× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a9a235b16a9bf5d054b1b711dda12e6ffb50f9485d411ee79938d91edcb5fdc4
File name: ef780b6a28317dbfea1970c4dc083042.exe
Detection ratio: 31 / 67
Analysis date: 2018-08-08 14:07:42 UTC ( 8 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40378527 20180808
Arcabit Trojan.Generic.D268209F 20180808
Avast FileRepMalware 20180808
AVG FileRepMalware 20180808
BitDefender Trojan.GenericKD.40378527 20180808
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.bf656e 20180225
Cyren W32/Goolbot.F.gen!Eldorado 20180808
DrWeb Trojan.Gozi.321 20180808
Emsisoft Trojan.GenericKD.40378527 (B) 20180808
Endgame malicious (high confidence) 20180730
ESET-NOD32 Win32/Spy.Ursnif.BP 20180808
F-Prot W32/Goolbot.F.gen!Eldorado 20180808
F-Secure Trojan.GenericKD.40378527 20180808
Fortinet W32/GenKryptik.CHLK!tr 20180808
GData Trojan.GenericKD.40378527 20180808
Ikarus Trojan-Spy.Agent 20180808
Sophos ML heuristic 20180717
Kaspersky Trojan-Banker.Win32.Shiotob.zup 20180808
McAfee Artemis!EF780B6A2831 20180808
McAfee-GW-Edition Artemis 20180808
eScan Trojan.GenericKD.40378527 20180808
Palo Alto Networks (Known Signatures) generic.ml 20180808
Qihoo-360 Win32/Trojan.2cb 20180808
Rising Spyware.Ursnif!8.1DEF (CLOUD) 20180808
Sophos AV Mal/Generic-S 20180808
Symantec Trojan.Gen.2 20180808
Tencent Win32.Trojan-banker.Shiotob.Anpo 20180808
TrendMicro-HouseCall Suspicious_GEN.F47V0807 20180808
Webroot W32.Trojan.Gen 20180808
ZoneAlarm by Check Point Trojan-Banker.Win32.Shiotob.zup 20180808
AegisLab 20180808
AhnLab-V3 20180808
Alibaba 20180713
ALYac 20180808
Antiy-AVL 20180808
Avast-Mobile 20180807
Avira (no cloud) 20180808
AVware 20180727
Babable 20180725
Baidu 20180808
Bkav 20180807
CAT-QuickHeal 20180807
ClamAV 20180808
CMC 20180808
Comodo 20180808
Cylance 20180808
eGambit 20180808
Jiangmin 20180808
K7AntiVirus 20180808
K7GW 20180808
Kingsoft 20180808
Malwarebytes 20180808
MAX 20180808
Microsoft 20180808
NANO-Antivirus 20180808
Panda 20180808
SentinelOne (Static ML) 20180701
SUPERAntiSpyware 20180808
Symantec Mobile Insight 20180801
TACHYON 20180808
TheHacker 20180807
TrendMicro 20180808
Trustlook 20180808
VBA32 20180808
VIPRE 20180808
ViRobot 20180808
Yandex 20180807
Zillya 20180808
Zoner 20180808
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification A certificate was explicitly revoked by its issuer.
Signing date 9:35 AM 8/7/2018
Signers
[+] INFRARED 23 LTD
Status Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer COMODO RSA Code Signing CA
Valid from 11:00 PM 06/14/2018
Valid to 10:59 PM 06/15/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint A732A04D50287639A77756D5E94551A8B664389A
Serial number 7C 40 FA C2 60 AE A9 94 1D AC 64 4A 7D 03 1D 2B
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 11:00 PM 05/08/2013
Valid to 10:59 PM 05/08/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 01/19/2010
Valid to 11:59 PM 01/18/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] DigiCert Timestamp Responder
Status Valid
Issuer DigiCert Assured ID CA-1
Valid from 11:00 PM 10/21/2014
Valid to 11:00 PM 10/21/2024
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 614D271D9102E30169822487FDE5DE00A352B01D
Serial number 03 01 9A 02 3A FF 58 B1 6B D6 D5 EA E6 17 F0 66
[+] DigiCert Assured ID CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 12:00 AM 11/10/2006
Valid to 12:00 AM 11/10/2021
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing
Algorithm sha1RSA
Thumbrint 19A09B5A36F4DD99727DF783C17A51231A56C117
Serial number 06 FD F9 03 96 03 AD EA 00 0A EB 3F 27 BB BA 1B
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 12:00 AM 11/10/2006
Valid to 12:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbrint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2021-09-27 11:23:39
Entry Point 0x0000180F
Number of sections 7
PE sections
Overlays
MD5 75eb9f4b444415d4a4e4f1f08dab5f53
File type data
Offset 102400
Size 7504
Entropy 7.23
PE imports
GlobalMemoryStatusEx
SetupComm
WaitForSingleObjectEx
GetPriorityClass
GetLastInputInfo
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2021:09:27 13:23:39+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
285939417

LinkerVersion
15.1

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x180f

InitializedDataSize
40960

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 ef780b6a28317dbfea1970c4dc083042
SHA1 e7f222dbf656ea4780242cf0d38c2d4338c9fcd8
SHA256 a9a235b16a9bf5d054b1b711dda12e6ffb50f9485d411ee79938d91edcb5fdc4
ssdeep
1536:DH6fP9fR80lzKpWuVtvwe7YCDOqXTWg1LkyCx4vgT/W29g2SXXpGiICNmBi7yXs:DaHaWo2nEtRkhDT/Wem2CNmDs

authentihash 803288ec21046914152df4622f98a872a5a0dfcb3d19c25c7805c96637098a51
imphash cf278c5b3f3d1a62324e9b4a4ae1b5fd
File size 107.3 KB ( 109904 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
revoked-cert peexe signed overlay

VirusTotal metadata
First submission 2018-08-07 12:40:11 UTC ( 8 months, 2 weeks ago )
Last submission 2018-08-07 12:40:11 UTC ( 8 months, 2 weeks ago )
File names ef780b6a28317dbfea1970c4dc083042.exe
index.php2
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.