× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a07f453d42b8d2f3e09cd2df716e7929fd3ed763468e8f01848d2addc33263d0
File name: a07f453d42b8d2f3e09cd2df716e7929fd3ed763468e8f01848d2addc33263d0
Detection ratio: 2 / 67
Analysis date: 2017-11-19 02:46:02 UTC ( 3 weeks, 4 days ago ) View latest
Antivirus Result Update
SUPERAntiSpyware Trojan.Agent/Gen-Backdoor 20171118
Zillya Adware.BrowseFoxCRTD.Win32.7662 20171117
Ad-Aware 20171119
AegisLab 20171119
AhnLab-V3 20171118
Alibaba 20170911
ALYac 20171119
Antiy-AVL 20171119
Arcabit 20171119
Avast 20171119
Avast-Mobile 20171118
AVG 20171119
Avira (no cloud) 20171118
AVware 20171118
Baidu 20171117
BitDefender 20171119
Bkav 20171118
CAT-QuickHeal 20171118
ClamAV 20171119
CMC 20171117
Comodo 20171119
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20171119
Cyren 20171119
DrWeb 20171119
eGambit 20171119
Emsisoft 20171119
Endgame 20171024
ESET-NOD32 20171118
F-Prot 20171119
F-Secure 20171119
Fortinet 20171119
GData 20171119
Ikarus 20171118
Sophos ML 20170914
Jiangmin 20171117
K7AntiVirus 20171117
K7GW 20171119
Kaspersky 20171119
Kingsoft 20171119
MAX 20171119
McAfee 20171119
McAfee-GW-Edition 20171119
Microsoft 20171118
eScan 20171119
NANO-Antivirus 20171118
nProtect 20171119
Palo Alto Networks (Known Signatures) 20171119
Panda 20171118
Qihoo-360 20171119
Rising 20171119
SentinelOne (Static ML) 20171113
Sophos AV 20171119
Symantec 20171118
Symantec Mobile Insight 20171117
Tencent 20171119
TheHacker 20171117
TotalDefense 20171118
TrendMicro 20171118
TrendMicro-HouseCall 20171119
Trustlook 20171119
VBA32 20171117
VIPRE 20171119
ViRobot 20171118
Webroot 20171119
WhiteArmor 20171104
Yandex 20171118
ZoneAlarm by Check Point 20171119
Zoner 20171119
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Certificate out of its validity period
Signers
[+] Novel Games Limited
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer GlobalSign CodeSigning CA - G2
Valid from 11:06 AM 2/4/2014
Valid to 10:01 AM 4/23/2015
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint C8A7C519B325C371A2F0594A428A88DAFD06165F
Serial number 11 21 B2 0F 14 C8 CC 3B BD 87 9A DB 57 F7 06 E8 40 29
[+] GlobalSign CodeSigning CA - G2
Status Valid
Issuer GlobalSign Root CA
Valid from 11:00 AM 4/13/2011
Valid to 11:00 AM 4/13/2019
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 9000401777DD2B43393D7B594D2FF4CBA4516B38
Serial number 04 00 00 00 00 01 2F 4E E1 35 5C
[+] GlobalSign Root CA - R1
Status Valid
Issuer GlobalSign Root CA
Valid from 1:00 PM 9/1/1998
Valid to 1:00 PM 1/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbprint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
Packers identified
F-PROT ZIP
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-11-07 04:18:01
Entry Point 0x00001362
Number of sections 5
PE sections
Overlays
MD5 0787e172db45b051b02977a82195b554
File type application/zip
Offset 126976
Size 543480
Entropy 8.00
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryA
GetModuleFileNameW
WaitForSingleObject
GetExitCodeProcess
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
GetFileAttributesW
RtlUnwind
GetModuleFileNameA
GetCPInfo
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetStringTypeA
GetProcessHeap
GetTempFileNameW
RaiseException
CreateThread
TlsFree
SetFilePointer
ReadFile
SetUnhandledExceptionFilter
GetTempPathW
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
GetCommandLineA
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
GetOEMCP
TerminateProcess
LCMapStringA
IsValidCodePage
HeapCreate
WriteFile
CreateFileW
VirtualFree
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
ExitProcess
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
SetLastError
LeaveCriticalSection
SHFileOperationW
ShellExecuteExW
PathAppendW
GetMessageW
DispatchMessageW
TranslateMessage
Number of PE resources by type
RT_ICON 7
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 9
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2011:11:07 05:18:01+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
60928

LinkerVersion
9.0

EntryPoint
0x1362

InitializedDataSize
65024

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 c06802dc9f744a3c2004eaf2dfac17a8
SHA1 2fe3a29835d81bbd65c0e1bbb050cbfd0de05a34
SHA256 a07f453d42b8d2f3e09cd2df716e7929fd3ed763468e8f01848d2addc33263d0
ssdeep
12288:mmftwnQC6yTILEFOPNzcKuwyqJvT3YJ5K0UXsFD0SfRTzibZPaHUGB6J3Fg5QwM:DtwQCFTILE22KXyqJvbYpBjubZPabUJd

authentihash 04642282ec8e03d0e61d2a66854f8fbde7706785f51b0c82a620d9c94b624a25
imphash f3e974452807d25c2b9375c00e84e2c2
File size 654.7 KB ( 670456 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2014-02-22 19:27:16 UTC ( 3 years, 9 months ago )
Last submission 2014-02-22 19:27:16 UTC ( 3 years, 9 months ago )
File names alchemist.3.exe
a07f453d42b8d2f3e09cd2df716e7929fd3ed763468e8f01848d2addc33263d0
A07F453D42B8D2F3E09CD2DF716E7929FD3ED763468E8F01848D2ADDC33263D0
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Set keys
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections