× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ae626ecd21acada4d6ad15f93230910675886c8f692c36e64602525d71df355b
File name: 3d-kamin-zastavka-3.exe
Detection ratio: 24 / 65
Analysis date: 2019-02-19 10:54:20 UTC ( 3 days, 1 hour ago )
Antivirus Result Update
AVG FileRepMetagen [PUP] 20190219
Avira (no cloud) PUA/DownloadAdmin.Gen 20190218
CAT-QuickHeal PUA.Cbsinterac.Gen 20190218
Comodo ApplicUnwnt@#323rbdyzjj6cv 20190218
Cybereason malicious.453714 20190109
Cylance Unsafe 20190219
DrWeb Trojan.Vittalia.81 20190219
Emsisoft Application.Downloader (A) 20190219
Endgame malicious (high confidence) 20190215
ESET-NOD32 Win32/DownloadAdmin.E potentially unwanted 20190218
Fortinet Riskware/DownloadAdmin 20190218
Sophos ML heuristic 20181128
K7AntiVirus Adware ( 004f117e1 ) 20190219
K7GW Adware ( 004f117e1 ) 20190219
Malwarebytes PUP.Optional.DownLoadAdmin 20190219
MAX malware (ai score=99) 20190219
Microsoft PUA:Win32/DownloadAdmin 20190219
NANO-Antivirus Trojan.Win32.Agent.dtlegd 20190218
SentinelOne (Static ML) static engine - malicious 20190203
SUPERAntiSpyware PUP.DownloadAdmin/Variant 20190213
Trapmine malicious.high.ml.score 20190123
VBA32 Trojan.Vittalia 20190219
ViRobot Adware.Downloadadmin.614264.A 20190219
Yandex PUA.Downware! 20190218
Acronis 20190213
Ad-Aware 20190219
AegisLab 20190219
AhnLab-V3 20190218
Alibaba 20180921
ALYac 20190218
Antiy-AVL 20190219
Arcabit 20190219
Avast 20190219
Avast-Mobile 20190219
Babable 20180917
Baidu 20190214
BitDefender 20190218
ClamAV 20190218
CMC 20190219
CrowdStrike Falcon (ML) 20181023
Cyren 20190218
eGambit 20190219
F-Prot 20190218
F-Secure 20190219
GData 20190219
Ikarus 20190219
Jiangmin 20190218
Kaspersky 20190219
Kingsoft 20190219
McAfee 20190218
McAfee-GW-Edition 20190218
eScan 20190218
Palo Alto Networks (Known Signatures) 20190219
Panda 20190218
Qihoo-360 20190219
Rising 20190218
Sophos AV 20190219
Symantec 20190218
Symantec Mobile Insight 20190206
TACHYON 20190218
Tencent 20190219
TheHacker 20190217
TotalDefense 20190218
Trustlook 20190219
Webroot 20190219
ZoneAlarm by Check Point 20190219
Zoner 20190218
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Certificate out of its validity period
Signers
[+] CBS Interactive
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 11:00 PM 08/04/2011
Valid to 10:59 PM 08/04/2013
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint A7F41250D2F8EC7072E447C6B7E9248069422EAB
Serial number 07 1A 76 01 07 B4 DE 79 3C D4 8C 0E DA 1D F0 B5
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 12:00 AM 02/08/2010
Valid to 11:59 PM 02/07/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 12:00 AM 11/08/2006
Valid to 10:59 PM 07/16/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Packers identified
F-PROT NSIS, appended, UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-06-22 18:07:51
Entry Point 0x0000333B
Number of sections 6
PE sections
Overlays
MD5 ced3d2cc1fb72a63fbc0ea23a8e9d8a7
File type data
Offset 68608
Size 545656
Entropy 8.00
PE imports
RegDeleteKeyA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegEnumKeyA
RegEnumValueA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SetBkMode
CreateBrushIndirect
CreateFontIndirectA
SelectObject
SetBkColor
DeleteObject
SetTextColor
GetLastError
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
ExitProcess
SetFileTime
TlsAlloc
GlobalUnlock
GetModuleFileNameA
LoadLibraryA
GetShortPathNameA
GetCurrentProcess
LoadLibraryExA
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GlobalLock
SetFileAttributesA
SetFilePointer
GetTempPathA
CreateThread
lstrcmpiA
GetModuleHandleA
lstrcmpA
ReadFile
WriteFile
FindFirstFileA
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
RemoveDirectoryA
GetSystemDirectoryA
GetDiskFreeSpaceA
ExpandEnvironmentStringsA
GetFullPathNameA
FreeLibrary
MoveFileA
CreateProcessA
GlobalAlloc
SearchPathA
FindClose
TlsGetValue
Sleep
TlsSetValue
CreateFileA
GetTickCount
GetVersion
GetProcAddress
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
SHFileOperationA
EmptyClipboard
GetMessagePos
EndPaint
CharPrevA
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
CreatePopupMenu
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
RegisterClassA
SetDlgItemTextA
MessageBoxIndirectA
LoadImageA
GetDlgItemTextA
DialogBoxParamA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
SystemParametersInfoA
GetClassInfoA
GetWindowLongA
ShowWindow
SetClipboardData
IsWindowVisible
SendMessageA
SetForegroundWindow
GetClientRect
SetTimer
GetDlgItem
CreateDialogParamA
SetCursor
DrawTextA
EnableMenuItem
ScreenToClient
InvalidateRect
wsprintfA
FindWindowExA
CreateWindowExA
LoadCursorA
TrackPopupMenu
SetWindowTextA
FillRect
SendMessageTimeoutA
CharNextA
CallWindowProcA
GetSystemMenu
EnableWindow
CloseClipboard
DestroyWindow
ExitWindowsEx
OpenClipboard
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_ICON 5
RT_DIALOG 3
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 10
NEUTRAL 1
PE resources
ExifTool file metadata
Combuilduser
$%USER%

