× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a9b02dccd3cb53843711ba674b86221457e49d85ee06efa9b655ced590cddecc
File name: Change the chat value
Detection ratio: 47 / 65
Analysis date: 2018-01-17 07:30:01 UTC ( 6 days, 2 hours ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.12552039 20180117
AhnLab-V3 Trojan/Win32.Ursnif.R212600 20180117
ALYac Trojan.GenericKD.12552039 20180117
Arcabit Trojan.Generic.DBF8767 20180117
Avast Win32:Malware-gen 20180117
AVG Win32:Malware-gen 20180117
Avira (no cloud) TR/Crypt.Agent.iscld 20180116
AVware Trojan.Win32.Generic!BT 20180103
BitDefender Trojan.GenericKD.12552039 20180117
CAT-QuickHeal TrojanSpy.Ursnif 20180117
ClamAV Win.Trojan.Agent-6369966-0 20180117
CrowdStrike Falcon (ML) malicious_confidence_70% (D) 20171016
Cylance Unsafe 20180117
Cyren W32/Trojan.XPKZ-9234 20180117
DrWeb Trojan.PWS.Papras.2867 20180117
Emsisoft Trojan.GenericKD.12552039 (B) 20180117
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of Win32/Kryptik.FXTR 20180117
GData Trojan.GenericKD.12552039 20180117
Ikarus Trojan-Banker.UrSnif 20180116
Sophos ML heuristic 20170914
Jiangmin Trojan.Kasidet.yk 20180117
K7AntiVirus Trojan ( 0051b9281 ) 20180117
K7GW Trojan ( 0051b9281 ) 20180117
Kaspersky HEUR:Trojan.Win32.Generic 20180117
MAX malware (ai score=100) 20180117
McAfee Trojan-FOKR!2E4E96E706BC 20180117
McAfee-GW-Edition Trojan-FOKR!2E4E96E706BC 20180117
Microsoft Trojan:Win32/Tiggre!rfn 20180117
eScan Trojan.GenericKD.12552039 20180117
NANO-Antivirus Trojan.Win32.Ursnif.euvxgk 20180117
Palo Alto Networks (Known Signatures) generic.ml 20180117
Panda Trj/CI.A 20180116
Qihoo-360 Win32/Trojan.f8d 20180117
Rising Spyware.Ursnif!8.1DEF (TFE:5:NYlgvkrVLiV) 20180117
SentinelOne (Static ML) static engine - malicious 20180115
Sophos AV Mal/Lethic-L 20180117
Symantec Trojan.Bebloh 20180117
Tencent Win32.Trojan.Generic.Hsta 20180117
TrendMicro-HouseCall TROJ_GEN.R03BC0OKB17 20180117
VBA32 TrojanSpy.Ursnif 20180116
VIPRE Trojan.Win32.Generic!BT 20180117
ViRobot Trojan.Win32.Z.Kryptik.461984 20180117
Webroot W32.Trojan.Gen 20180117
Yandex TrojanSpy.Ursnif!9ftT8v2iNNc 20180112
Zillya Trojan.Kasidet.Win32.1127 20180116
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180117
AegisLab 20180117
Alibaba 20180117
Antiy-AVL 20180117
Avast-Mobile 20180116
Baidu 20180117
Bkav 20180116
CMC 20180116
Comodo 20180117
Cybereason 20171103
eGambit 20180117
F-Prot 20180117
Fortinet 20180117
Kingsoft 20180117
Malwarebytes 20180117
nProtect 20180117
SUPERAntiSpyware 20180117
Symantec Mobile Insight 20180117
TheHacker 20180115
TotalDefense 20180117
Trustlook 20180117
Zoner 20180117
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Change the chat value

