× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b32753162fa9fba8771e302675ec5739aa3925f19ae0871dec32e9d27933082d
File name: sysbbanalyzer.exe
Detection ratio: 2 / 57
Analysis date: 2017-02-27 21:24:43 UTC ( 3 hours, 22 minutes ago )
Antivirus Result Update
Rising Malware.Heuristic!ET#81% (cloud:5PAG8MgROsH) 20170227
TrendMicro-HouseCall TROJ_GEN.R023C0EB517 20170227
ALYac 20170227
AVG 20170227
AVware 20170227
Ad-Aware 20170227
AegisLab 20170227
AhnLab-V3 20170227
Alibaba 20170227
Antiy-AVL 20170227
Arcabit 20170227
Avast 20170227
Avira (no cloud) 20170227
Baidu 20170227
BitDefender 20170227
Bkav 20170227
CAT-QuickHeal 20170227
CMC 20170227
ClamAV 20170227
Comodo 20170227
CrowdStrike Falcon (ML) 20170130
Cyren 20170227
DrWeb 20170227
ESET-NOD32 20170227
Emsisoft 20170227
Endgame 20170222
F-Prot 20170227
F-Secure 20170227
Fortinet 20170227
GData 20170227
Ikarus 20170227
Invincea 20170203
Jiangmin 20170227
K7AntiVirus 20170227
K7GW 20170227
Kaspersky 20170227
Kingsoft 20170227
Malwarebytes 20170227
McAfee 20170225
McAfee-GW-Edition 20170227
eScan 20170227
Microsoft 20170227
NANO-Antivirus 20170227
Panda 20170227
Qihoo-360 20170227
SUPERAntiSpyware 20170227
Sophos 20170227
Symantec 20170227
Tencent 20170227
TheHacker 20170223
Trustlook 20170227
VBA32 20170227
VIPRE 20170227
ViRobot 20170227
Webroot 20170227
WhiteArmor 20170222
Yandex 20170225
Zillya 20170227
Zoner 20170227
nProtect 20170227
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
(c) Webroot 2006-2017

Product Webroot SecureAnywhere
Original name WRSA.exe
Internal name WRSA.exe
File version 9.0.15.40
Description Webroot SecureAnywhere
Signature verification Signed file, verified signature
Signing date 6:42 PM 1/16/2017
Signers
[+] Webroot Inc.
Status Valid
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 12/23/2015
Valid to 12:59 AM 3/24/2019
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361
Serial number 6F BB 6E 1D 23 67 DC 6B D3 8B 1C 8F A0 BF 66 37
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] DigiCert Timestamp Responder
Status Valid
Issuer DigiCert Assured ID CA-1
Valid from 1:00 AM 10/22/2014
Valid to 1:00 AM 10/22/2024
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 614D271D9102E30169822487FDE5DE00A352B01D
Serial number 03 01 9A 02 3A FF 58 B1 6B D6 D5 EA E6 17 F0 66
[+] DigiCert Assured ID CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2021
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing
Algorithm sha1RSA
Thumbrint 19A09B5A36F4DD99727DF783C17A51231A56C117
Serial number 06 FD F9 03 96 03 AD EA 00 0A EB 3F 27 BB BA 1B
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbrint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
Packers identified
F-PROT UPX_LZMA
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-01-16 17:42:21
Entry Point 0x003128C0
Number of sections 3
PE sections
Overlays
MD5 8e70640e4d0db48d6a191f49b47ee8eb
File type data
Offset 967680
Size 32688
Entropy 7.50
PE imports
CertOpenStore
BitBlt
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
AlphaBlend
NetUserEnum
GetUserNameExW
VerQueryValueW
WinHttpConnect
InternetQueryOptionW
EnumPrintersW
WinVerifyTrust
MiniDumpWriteDump
GdiplusStartup
GetAdaptersInfo
CreateStreamOnHGlobal
Number of PE resources by type
BINARY 68
RT_BITMAP 15
RT_ICON 8
RT_GROUP_ICON 6
RT_MANIFEST 1
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 100
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
9.0

ImageVersion
6.1

FileSubtype
0

FileVersionNumber
9.0.15.40

UninitializedDataSize
2277376

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
24576

EntryPoint
0x3128c0

OriginalFileName
WRSA.exe

MIMEType
application/octet-stream

LegalCopyright
(c) Webroot 2006-2017

FileVersion
9.0.15.40

TimeStamp
2017:01:16 18:42:21+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
WRSA.exe

ProductVersion
9.0.15.40

FileDescription
Webroot SecureAnywhere

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Webroot

CodeSize
946176

ProductName
Webroot SecureAnywhere

ProductVersionNumber
9.0.15.40

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 4f851a9c8d9717ed4f172e6b3527a8b2
SHA1 1636cd7641e20c3c86060e53c05854ecfbd91192
SHA256 b32753162fa9fba8771e302675ec5739aa3925f19ae0871dec32e9d27933082d
ssdeep
24576:+SKur9Box9/xN7tO/vpMbB3EOHmw+ishZBhKwDeT:+SKAW3tOnpMbB3EQ+LnhKwy

authentihash 4e11ec3239869a4a942e1fd14335e204d197d834b1b1efe0423cbd3d6df1f2e7
imphash 0a53f1c788b055b036d53272245b1ce8
File size 976.9 KB ( 1000368 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (39.3%)
Win32 EXE Yoda's Crypter (38.6%)
Win32 Dynamic Link Library (generic) (9.5%)
Win32 Executable (generic) (6.5%)
Generic Win/DOS Executable (2.9%)
Tags
peexe via-tor signed upx overlay

VirusTotal metadata
First submission 2017-01-16 18:28:40 UTC ( 1 month, 1 week ago )
Last submission 2017-02-27 21:24:43 UTC ( 3 hours, 22 minutes ago )
File names WRupdate352390.exe
WRupdate603084.exe
WRupdate322000.exe
b32753162fa9fba8771e302675ec5739aa3925f19ae0871dec32e9d27933082d.x32.exe
sysbbanalyzer.exe
f34a9ea1-ef05-11e6-8007-80e65024849a.file
6d031811-eb71-11e6-9017-80e65024849a.file
sysbbanalyzer.exe
WRupdate476177.exe
7d5ce5eb-f075-11e6-ad1f-80e65024849a.file
f68b63dc-ef74-11e6-a0ad-80e65024849a.file
sysbbanalyzer.exe
sysbbanalyzer.exe
sysbbanalyer.exe
sysbbanalyzer.exe
1485515817_539356_4_0a0008d4_50840_36c0b791_80.2
sysbbanalyzer.exe
sysbbanalyzer.exe
f508fda8-f41a-11e6-bb91-80e65024849a.file
sysbbanalyzer.exe
myfile.exe
sysbbanalyzer.exe
f9a94eeb-e8c3-11e6-816d-80e65024849a.file
malfile
patch.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Opened service managers
Runtime DLLs
UDP communications