× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ae5bcbd794491ba8cd8f3d9bc50d51d8d3609da8797516cf0bdea90169dc1fcc
File name: Exit Map.exe
Detection ratio: 10 / 70
Analysis date: 2018-12-20 22:44:23 UTC ( 5 months ago ) View latest
Antivirus Result Update
Acronis malware 20180726
Avira (no cloud) TR/AD.Gootkit.jhmvt 20181220
Endgame malicious (high confidence) 20181108
Kaspersky UDS:DangerousObject.Multi.Generic 20181220
Microsoft Trojan:Win32/Vigorf.A 20181220
Palo Alto Networks (Known Signatures) generic.ml 20181220
Rising Trojan.Randet!8.10258 (CLOUD) 20181220
Symantec Trojan Horse 20181220
Webroot W32.Malware.gen 20181220
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181220
Ad-Aware 20181220
AegisLab 20181220
AhnLab-V3 20181220
Alibaba 20180921
ALYac 20181220
Antiy-AVL 20181220
Arcabit 20181220
Avast 20181220
Avast-Mobile 20181220
AVG 20181220
Babable 20180918
Baidu 20181207
BitDefender 20181220
Bkav 20181220
CAT-QuickHeal 20181220
ClamAV 20181220
CMC 20181219
Comodo 20181220
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181220
Cyren 20181220
DrWeb 20181220
eGambit 20181220
Emsisoft 20181220
ESET-NOD32 20181220
F-Prot 20181220
F-Secure 20181220
Fortinet 20181220
GData 20181220
Ikarus 20181220
Sophos ML 20181128
Jiangmin 20181220
K7AntiVirus 20181220
K7GW 20181220
Kingsoft 20181220
Malwarebytes 20181220
MAX 20181220
McAfee 20181220
McAfee-GW-Edition 20181220
eScan 20181220
NANO-Antivirus 20181220
Panda 20181220
Qihoo-360 20181220
SentinelOne (Static ML) 20181011
Sophos AV 20181220
SUPERAntiSpyware 20181220
Symantec Mobile Insight 20181215
TACHYON 20181220
Tencent 20181220
TheHacker 20181220
Trapmine 20181205
TrendMicro 20181220
TrendMicro-HouseCall 20181220
Trustlook 20181220
VBA32 20181220
VIPRE 20181220
ViRobot 20181220
Yandex 20181220
Zillya 20181219
Zoner 20181220
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
(c) 2016 Kyriba Fast, Inc. All Rights Reserved.

Product Includesix
Original name Includesix.exe
Internal name Includesix.exe
File version 15.4.31.87
Description Includesix
Signature verification Signed file, verified signature
Signing date 5:07 PM 12/20/2018
Signers
[+] SMACHNA PLITKA, TOV
Status Valid
Issuer GlobalSign Extended Validation CodeSigning CA - SHA256 - G3
Valid from 09:56 AM 10/10/2018
Valid to 09:56 AM 10/11/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 3BD4B94B5E176A5B6487F047867A4EE31FB15D5E
Serial number 25 C5 C8 B5 33 9F 56 4A 1F E6 6E EE
[+] GlobalSign Extended Validation CodeSigning CA - SHA256 - G3
Status Valid
Issuer GlobalSign
Valid from 12:00 AM 06/15/2016
Valid to 12:00 AM 06/15/2024
Valid usage Code Signing, OCSP Signing
Algorithm sha256RSA
Thumbprint 87A63D9ADB627D777836153C680A3DFCF27DE90C
Serial number 48 1B 6A 07 A9 42 4C 1E AA FE F3 CD F1 0F
[+] GlobalSign Root CA - R3
Status Valid
Issuer GlobalSign
Valid from 11:00 AM 03/18/2009
Valid to 11:00 AM 03/18/2029
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha256RSA
Thumbprint D69B561148F01C77C54578C10926DF5B856976AD
Serial number 04 00 00 00 00 01 21 58 53 08 A2
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 12:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 01:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 01:00 AM 01/01/1997
Valid to 12:59 AM 01/01/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-12-20 15:00:18
Entry Point 0x00006093
Number of sections 5
PE sections
Overlays
MD5 47a406af950548d9ac869667ed3c04f4
File type data
Offset 1157632
Size 7008
Entropy 7.39
PE imports
GetDeviceCaps
SetAbortProc
EndDoc
CombineRgn
AbortDoc
SetRectRgn
HeapSize
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
CopyFileW
EnterCriticalSection
LCMapStringW
ReadFile
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
GetFileType
GetConsoleMode
DecodePointer
GetCurrentProcessId
GetUserDefaultLCID
EnumSystemLocalesW
GetCPInfo
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
SetFilePointerEx
FreeEnvironmentStringsW
DeleteFileW
GetProcAddress
EncodePointer
GetLocaleInfoW
SetStdHandle
RaiseException
WideCharToMultiByte
GetModuleFileNameW
TlsFree
GetSystemDirectoryW
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
GetCommandLineA
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
HeapAlloc
TerminateProcess
GetModuleHandleExW
IsValidCodePage
OutputDebugStringW
CreateFileW
CreateProcessW
GetEnvironmentStringsW
TlsGetValue
Sleep
SetLastError
ReadConsoleW
TlsSetValue
ExitProcess
GetCurrentThreadId
GetProcessHeap
WriteConsoleW
LeaveCriticalSection
GetIconInfo
IsDialogMessageW
EndDialog
LoadBitmapW
SetCapture
OffsetRect
WindowFromPoint
SetWindowTextW
LoadIconW
GetMessageW
CloseClipboard
CheckDlgButton
Number of PE resources by type
RT_ICON 8
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 11
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
6.0

InitializedDataSize
874496

ImageVersion
0.0

ProductName
Includesix

FileVersionNumber
15.4.31.87

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

LinkerVersion
12.0

FileTypeExtension
exe

OriginalFileName
Includesix.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
15.4.31.87

TimeStamp
2015:12:20 16:00:18+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Includesix.exe

FileDescription
Includesix

OSVersion
6.0

FileOS
Win32

LegalCopyright
(c) 2016 Kyriba Fast, Inc. All Rights Reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Kyriba Fast

CodeSize
359424

FileSubtype
0

ProductVersionNumber
15.4.31.87

EntryPoint
0x6093

ObjectFileType
Executable application

File identification
MD5 ff3e7de599a9b45862b308e4b8ee10d3
SHA1 1f6447fdf00f5c8d5e592c8b3d55d706dcc37790
SHA256 ae5bcbd794491ba8cd8f3d9bc50d51d8d3609da8797516cf0bdea90169dc1fcc
ssdeep
24576:tkvIomWOmzkwiOaa4zaHtySUlvI6jmx1gPVL:O7mdmzkwiOX4zSUlvI6jmx1mVL

authentihash cb554b15dc00273a9374c236f762115c62b4d08727e3376318c1f47fdde663bc
imphash eef414c1b7feba7f2ee07676fd39712c
File size 1.1 MB ( 1164640 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2018-12-20 15:52:00 UTC ( 5 months ago )
Last submission 2018-12-20 16:40:22 UTC ( 5 months ago )
File names Exit_Map.exe";filename*=UTF-8''Exit_Map.exe
Exit Map .exe";filename*=UTF-8''Exit%20Map%20%20.exe
Exit Map.exe";filename*=UTF-8''Exit%20Map.exe
Includesix.exe
Exit Map.exe
Exit Map .exe";filename*=UTF-8''Exit%20Map%20.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!