FileTypeExtension
exe

Combuildid
e0dc21b8342ae95dbf7c1828069f906661a39f93 refs/heads/master

SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
6.0

FileVersionNumber
2.8.0.1

LanguageCode
Neutral

FileFlagsMask
0x0000

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
123392

FileOS
Win32

Combuilddate
10/29/2012

MIMEType
application/octet-stream

TimeStamp
2012:06:22 11:07:51-07:00

FileType
Win32 EXE

PEType
PE32

UninitializedDataSize
1024

Combuildtime
3:43:20 PM

OSVersion
5.1

Combuildmachine
TESTINGASUS1-PC

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
23552

FileSubtype
0

ProductVersionNumber
2.8.0.1

EntryPoint
0x333b

ObjectFileType
Executable application

Combuilddir
C:\BM\2.5\WebTemplates

File identification
MD5 44044cb173f7082ccac39678943380ca
SHA1 5bafd51453714e4815f80c01da03f9def0cde8c9
SHA256 ae626ecd21acada4d6ad15f93230910675886c8f692c36e64602525d71df355b
ssdeep
12288:zueu7TPe0yJ2KAQ9DtAX9wIJstyWg0PQ/yRikcN5ozeL6I4BlX6J:zQfG0KppAXnsttgjqRqozVI4Bt6J

authentihash 8fd7444e99c58a45de18c7d2d4277ece18455064a068b33a545b626e1d6283dd
imphash c86b02c21ff392ad6ffcf21dcd4a5588
File size 599.9 KB ( 614264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID NSIS - Nullsoft Scriptable Install System (94.6%)
Win32 Executable MS Visual C++ (generic) (3.4%)
Win32 Dynamic Link Library (generic) (0.7%)
Win32 Executable (generic) (0.5%)
OS/2 Executable (generic) (0.2%)
Tags
nsis peexe signed upx overlay

VirusTotal metadata
First submission 2012-11-14 22:36:31 UTC ( 6 years, 3 months ago )
Last submission 2018-09-25 18:00:13 UTC ( 4 months, 4 weeks ago )
File names cbsidlm-tr1_8-Active_ISO_Burner-ORG2-10602452.exe
cbsidlm-tr1_8-Ultra_Hal_TexttoSpeech_Reader-ORG2-10071733.exe
cbsidlm-tr1_8-VideoSpirit_Pro-ORG2-10920222.exe
cbsidlm-tr1_8-MyWinLocker-BP2-10841300.exe
cbsidlm-tr1_8-EOS_Utility-SEO2-201150.exe
9915468c-7b55-1fbb-b4da-6ca684d4d26b
cbsidlm-tr1_8-lsusb-ORG2-75449103.exe
cbsidlm-tr1_8-Digital_Dictation-ORG2-10156035.exe
cbsidlm-tr1_8-Free_Keylogger-BP2-10419683.exe
cbsidlm-tr1_8-StockTick-SEO2-10261852.exe
8651318
cbsidlm-tr1_8-TypingMaster_Typing_Test-ORG2-10046660.exe
cbsidlm-tr1_8-Magical_Glass-ORG2-10405059.exe
cbsidlm-tr1_8-Free_ISO_Creator-ORG2-10902634.exe_
cbsidlm-tr1_8-Snapdo_Browser_Widgets-ORG2-75759707.ex
cbsidlm-tr1_8-Art_Plus_Digital_Photo_Recovery-ORG2-10513647.exe
cbsidlm-tr1_8-SpeedFan-ORG2-10067444.exe
cbsidlm-tr1_8-ID3TagIT-SEO2-10544467.exe
cbsidlm-tr1_8-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-SEO2-75290164.exe
cbsidlm-tr1_8-Amolto_Call_Recorder_for_Skype-SEO2-75813209.exe
cbsidlm-tr1_8-Multi_ID3_Tag_Editor-ORG2-10789002.exe
cbsidlm-tr1_8-Super_Ad_Blocker-ORG2-10295147.exe
cbsidlm-tr1_8-WinBus_Messenger-SEO2-75683138.exe
cbsidlm-tr1_8-Start_Menu_Organizer-BP2-10889788.exe
cbsidlm-tr1_8-Lataza_Browser-ORG2-10966600.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications