileTime
FindFirstFileW
TerminateProcess
InitializeCriticalSection
WriteFile
CreateFileW
FindClose
Sleep
MoveFileW
SetEndOfFile
GetCurrentThreadId
GetFileSize
LeaveCriticalSection
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?at@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@V?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@0ABV12@@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@V?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@0ABV12@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?_Tidy@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEX_NI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
_purecall
__wgetmainargs
malloc
?what@exception@std@@UBEPBDXZ
__p__fmode
realloc
??_U@YAPAXI@Z
_time64
__dllonexit
_controlfp_s
_CxxThrowException
_invalid_parameter_noinfo
_invoke_watson
memmove_s
isxdigit
??_V@YAXPAX@Z
_amsg_exit
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
strtol
??2@YAPAXI@Z
_lock
_onexit
_encode_pointer
_XcptFilter
exit
__setusermatherr
_ctime64
_initterm_e
__p__commode
_wcmdln
_cexit
memset
?terminate@@YAXXZ
_unlock
_adjust_fdiv
??3@YAXPAX@Z
_itoa
free
wcsstr
_except_handler4_common
_initterm
??0exception@std@@QAE@ABV01@@Z
_swprintf
_wsetlocale
??1exception@std@@UAE@XZ
wcsncpy
__CxxFrameHandler3
_decode_pointer
??0exception@std@@QAE@ABQBD@Z
memcpy
_localtime64
_configthreadlocale
??0exception@std@@QAE@XZ
_exit
_wtoi
strftime
__set_app_type
SysFreeString
SysAllocString
SHCreateDirectoryExW
SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteExW
PathFileExistsW
PathIsDirectoryW
IsNetworkAlive
LoadBitmapW
FindWindowW
KillTimer
GetMessageW
ShowWindow
IsIconic
MessageBoxW
GetWindowRect
MoveWindow
GetSystemMenu
TranslateMessage
DispatchMessageW
CreateDialogParamW
ReleaseDC
SendMessageW
GetLastActivePopup
SendDlgItemMessageW
IsWindowVisible
SetWindowTextW
GetDlgItem
EnableMenuItem
InvalidateRect
SetTimer
FlashWindow
GetClientRect
GetDesktopWindow
LoadIconW
GetDC
SetForegroundWindow
PtInRect
HttpQueryInfoW
InternetReadFile
InternetCloseHandle
InternetSetOptionW
InternetOpenUrlW
InternetOpenW
ObtainUserAgentString
Number of PE resources by type
RT_ICON 2
RT_BITMAP 2
RT_GROUP_ICON 2
RT_DIALOG 1
RT_MANIFEST 1
RT_STRING 1
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 10
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.6

UninitializedDataSize
0

LanguageCode
Unknown (0009)

FileFlagsMask
0x0017

CharacterSet
Unicode

InitializedDataSize
62976

EntryPoint
0x9bca

OriginalFileName
extalks-Launcher.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2014

FileVersion
1, 0, 0, 6

TimeStamp
2015:01:31 09:42:59+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Launcher

ProductVersion
1, 0, 0, 6

FileDescription
EZTalks Launcher

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
40960

ProductName
EZTalks Launcher

ProductVersionNumber
1.0.0.6

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 a8904e8c466934ccf8c4a1c5a3092f70
SHA1 fd68c0f0285bee9e24f5effa1a36a9f90cad16ea
SHA256 9b915929ff665789f2b144a30c64f1e1ecbfca39c081fd1aa9cbd5b76ab9716b
ssdeep
3072:oRvSKnPLTUygyiiW/yyoidORFUi3pqqIqHOTrrB:S/UysiJyoidORFUi3pqqIqoPB

authentihash efe037228cc41248ec8dec44e61523cabede7518b400a884ac109720bf25a94d
imphash f09b70702c1976e9cd6fe5c09b6d2af4
File size 108.8 KB ( 111416 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2015-03-11 10:17:39 UTC ( 4 years, 1 month ago )
Last submission 2017-07-11 17:40:08 UTC ( 1 year, 9 months ago )
File names Launcher
eztalks-launcher.exe
extalks-Launcher.exe
eztalks-launcher.exe
eztalks-launcher.exe
633290
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections