× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b3619dfd2bb3c091bb843f3cd7e6782e9b4e3e01d60714180fb9d6b9b76d4d78
File name: 6cb29b4890abdfbcc7eb3e7e0d6cf295b51fe3c3.exe
Detection ratio: 1 / 69
Analysis date: 2019-05-16 01:39:23 UTC ( 1 week ago )
Antivirus Result Update
DrWeb Program.Unwanted.619 20190516
Acronis 20190515
Ad-Aware 20190516
AegisLab 20190516
AhnLab-V3 20190515
Alibaba 20190513
ALYac 20190515
Antiy-AVL 20190516
APEX 20190513
Arcabit 20190516
Avast 20190516
Avast-Mobile 20190515
AVG 20190516
Avira (no cloud) 20190516
Babable 20190424
Baidu 20190318
BitDefender 20190516
Bkav 20190515
CAT-QuickHeal 20190515
ClamAV 20190515
CMC 20190321
Comodo 20190516
CrowdStrike Falcon (ML) 20190212
Cybereason 20190417
Cylance 20190516
Cyren 20190516
eGambit 20190516
Emsisoft 20190516
Endgame 20190403
ESET-NOD32 20190516
F-Prot 20190516
F-Secure 20190515
FireEye 20190516
Fortinet 20190516
GData 20190516
Sophos ML 20190313
Jiangmin 20190515
K7AntiVirus 20190515
K7GW 20190515
Kaspersky 20190516
Kingsoft 20190516
Malwarebytes 20190516
MAX 20190516
McAfee 20190516
McAfee-GW-Edition 20190515
Microsoft 20190516
eScan 20190516
NANO-Antivirus 20190516
Palo Alto Networks (Known Signatures) 20190516
Panda 20190515
Qihoo-360 20190516
Rising 20190516
SentinelOne (Static ML) 20190511
Sophos AV 20190515
SUPERAntiSpyware 20190514
Symantec 20190515
Symantec Mobile Insight 20190510
TACHYON 20190516
Tencent 20190516
TheHacker 20190513
TotalDefense 20190515
Trapmine 20190325
TrendMicro 20190516
TrendMicro-HouseCall 20190516
Trustlook 20190516
VBA32 20190515
VIPRE 20190515
ViRobot 20190515
Webroot 20190516
Yandex 20190501
Zillya 20190515
ZoneAlarm by Check Point 20190516
Zoner 20190516
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 9:41 AM 10/28/2009
Signers
[+] Smart PC Solutions, Inc.
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2004 CA
Valid from 12:00 AM 04/16/2009
Valid to 11:59 PM 05/30/2011
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint C07274005371B3AFAD43D8195D5D54DE993305B2
Serial number 52 67 DC E6 AF 37 5F A7 C4 F1 CA 65 BD 87 DF 80
[+] VeriSign Class 3 Code Signing 2004 CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Class 3 Public Primary Certification Authority
Valid from 12:00 AM 07/16/2004
Valid to 11:59 PM 07/15/2014
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 197A4AEBDB25F0170079BB8C73CB2D655E0018A4
Serial number 41 91 A1 5A 39 78 DF CF 49 65 66 38 1D 4C 75 C2
[+] VeriSign Class 3 Public Primary CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 01:00 AM 01/29/1996
Valid to 11:59 PM 08/01/2028
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm md2RSA
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 12:00 AM 06/15/2007
Valid to 11:59 PM 06/14/2012
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 01:00 AM 12/04/2003
Valid to 12:59 AM 12/04/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 01:00 AM 01/01/1997
Valid to 12:59 AM 01/01/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0014A9B0
Number of sections 3
PE sections
Overlays
MD5 226df113d1241b10ed8be7450bfc15ef
File type data
Offset 229888
Size 5392
Entropy 7.21
PE imports
LoadLibraryA
ExitProcess
GetProcAddress
RegCloseKey
ImageList_Add
SaveDC
VariantCopy
ShellExecuteA
VerQueryValueA
Number of PE resources by type
RT_STRING 16
RT_BITMAP 11
RT_GROUP_CURSOR 7
RT_ICON 7
RT_CURSOR 7
RT_RCDATA 3
RT_DIALOG 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 46
RUSSIAN 8
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:20 00:22:17+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
196608

LinkerVersion
2.25

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

EntryPoint
0x14a9b0

InitializedDataSize
36864

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
1155072

File identification
MD5 cca6709476b6e8651f9528e42152a9aa
SHA1 6cb29b4890abdfbcc7eb3e7e0d6cf295b51fe3c3
SHA256 b3619dfd2bb3c091bb843f3cd7e6782e9b4e3e01d60714180fb9d6b9b76d4d78
ssdeep
6144:ovR94j8oEFvR0HUVfMN4pMh8YhG49NxIZ2S+Nv4r:4R9E8oEVq0WcMDhGMSAAr

authentihash b69d3d2f7787d1c723f9268720dce98c968870b59657dbfe840e94dde9db0fb9
imphash 496fe2ecd74f6c4ea95194a2faa1bc04
File size 229.8 KB ( 235280 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (37.1%)
Win32 EXE Yoda's Crypter (36.4%)
Win32 Dynamic Link Library (generic) (9.0%)
Win32 Executable (generic) (6.1%)
Win16/32 Executable Delphi generic (2.8%)
Tags
peexe signed upx overlay

VirusTotal metadata
First submission 2009-11-01 02:33:50 UTC ( 9 years, 6 months ago )
Last submission 2018-05-21 01:18:19 UTC ( 1 year ago )
File names magictransfer backup.exe
BA6045F010CCC5CC975003784B436900F42A4216.exe
magictransfer.exe
30846
1283555762-magictransfer.exe
cca6709476b6e8651f9528e42152a9aa.6cb29b4890abdfbcc7eb3e7e0d6cf295b51fe3c3
cca6709476b6e8651f9528e42152a9aa
octet-stream
cca6709476b6e8651f9528e42152a9aa
magictransfer.exe
CCA6709476B6E8651F9528E42152A9AA
6cb29b4890abdfbcc7eb3e7e0d6cf295b51fe3c3.exe
B3619DFD2BB3C091BB843F3CD7E6782E9B4E3E01D60714180FB9D6B9B76D4D78
magictransfer.exe
octet-stream
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V0706.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!