× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a0bd16cf1df2ee211cf6232845b0a109dc2cb26dcaf06e67d40a6e78eda38be5
File name: YandexInstall.exe
Detection ratio: 5 / 56
Analysis date: 2015-08-23 08:56:30 UTC ( 3 years, 8 months ago ) View latest
Antivirus Result Update
Antiy-AVL Trojan[Spy]/Win32.Ardamax 20150823
CAT-QuickHeal TrojanSpy.Ardamax.r5 20150822
CMC Trojan-Spy.Win32.Ardamax!O 20150819
DrWeb Trojan.PWS.Panda.4133 20150823
Jiangmin TrojanSpy.Ardamax.cps 20150820
Ad-Aware 20150823
AegisLab 20150823
Yandex 20150822
AhnLab-V3 20150822
Alibaba 20150821
ALYac 20150823
Arcabit 20150823
Avast 20150823
AVG 20150823
Avira (no cloud) 20150822
AVware 20150823
Baidu-International 20150823
BitDefender 20150823
Bkav 20150822
ByteHero 20150823
ClamAV 20150823
Comodo 20150823
Cyren 20150823
Emsisoft 20150823
ESET-NOD32 20150823
F-Prot 20150823
F-Secure 20150821
Fortinet 20150823
GData 20150823
Ikarus 20150823
K7AntiVirus 20150823
K7GW 20150823
Kaspersky 20150823
Kingsoft 20150823
Malwarebytes 20150823
McAfee 20150823
McAfee-GW-Edition 20150822
Microsoft 20150823
eScan 20150823
NANO-Antivirus 20150823
nProtect 20150822
Panda 20150823
Qihoo-360 20150823
Rising 20150822
Sophos AV 20150823
SUPERAntiSpyware 20150822
Symantec 20150822
Tencent 20150823
TheHacker 20150820
TrendMicro 20150823
TrendMicro-HouseCall 20150823
VBA32 20150822
VIPRE 20150823
ViRobot 20150823
Zillya 20150823
Zoner 20150823
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 6:39 AM 6/18/2014
Signers
[+] LENOVO
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 3/3/2014
Valid to 12:59 AM 3/3/2017
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 48E024A64DD2DD7C3A121BC03B0192D0724C148F
Serial number 51 B8 04 3B 2D ED 31 42 A7 C3 8F 95 BC D7 65 F0
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-06-18 03:12:06
Entry Point 0x00001286
Number of sections 5
PE sections
Overlays
MD5 f9abd64a28d5d9e6be0725fdc990fb62
File type data
Offset 181248
Size 7664
Entropy 7.30
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
WaitForSingleObject
GetExitCodeProcess
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
RtlUnwind
IsProcessorFeaturePresent
HeapAlloc
HeapSetInformation
GetCurrentProcess
GetStringTypeW
GetCurrentProcessId
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetProcAddress
HeapSize
CompareStringW
WideCharToMultiByte
GetFileAttributesA
TlsFree
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
LoadLibraryW
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
SetEnvironmentVariableA
GetOEMCP
TerminateProcess
CreateProcessA
IsValidCodePage
HeapCreate
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
EncodePointer
GetCurrentThreadId
LeaveCriticalSection
SetLastError
InterlockedIncrement
Number of PE resources by type
RT_ICON 7
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
CHINESE SIMPLIFIED 8
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:06:18 04:12:06+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
26112

LinkerVersion
10.0

FileTypeExtension
exe

InitializedDataSize
154112

SubsystemVersion
5.1

EntryPoint
0x1286

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 6d5848e4c8ea2d2fad657c8eaccf5c36
SHA1 d1f87e5a065984eb1d03c6099614d9047ffdbd7b
SHA256 a0bd16cf1df2ee211cf6232845b0a109dc2cb26dcaf06e67d40a6e78eda38be5
ssdeep
3072:WcP7zHJWfWpK/Vz/8r8nBG03B7zNo8C9eTNTYDYH7jXpG:Wcz9Wl1/0xY9RTHHo

authentihash 893888c9535b4d7b98c65db045e26913f618a5cc68aee6f62cfb7fce79a4cc1c
imphash 28321d8bd735b63c29c22947ac4e6b0c
File size 184.5 KB ( 188912 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2015-01-24 15:47:19 UTC ( 4 years, 2 months ago )
Last submission 2017-02-14 12:04:50 UTC ( 2 years, 2 months ago )
File names YandexInstall.exe
YandexInstall.exe
YandexInstall.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Opened mutexes
Runtime DLLs