Product Change the chat value
Original name Change the chat value
Internal name Change the chat value
File version 5.0.0.152
Description Change the chat value
Signature verification Signed file, verified signature
Signing date 8:41 AM 11/9/2017
Signers
[+] Tubatton Ltd
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer COMODO RSA Code Signing CA
Valid from 1:00 AM 1/8/2017
Valid to 12:59 AM 1/9/2018
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 3CF444A0F92E09BB3E5BF6013771CF0078617E1F
Serial number 00 97 80 5A ED BA 7F 91 61 E0 D9 34 4F 66 3D 9A B9
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 5/9/2013
Valid to 12:59 AM 5/9/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 1/19/2010
Valid to 12:59 AM 1/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] COMODO SHA-256 Time Stamping Signer
Status Valid
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 12/31/2015
Valid to 7:40 PM 7/9/2019
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 36527D4FA26A68F9EB4596F1D99ABB2C0EA76DFA
Serial number 4E B0 87 8F CC 24 35 36 B2 D8 C9 F7 BF 39 55 77
[+] UTN-USERFirst-Object
Status Valid
Issuer AddTrust External CA Root
Valid from 9:09 AM 6/7/2005
Valid to 11:48 AM 5/30/2020
Valid usage All
Algorithm sha1RSA
Thumbrint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] The USERTrust Network™
Status Valid
Issuer AddTrust External CA Root
Valid from 11:48 AM 5/30/2000
Valid to 11:48 AM 5/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbrint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-11-08 10:01:33
Entry Point 0x00006FE1
Number of sections 4
PE sections
Overlays
MD5 d56b4419dfb2f8789fb770a38159c42b
File type data
Offset 456192
Size 5792
Entropy 7.41
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetOEMCP
LCMapStringA
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
LoadLibraryA
RtlUnwind
GetFileAttributesW
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
CompareFileTime
GetLocaleInfoA
GetCurrentProcessId
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
QueryPerformanceCounter
TlsFree
ExitProcess
CompareStringW
lstrcpyW
GetCPInfo
GetStringTypeA
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CompareStringA
GetSystemTimeAsFileTime
FindFirstFileW
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
SetEnvironmentVariableA
LocalFree
FormatMessageW
TerminateProcess
GetModuleFileNameA
GetTimeZoneInformation
IsValidCodePage
HeapCreate
VirtualFree
FindClose
TlsGetValue
Sleep
GetFileType
TlsSetValue
HeapAlloc
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW
SHGetSpecialFolderPathW
SHGetMalloc
SetFocus
EndDialog
SystemParametersInfoW
KillTimer
MessageBeep
SetWindowPos
wvsprintfW
SetWindowLongW
GetWindowRect
ClientToScreen
MessageBoxA
GetWindowDC
GetWindow
SetDlgItemTextW
GetDC
GetKeyState
ReleaseDC
SendMessageW
wsprintfW
DrawIconEx
SetWindowTextW
DrawTextW
LoadImageW
ScreenToClient
wsprintfA
CallWindowProcW
DialogBoxIndirectParamW
LoadIconW
GetWindowTextLengthW
GetWindowLongW
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
21.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.0.0.152

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Change the chat value

CharacterSet
Windows, Latin1

InitializedDataSize
553472

EntryPoint
0x6fe1

BuildTime
Change the chat value

OriginalFileName
Change the chat value

MIMEType
application/octet-stream

LegalCopyright
Change the chat value

FileVersion
5.0.0.152

TimeStamp
2017:11:08 11:01:33+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Change the chat value

ProductVersion
5.0

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Change the chat value

CodeSize
56320

ProductName
Change the chat value

ProductVersionNumber
5.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 2e4e96e706bc0209a4b1cfdcbbb6705d
SHA1 2abf1e186355372a76d47cb847268785ba8d48e5
SHA256 a9b02dccd3cb53843711ba674b86221457e49d85ee06efa9b655ced590cddecc
ssdeep
6144:V95o+h6vAW2/ZPTW+PjZUf0vrx7YSkJiMKvetOvq/XGMTgj3H1:Dr8vk7PCIIIjGMwy3V

authentihash 27845875026d95d345bb8d19fca5f30e8abf3db2190e6ce4af7204e405a724c7
imphash e98fdea88868716431a4e6d5cd4fc01f
File size 451.2 KB ( 461984 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2017-11-09 08:13:48 UTC ( 2 months, 2 weeks ago )
Last submission 2018-01-17 07:30:01 UTC ( 6 days, 2 hours ago )
File names a9b02dccd3cb53843711ba674b86221457e49d85ee06efa9b655ced590cddecc
Change the chat value
1024-2abf1e186355372a76d47cb847268785ba8d48e5
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Opened mutexes
Searched windows
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications