× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a98bb2f8daa4ced3acbd7aff27c1918d8135bf2e64442b225b178548b594363d
File name: wa1.exe
Detection ratio: 3 / 55
Analysis date: 2015-10-27 17:16:59 UTC ( 2 years, 1 month ago ) View latest
Antivirus Result Update
McAfee Upatre-FAEC!FCB8647D5AB8 20151027
Rising PE:Malware.Obscure!1.9C59 [F] 20151027
Tencent Trojan.Win32.Qudamah.Gen.24 20151027
Ad-Aware 20151027
AegisLab 20151027
Yandex 20151027
AhnLab-V3 20151027
Alibaba 20151027
ALYac 20151027
Antiy-AVL 20151027
Arcabit 20151027
Avast 20151027
AVG 20151027
Avira (no cloud) 20151027
AVware 20151027
Baidu-International 20151027
BitDefender 20151027
Bkav 20151027
ByteHero 20151027
CAT-QuickHeal 20151027
ClamAV 20151027
CMC 20151026
Comodo 20151027
Cyren 20151027
DrWeb 20151027
Emsisoft 20151027
ESET-NOD32 20151027
F-Prot 20151027
F-Secure 20151027
Fortinet 20151027
GData 20151027
Ikarus 20151027
Jiangmin 20151026
K7AntiVirus 20151027
K7GW 20151027
Kaspersky 20151027
Malwarebytes 20151027
McAfee-GW-Edition 20151027
Microsoft 20151027
eScan 20151027
NANO-Antivirus 20151027
nProtect 20151027
Panda 20151027
Qihoo-360 20151027
Sophos AV 20151027
SUPERAntiSpyware 20151027
Symantec 20151026
TheHacker 20151026
TrendMicro 20151027
TrendMicro-HouseCall 20151027
VBA32 20151027
VIPRE 20151027
ViRobot 20151027
Zillya 20151027
Zoner 20151027
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification A certificate was explicitly revoked by its issuer.
Signing date 2:14 PM 10/27/2015
Signers
[+] Time Divers Ltd
Status This certificate or one of the certificates in the certificate chain is not time valid., Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer COMODO RSA Code Signing CA
Valid from 1:00 AM 10/26/2015
Valid to 12:59 AM 10/26/2016
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint E070B6B9F77602C886AAB34FE1E9923B7374C43D
Serial number 00 CE F4 42 A2 11 AC F5 80 FC 08 1C 2A 99 97 3D C0
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 5/9/2013
Valid to 12:59 AM 5/9/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 1/19/2010
Valid to 12:59 AM 1/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] COMODO Time Stamping Signer
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 5/5/2015
Valid to 12:59 AM 1/1/2016
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint DF946A5E503015777FD22F46B5624ECD27BEE376
Serial number 00 9F EA C8 11 B0 F1 62 47 A5 FC 20 D8 05 23 AC E6
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-10-27 11:54:52
Entry Point 0x0000168E
Number of sections 4
PE sections
Overlays
MD5 7d6a49416c2da1ec0e85e6956e61d440
File type data
Offset 81920
Size 5368
Entropy 7.43
PE imports
OpenServiceW
SelectObject
CreatePen
CreateBitmap
ReadConsoleInputA
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
GetOEMCP
LCMapStringA
HeapDestroy
GetTickCount
VirtualProtect
LoadLibraryA
RtlUnwind
GetModuleFileNameA
GetLocalTime
FreeEnvironmentStringsA
HeapAlloc
GetStartupInfoA
GetEnvironmentStrings
GetConsoleMode
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
InterlockedExchange
WriteFile
GetCurrentProcess
CloseHandle
GetACP
HeapReAlloc
GetStringTypeW
TerminateProcess
SetConsoleMode
OpenSemaphoreA
VirtualFree
GetEnvironmentStringsW
Sleep
GetFileType
CreateFileA
ExitProcess
GetVersion
OpenSemaphoreW
VirtualAlloc
HeapCreate
InterlockedIncrement
SysAllocString
auxGetVolume
CoUninitialize
CoInitialize
Number of PE resources by type
RT_GROUP_CURSOR 1
RT_ICON 1
RT_CURSOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 5
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
8.2

FileVersionNumber
7.16.13.799

LanguageCode
Russian

FileFlagsMask
0x0001

CharacterSet
Unknown (24B2)

InitializedDataSize
61440

EntryPoint
0x168e

MIMEType
application/octet-stream

TimeStamp
2015:10:27 12:54:52+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Unknown (0x5)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

BuildVersion
7, 16, 19, 799

CodeSize
16384

FileSubtype
1

ProductVersionNumber
7.16.13.799

FileTypeExtension
exe

ObjectFileType
VxD

File identification
MD5 fcb8647d5ab8c4640e139df1b988cd7a
SHA1 701e7b7e0231417910a3fd24ab5e50de4543042a
SHA256 a98bb2f8daa4ced3acbd7aff27c1918d8135bf2e64442b225b178548b594363d
ssdeep
768:nNNlFJI3VyA6hJojhvuttQZR4Nuov7u/8iH:nNNls30do1u4R4NuOuki

authentihash 4fda017876550073e920766ec5fb6165de57f026c761f23ab083b3790fc92764
imphash bfb800fd5d51b039fba649ec85046ee7
File size 85.2 KB ( 87288 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
revoked-cert peexe signed overlay

VirusTotal metadata
First submission 2015-10-27 17:16:59 UTC ( 2 years, 1 month ago )
Last submission 2015-11-05 08:07:19 UTC ( 2 years, 1 month ago )
File names 701e7b7e0231417910a3fd24ab5e50de4543042a
a98bb2f8daa4ced3acbd7aff27c1918d8135bf2e64442b225b178548b594363d.bin
wa1.exe
wa1 (2).exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs