× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a7880caa61d3f84a3331d4b997f38bca6caeca237d56d23317816cd206fab8c6
File name: pomoc.exe
Detection ratio: 3 / 61
Analysis date: 2017-05-23 09:06:32 UTC ( 2 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9949 20170503
TrendMicro-HouseCall Suspicious_GEN.F47V0504 20170523
VBA32 suspected of Trojan.Downloader.gen.h 20170522
Ad-Aware 20170523
AegisLab 20170523
AhnLab-V3 20170523
Alibaba 20170523
ALYac 20170523
Antiy-AVL 20170523
Arcabit 20170523
Avast 20170523
AVG 20170523
Avira (no cloud) 20170523
AVware 20170523
BitDefender 20170523
Bkav 20170523
CAT-QuickHeal 20170523
ClamAV 20170523
CMC 20170522
Comodo 20170523
CrowdStrike Falcon (ML) 20170130
Cyren 20170523
DrWeb 20170523
Emsisoft 20170523
Endgame 20170515
ESET-NOD32 20170523
F-Prot 20170523
F-Secure 20170523
Fortinet 20170523
GData 20170523
Ikarus 20170523
Sophos ML 20170519
Jiangmin 20170523
K7AntiVirus 20170523
K7GW 20170523
Kaspersky 20170523
Kingsoft 20170523
Malwarebytes 20170523
McAfee 20170523
McAfee-GW-Edition 20170523
Microsoft 20170523
eScan 20170523
NANO-Antivirus 20170523
nProtect 20170523
Palo Alto Networks (Known Signatures) 20170523
Panda 20170522
Qihoo-360 20170523
Rising None
SentinelOne (Static ML) 20170516
Sophos AV 20170523
SUPERAntiSpyware 20170523
Symantec 20170522
Symantec Mobile Insight 20170523
Tencent 20170523
TheHacker 20170522
TrendMicro 20170523
VIPRE 20170523
ViRobot 20170523
Webroot 20170523
WhiteArmor 20170517
Yandex 20170518
Zillya 20170523
ZoneAlarm by Check Point 20170523
Zoner 20170523
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© PLIKCENTER

Product HelpCenter
File version 8.0.1.0
Description HelpCenter
Comments HelpCenter
Signature verification Certificate out of its validity period
Signers
[+] PlikCenter Micha? Galac
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer DigiCert High Assurance Code Signing CA-1
Valid from 1:00 AM 11/6/2013
Valid to 1:00 PM 2/19/2015
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 3B9DC092583052F2999E44032D5D9485F27B91C2
Serial number 0F 12 DD 1D 9B A0 CC F5 77 EA E7 24 FB 59 B0 88
[+] DigiCert High Assurance Code Signing CA-1
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 1:00 PM 2/11/2011
Valid to 1:00 PM 2/10/2026
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint E308F829DC77E80AF15EDD4151EA47C59399AB46
Serial number 02 C4 D1 E5 8A 4A 68 0C 56 8D A3 04 7E 7E 4D 5F
[+] DigiCert
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
Serial number 02 AC 5C 26 6A 0B 40 9B 8F 0B 79 F2 AE 46 25 77
Packers identified
F-PROT NSIS, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-11-27 17:36:12
Entry Point 0x00003161
Number of sections 5
PE sections
Overlays
MD5 6ebb6111cd04042e04f342f40a191bd5
File type data
Offset 159232
Size 4847072
Entropy 8.00
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
RegDeleteValueA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SetBkMode
CreateBrushIndirect
CreateFontIndirectA
SelectObject
SetBkColor
DeleteObject
SetTextColor
GetLastError
LoadLibraryA
lstrlenA
lstrcmpiA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
ExitProcess
SetFileTime
GlobalUnlock
GetModuleFileNameA
RemoveDirectoryA
GetShortPathNameA
GetCurrentProcess
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GlobalLock
SetFileAttributesA
SetFilePointer
GetTempPathA
CreateThread
GetFileAttributesA
GetModuleHandleA
lstrcmpA
ReadFile
WriteFile
FindFirstFileA
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
GetSystemDirectoryA
GetDiskFreeSpaceA
ExpandEnvironmentStringsA
GetFullPathNameA
FreeLibrary
MoveFileA
CreateProcessA
GetEnvironmentVariableA
GlobalAlloc
SearchPathA
FindClose
Sleep
CreateFileA
GetTickCount
GetProcAddress
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
SHFileOperationA
EmptyClipboard
GetMessagePos
EndPaint
CharPrevA
EndDialog
DestroyWindow
PostQuitMessage
DefWindowProcA
SetWindowTextA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
RegisterClassA
SetDlgItemTextA
LoadImageA
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
FindWindowExA
SystemParametersInfoA
BeginPaint
CreatePopupMenu
wsprintfA
DialogBoxParamA
SetClipboardData
IsWindowVisible
GetClassInfoA
SetForegroundWindow
GetClientRect
CreateWindowExA
GetDlgItem
CreateDialogParamA
DrawTextA
ScreenToClient
InvalidateRect
GetWindowLongA
SendMessageTimeoutA
SetTimer
LoadCursorA
TrackPopupMenu
SendMessageA
FillRect
ShowWindow
CharNextA
CallWindowProcA
EnableWindow
CloseClipboard
SetCursor
ExitWindowsEx
OpenClipboard
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
OleUninitialize
CoCreateInstance
OleInitialize
Number of PE resources by type
RT_ICON 7
RT_DIALOG 6
RT_MANIFEST 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 17
PE resources
ExifTool file metadata
UninitializedDataSize
1024

Comments
HelpCenter

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
8.0.1.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Windows, Latin1

InitializedDataSize
166400

EntryPoint
0x3161

MIMEType
application/octet-stream

LegalCopyright
PLIKCENTER

FileVersion
8.0.1.0

TimeStamp
2006:11:27 18:36:12+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

FileDescription
HelpCenter

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
PlikCenter

CodeSize
23552

ProductName
HelpCenter

ProductVersionNumber
8.0.1.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 677a4aec9a1761fd3960ea595173f412
SHA1 4faa8254f432d8899dda798c96fab1f4e6f25190
SHA256 a7880caa61d3f84a3331d4b997f38bca6caeca237d56d23317816cd206fab8c6
ssdeep
98304:ZeMwW+0rUhEs71vRaiVlH2uXBYEYXAwqsM+XgGrFHYWN9G:Ze6r3s5vVB2uXBxcbqL+XgGrFHYx

authentihash 88eaaf217ff4e60ebd6af173aa4435cc3afdd84fc303989ecb16a83331cc86f2
imphash 18bc6fa81e19f21156316b1ae696ed6b
File size 4.8 MB ( 5006304 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID NSIS - Nullsoft Scriptable Install System (94.8%)
Win32 Executable MS Visual C++ (generic) (3.4%)
Win32 Dynamic Link Library (generic) (0.7%)
Win32 Executable (generic) (0.5%)
Generic Win/DOS Executable (0.2%)
Tags
nsis peexe signed overlay

VirusTotal metadata
First submission 2017-05-04 12:00:41 UTC ( 2 months, 2 weeks ago )
Last submission 2017-05-23 09:06:32 UTC ( 2 months ago )
File names pomoc2.exe
ph.exe
pomoc.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Deleted files
Runtime DLLs
UDP communications