× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9c9f60a7a87e0263790305d5f64337c4fc0336d96b1a108321bb5a54b979e869
File name: demo.php2
Detection ratio: 9 / 66
Analysis date: 2018-08-27 07:15:47 UTC ( 7 months, 4 weeks ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20180827
AVG FileRepMalware 20180827
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180827
Endgame malicious (high confidence) 20180730
Sophos ML heuristic 20180717
Kaspersky UDS:DangerousObject.Multi.Generic 20180827
Qihoo-360 Win32/Trojan.99d 20180827
Rising Malware.Heuristic!ET#81% (RDM+:cmRtazreIHWzudR6exSXxLwuAgTF) 20180827
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180827
Ad-Aware 20180827
AegisLab 20180827
AhnLab-V3 20180826
ALYac 20180827
Antiy-AVL 20180827
Arcabit 20180827
Avast-Mobile 20180827
Avira (no cloud) 20180827
AVware 20180823
Babable 20180822
BitDefender 20180827
Bkav 20180824
CAT-QuickHeal 20180826
ClamAV 20180827
CMC 20180827
Comodo 20180827
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20180827
Cyren 20180827
DrWeb 20180827
eGambit 20180827
Emsisoft 20180827
ESET-NOD32 20180827
F-Prot 20180827
F-Secure 20180827
Fortinet 20180827
GData 20180827
Ikarus 20180826
Jiangmin 20180827
K7AntiVirus 20180827
K7GW 20180827
Kingsoft 20180827
Malwarebytes 20180827
MAX 20180827
McAfee 20180827
McAfee-GW-Edition 20180827
Microsoft 20180827
eScan 20180827
NANO-Antivirus 20180827
Palo Alto Networks (Known Signatures) 20180827
Panda 20180826
SentinelOne (Static ML) 20180701
Sophos AV 20180827
SUPERAntiSpyware 20180827
Symantec 20180827
Symantec Mobile Insight 20180822
TACHYON 20180827
Tencent 20180827
TheHacker 20180824
TrendMicro 20180827
TrendMicro-HouseCall 20180827
Trustlook 20180827
VBA32 20180824
VIPRE 20180827
ViRobot 20180827
Webroot 20180827
Yandex 20180824
Zoner 20180827
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
FileZilla Project

Product FileZilla
Original name FileZilla_3.5.1_win32-setup.exe
File version 3.5.1
Description FileZilla FTP Client
Signature verification A certificate was explicitly revoked by its issuer.
Signing date 8:20 PM 8/26/2018
Signers
[+] LETCROFT LIMITED
Status Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer COMODO RSA Code Signing CA
Valid from 12:00 AM 08/10/2018
Valid to 11:59 PM 08/10/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint A3FD078325D097446E77B9F27B73A24D11867B36
Serial number 30 A3 AE ED 48 68 12 FE 78 05 BF 74 F5 0B 5A C8
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 05/09/2013
Valid to 11:59 PM 05/08/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 01/19/2010
Valid to 11:59 PM 01/18/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] GlobalSign TSA for MS Authenticode - G2
Status Valid
Issuer GlobalSign Timestamping CA - G2
Valid from 12:00 AM 05/24/2016
Valid to 12:00 AM 06/24/2027
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 63B82FAB61F583909695050B00249C502933EC79
Serial number 11 21 D6 99 A7 64 97 3E F1 F8 42 7E E9 19 CC 53 41 14
[+] GlobalSign Timestamping CA - G2
Status Valid
Issuer GlobalSign Root CA
Valid from 10:00 AM 04/13/2011
Valid to 12:00 PM 01/28/2028
Valid usage All
Algorithm sha1RSA
Thumbrint C0E49D2D7D90A5CD427F02D9125694D5D6EC5B71
Serial number 04 00 00 00 00 01 2F 4E E1 52 D7
[+] GlobalSign Root CA - R1
Status Valid
Issuer GlobalSign Root CA
Valid from 12:00 PM 09/01/1998
Valid to 12:00 PM 01/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbrint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-08-26 20:20:37
Entry Point 0x00001C60
Number of sections 6
PE sections
Overlays
MD5 202883e2113a09ab629b1fbe466f32b3
File type data
Offset 221184
Size 6472
Entropy 7.46
PE imports
AddAuditAccessObjectAce
IsValidSecurityDescriptor
FreeLibrary
GetLastError
GetCurrentProcess
RaiseException
LocalAlloc
lstrlenA
LocalFree
InterlockedExchange
TerminateJobObject
lstrcpynA
LoadLibraryA
GetProcAddress
GetProcessHeap
PathIsDirectoryA
CloseClipboard
GetFocus
GetDlgItem
ChangeClipboardChain
SetParent
Number of PE resources by type
RT_DIALOG 7
RT_ICON 3
RT_MANIFEST 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 13
NEUTRAL 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
204800

ImageVersion
0.0

ProductName
FileZilla

FileVersionNumber
3.5.1.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x0000

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
12.0

FileTypeExtension
exe

OriginalFileName
FileZilla_3.5.1_win32-setup.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
3.5.1

TimeStamp
2018:08:26 20:20:37+00:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
3.5.1

FileDescription
FileZilla FTP Client

OSVersion
5.0

FileOS
Win32

LegalCopyright
FileZilla Project

MachineType
Intel 386 or later, and compatibles

CompanyName
FileZilla Project

CodeSize
20480

FileSubtype
0

ProductVersionNumber
3.5.1.0

EntryPoint
0x1c60

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 85d71633c2895afaa76e3f8b80ac3c1b
SHA1 0a4764f419a11b5bd0216d5e71fc7cf6edd652cf
SHA256 9c9f60a7a87e0263790305d5f64337c4fc0336d96b1a108321bb5a54b979e869
ssdeep
1536:iZ/rKqCxivPra2jLpGhPbpBD4MFBCiH4HOJ8+5kqRHoViG:w/rKNin+sFGhPbpBD4MF7YSPkqRHo/

authentihash 7e2a436c75890c077f612a6fedbc73c46da56f482e3875205f7f6b262bf35e64
imphash 95e0467833aab9b43f8b0858ce1c7838
File size 222.3 KB ( 227656 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.3%)
Win32 Executable (generic) (23.5%)
OS/2 Executable (generic) (10.6%)
Clipper DOS Executable (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
revoked-cert peexe signed overlay

VirusTotal metadata
First submission 2018-08-27 01:17:48 UTC ( 7 months, 4 weeks ago )
Last submission 2018-10-23 22:28:50 UTC ( 6 months ago )
File names Sample_5b837e87a0342e5a6cf5c15a.bin.rename
demo.php2
demo.exe
hLSPhzVNbD.exe
FileZilla_3.5.1_win32-setup.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs