× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: aca89e66ce47ba8ff50de8b9fef67377e5eaa545db4c662c0a3a208254134705
File name: Pago De Impuesto Empresarial Ministerio De Hacienda.exe
Detection ratio: 4 / 54
Analysis date: 2016-02-15 15:29:09 UTC ( 1 year, 3 months ago ) View latest
Antivirus Result Update
AegisLab W32.W.VBNA 20160215
AhnLab-V3 Worm/Win32.VBNA 20160215
Qihoo-360 QVM19.1.Malware.Gen 20160215
Symantec Suspicious.Cloud.9.B 20160214
Ad-Aware 20160215
Yandex 20160213
Alibaba 20160215
ALYac 20160215
Antiy-AVL 20160215
Arcabit 20160215
Avast 20160215
AVG 20160215
Avira (no cloud) 20160215
Baidu-International 20160215
BitDefender 20160215
Bkav 20160215
ByteHero 20160215
CAT-QuickHeal 20160215
ClamAV 20160215
CMC 20160214
Comodo 20160215
Cyren 20160215
DrWeb 20160215
Emsisoft 20160215
ESET-NOD32 20160215
F-Prot 20160215
F-Secure 20160215
Fortinet 20160215
GData 20160215
Ikarus 20160215
Jiangmin 20160215
K7AntiVirus 20160215
K7GW 20160215
Kaspersky 20160215
Malwarebytes 20160215
McAfee 20160215
McAfee-GW-Edition 20160215
Microsoft 20160215
eScan 20160215
NANO-Antivirus 20160215
nProtect 20160212
Panda 20160214
Rising 20160215
Sophos 20160215
SUPERAntiSpyware 20160215
Tencent 20160215
TheHacker 20160213
TrendMicro 20160215
TrendMicro-HouseCall 20160215
VBA32 20160215
VIPRE 20160215
ViRobot 20160215
Zillya 20160213
Zoner 20160215
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2016 by fasTStone Soft

Product FastStone Capture
File version 6.7.0.0
Description FastStone Capture
Signature verification Signed file, verified signature
Signing date 2:42 PM 2/15/2016
Signers
[+]
Status The certificate or one of the certificates in the certificate chain does not have a valid signature., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer Certum Level III CA
Valid from 2:52 PM 3/25/2015
Valid to 2:52 PM 3/24/2016
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 24F24ACF1C179E2340066A70FD43CE986F98185D
Serial number 15 69 86 C6 65 78 89 1F 73 08 5D 5D A6 B7 5D F8
[+] Certum Level III CA
Status Valid
Issuer Certum CA
Valid from 1:53 PM 3/3/2009
Valid to 1:53 PM 3/3/2024
Valid usage All
Algorithm sha1RSA
Thumbprint 2E8734348C03390D24FAF96E86BB01B39E3AD4DB
Serial number 64 FE 29 DC CF 38 E0 30 DC FF E3 4D 05 68 96 61
[+] Certum
Status Valid
Issuer Certum CA
Valid from 11:46 AM 6/11/2002
Valid to 11:46 AM 6/11/2027
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, OCSP Signing
Algorithm sha1RSA
Thumbprint 6252DC40F71143A22FDE9EF7348E064251B18118
Serial number 01 00 20
Counter signers
[+] DigiCert Timestamp Responder
Status Valid
Issuer DigiCert Assured ID CA-1
Valid from 1:00 AM 10/22/2014
Valid to 1:00 AM 10/22/2024
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 614D271D9102E30169822487FDE5DE00A352B01D
Serial number 03 01 9A 02 3A FF 58 B1 6B D6 D5 EA E6 17 F0 66
[+] DigiCert Assured ID CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2021
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing
Algorithm sha1RSA
Thumbrint 19A09B5A36F4DD99727DF783C17A51231A56C117
Serial number 06 FD F9 03 96 03 AD EA 00 0A EB 3F 27 BB BA 1B
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbrint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-02-15 12:04:50
Entry Point 0x00001114
Number of sections 3
PE sections
Overlays
MD5 e5aa1624324b6ffdf296e0de589ddd22
File type data
Offset 409600
Size 7352
Entropy 7.13
PE imports
EVENT_SINK_QueryInterface
Ord(537)
Ord(516)
EVENT_SINK_Invoke
Ord(685)
EVENT_SINK_AddRef
Ord(712)
Ord(576)
EVENT_SINK_GetIDsOfNames
Ord(717)
Ord(666)
__vbaExceptHandler
Ord(632)
MethCallEngine
DllFunctionCall
Zombie_GetTypeInfoCount
Zombie_GetTypeInfo
Ord(608)
Ord(100)
ProcCallEngine
EVENT_SINK_Release
Ord(595)
Ord(617)
Ord(716)
Ord(669)
Ord(644)
rtcStrConvVar2
Number of PE resources by type
RT_BITMAP 5
RT_ICON 5
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 7
NEUTRAL 6
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
6.7.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
380928

EntryPoint
0x1114

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2016 by fasTStone Soft

FileVersion
6.7.0.0

TimeStamp
2016:02:15 13:04:50+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
6.8

FileDescription
FastStone Capture

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
FastStone Soft

CodeSize
24576

ProductName
FastStone Capture

ProductVersionNumber
6.7.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 2c48b393088fecbe6ece18e84f1396f8
SHA1 d8203efbc85b2343c079d94791746d23600cbc91
SHA256 aca89e66ce47ba8ff50de8b9fef67377e5eaa545db4c662c0a3a208254134705
ssdeep
6144:E01MZUv549T6gFIc4cxxvq6JbBQ1Fv/0jMy+dAECMNSZk/AGqPzrGiqE:ESMCvypFIBcxVq6c1hM2SLD7rp

authentihash 9fdb752f277c8c7a0e334b3dda89bd23c56d3c0f64cea00e043b298415ec6f0d
imphash 7706b0b890374449ca3ea2d4823cdb4b
File size 407.2 KB ( 416952 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.6%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2016-02-15 15:29:09 UTC ( 1 year, 3 months ago )
Last submission 2016-02-15 15:29:09 UTC ( 1 year, 3 months ago )
File names Pago De Impuesto Empresarial Ministerio De Hacienda.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R00XC0DBK16.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Created mutexes
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications