× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9fa545bb7ce037af3525b7478a3f61668fd2ef9a644e0db3f14de0d2d7344dad
File name: crypted.120.exe
Detection ratio: 3 / 56
Analysis date: 2015-07-14 04:32:28 UTC ( 3 years, 10 months ago ) View latest
Antivirus Result Update
ESET-NOD32 a variant of MSIL/Injector.KRZ 20150714
Kaspersky HEUR:Trojan.Win32.Generic 20150714
Malwarebytes Trojan.Agent.qrz 20150713
Ad-Aware 20150714
AegisLab 20150713
Yandex 20150713
AhnLab-V3 20150714
Alibaba 20150714
ALYac 20150714
Antiy-AVL 20150714
Arcabit 20150714
Avast 20150714
AVG 20150714
Avira (no cloud) 20150714
AVware 20150714
Baidu-International 20150713
BitDefender 20150714
Bkav 20150713
ByteHero 20150714
CAT-QuickHeal 20150713
ClamAV 20150714
Comodo 20150713
Cyren 20150714
DrWeb 20150714
Emsisoft 20150714
F-Prot 20150714
F-Secure 20150714
Fortinet 20150714
GData 20150714
Ikarus 20150714
Jiangmin 20150713
K7AntiVirus 20150713
K7GW 20150714
Kingsoft 20150714
McAfee 20150714
McAfee-GW-Edition 20150714
Microsoft 20150714
eScan 20150714
NANO-Antivirus 20150714
nProtect 20150713
Panda 20150713
Qihoo-360 20150714
Rising 20150713
Sophos AV 20150714
SUPERAntiSpyware 20150714
Symantec 20150714
Tencent 20150714
TheHacker 20150713
TotalDefense 20150713
TrendMicro 20150714
TrendMicro-HouseCall 20150714
VBA32 20150713
VIPRE 20150714
ViRobot 20150714
Zillya 20150713
Zoner 20150714
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright

Original name BoundariesBluecollarCrunches.exe
Internal name BoundariesBluecollarCrunches.exe
File version 0.0.0.1
Description
Signature verification A certificate was explicitly revoked by its issuer.
Signing date 5:35 PM 7/10/2015
Signers
[+] Brand IT
Status This certificate or one of the certificates in the certificate chain is not time valid., Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer thawte SHA256 Code Signing CA
Valid from 1:00 AM 5/8/2015
Valid to 12:59 AM 5/8/2016
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint B3B722F698D160E18A4804D080673CB24C07EE3D
Serial number 50 4A 4A B6 A1 86 38 1D EF 8F D5 F2 D9 DC 1C 66
[+] thawte SHA256 Code Signing CA
Status Valid
Issuer thawte Primary Root CA
Valid from 1:00 AM 12/10/2013
Valid to 12:59 AM 12/10/2023
Valid usage Client Auth, Code Signing
Algorithm sha256RSA
Thumbprint D00CFDBF46C98A838BC10DC4E097AE0152C461BC
Serial number 71 A0 B7 36 95 DD B1 AF C2 3B 2B 9A 18 EE 54 CB
[+] thawte
Status Valid
Issuer thawte Primary Root CA
Valid from 1:00 AM 11/17/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 91C6D6EE3E8AC86384E548C299295C756C817B81
Serial number 34 4E D5 57 20 D5 ED EC 49 F4 2F CE 37 DB 2B 6D
Counter signers
[+] COMODO Time Stamping Signer
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 5/5/2015
Valid to 12:59 AM 1/1/2016
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint DF946A5E503015777FD22F46B5624ECD27BEE376
Serial number 00 9F EA C8 11 B0 F1 62 47 A5 FC 20 D8 05 23 AC E6
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-07-10 16:35:03
Entry Point 0x00038B3E
Number of sections 3
.NET details
Module Version ID 49c32f91-7cd8-43d1-bb05-45bc635118d6
PE sections
Overlays
MD5 20dbaa5196c6a4d3d81c5908c9fc89aa
File type data
Offset 228352
Size 3648
Entropy 7.40
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ARABIC IRAQ 1
BENGALI DEFAULT 1
SPANISH ARGENTINA 1
GUJARATI DEFAULT 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
3584

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
BoundariesBluecollarCrunches.exe

MIMEType
application/octet-stream

FileVersion
0.0.0.1

TimeStamp
2015:07:10 17:35:03+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
BoundariesBluecollarCrunches.exe

ProductVersion
0.0.0.1

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
224256

FileSubtype
0

ProductVersionNumber
0.0.0.0

EntryPoint
0x38b3e

ObjectFileType
Executable application

AssemblyVersion
0.0.0.1

File identification
MD5 587803ef6da656ee38ab93a0ea091bab
SHA1 61e8beb0ea4f52c83c5e2b17097d3237f736f016
SHA256 9fa545bb7ce037af3525b7478a3f61668fd2ef9a644e0db3f14de0d2d7344dad
ssdeep
6144:LwHzjVfttoUR9AwjkKboHRsNFoFSA2owsef:cH9zoURRg9HGNFoF2owsef

authentihash 4cd25acf84be382490f439760779b651092f9dd6a57888fd201eb7c83920a001
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 226.6 KB ( 232000 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Windows screen saver (43.3%)
Win32 Dynamic Link Library (generic) (21.7%)
Win32 Executable (generic) (14.9%)
OS/2 Executable (generic) (6.7%)
Generic Win/DOS Executable (6.6%)
Tags
revoked-cert peexe assembly signed overlay

VirusTotal metadata
First submission 2015-07-14 04:32:28 UTC ( 3 years, 10 months ago )
Last submission 2015-07-14 04:32:28 UTC ( 3 years, 10 months ago )
File names BoundariesBluecollarCrunches.exe
u0AtVwlkSN.vbs
crypted.120.exe
aa
VirusShare_587803ef6da656ee38ab93a0ea091bab
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections