× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b40b14b6637ab26bfeea29816669366f1ac42b31fbc4d333a9a64e7796a721e9
File name: starus_partition_recovery.exe
Detection ratio: 1 / 65
Analysis date: 2017-09-08 10:11:56 UTC ( 1 year, 7 months ago ) View latest
Antivirus Result Update
Zillya Worm.Allaple.Win32.25733 20170907
Ad-Aware 20170908
AegisLab 20170908
AhnLab-V3 20170907
Alibaba 20170908
ALYac 20170908
Antiy-AVL 20170908
Arcabit 20170908
Avast 20170908
AVG 20170908
Avira (no cloud) 20170908
AVware 20170906
Baidu 20170908
BitDefender 20170908
Bkav 20170907
CAT-QuickHeal 20170908
ClamAV 20170908
CMC 20170902
Comodo 20170908
CrowdStrike Falcon (ML) 20170804
Cylance 20170908
Cyren 20170908
DrWeb 20170908
Emsisoft 20170908
Endgame 20170821
ESET-NOD32 20170908
F-Prot 20170908
F-Secure 20170908
Fortinet 20170908
GData 20170908
Ikarus 20170908
Sophos ML 20170822
Jiangmin 20170908
K7AntiVirus 20170908
K7GW 20170908
Kaspersky 20170908
Kingsoft 20170908
Malwarebytes 20170908
MAX 20170908
McAfee 20170908
McAfee-GW-Edition 20170908
Microsoft 20170908
eScan 20170908
NANO-Antivirus 20170908
nProtect 20170908
Palo Alto Networks (Known Signatures) 20170908
Panda 20170906
Qihoo-360 20170908
Rising 20170908
SentinelOne (Static ML) 20170806
Sophos AV 20170907
SUPERAntiSpyware 20170908
Symantec 20170908
Symantec Mobile Insight 20170908
Tencent 20170908
TheHacker 20170907
TotalDefense 20170908
TrendMicro 20170908
TrendMicro-HouseCall 20170908
Trustlook 20170908
VBA32 20170907
VIPRE 20170908
ViRobot 20170908
Webroot 20170908
WhiteArmor 20170829
Yandex 20170907
ZoneAlarm by Check Point 20170908
Zoner 20170908
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 7:08 PM 9/5/2017
Signers
[+] Starus Recovery
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer COMODO RSA Code Signing CA
Valid from 1:00 AM 2/10/2017
Valid to 12:59 AM 2/11/2018
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 2AE8FFD9CBFA04A9ABED3A4893ACFA10C26A86B3
Serial number 6E F0 D3 8E 53 DD 3B 35 EB A3 F7 0A C4 BD B2 F0
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 5/9/2013
Valid to 12:59 AM 5/9/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 1/19/2010
Valid to 12:59 AM 1/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] COMODO SHA-1 Time Stamping Signer
Status Valid
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 12/31/2015
Valid to 7:40 PM 7/9/2019
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 03A5B14663EB12023091B84A6D6A68BC871DE66B
Serial number 16 88 F0 39 25 5E 63 8E 69 14 39 07 E6 33 0B
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
Packers identified
F-PROT NSIS, appended, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-02-24 19:19:54
Entry Point 0x00003883
Number of sections 6
PE sections
Overlays
MD5 166768f4b9697dea4ecdf43f385583ab
File type data
Offset 67072
Size 13785808
Entropy 8.00
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegEnumValueW
RegOpenKeyExW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueExW
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
CreateFontIndirectW
SetBkMode
CreateBrushIndirect
SelectObject
SetBkColor
DeleteObject
SetTextColor
GetLastError
WriteFile
CopyFileW
GetShortPathNameW
lstrlenA
GetModuleFileNameW
GlobalFree
WaitForSingleObject
GetVersionExW
GetExitCodeProcess
FindFirstFileW
ExitProcess
GlobalUnlock
GetFileAttributesW
LoadLibraryA
GetCurrentProcess
CompareFileTime
FindNextFileW
GetFileSize
OpenProcess
SetFileTime
GetCommandLineW
GetWindowsDirectoryW
SetErrorMode
MultiByteToWideChar
lstrlenW
CreateDirectoryW
SetFilePointer
GlobalLock
GetPrivateProfileStringW
WritePrivateProfileStringW
GetTempFileNameW
lstrcpynW
RemoveDirectoryW
ExpandEnvironmentStringsW
lstrcpyW
GetFullPathNameW
lstrcmpiA
CreateThread
LoadLibraryW
GetModuleHandleA
GetSystemDirectoryW
GetDiskFreeSpaceW
ReadFile
GetTempPathW
CloseHandle
lstrcpynA
lstrcmpA
lstrcmpW
GetModuleHandleW
lstrcatW
FreeLibrary
SearchPathW
WideCharToMultiByte
lstrcmpiW
SetCurrentDirectoryW
lstrcpyA
CreateFileW
GlobalAlloc
CreateProcessW
FindClose
Sleep
MoveFileW
SetFileAttributesW
GetTickCount
GetVersion
GetProcAddress
DeleteFileW
LoadLibraryExW
MulDiv
SHBrowseForFolderW
SHFileOperationW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFileInfoW
EmptyClipboard
GetMessagePos
EndPaint
EndDialog
LoadBitmapW
SetClassLongW
DefWindowProcW
CharPrevW
PostQuitMessage
ShowWindow
SetWindowPos
wvsprintfW
GetSystemMetrics
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
EnableWindow
GetDC
CharUpperW
DialogBoxParamW
GetClassInfoW
AppendMenuW
CharNextW
IsWindowEnabled
GetDlgItemTextW
MessageBoxIndirectW
GetSysColor
CheckDlgButton
DispatchMessageW
GetAsyncKeyState
BeginPaint
CreatePopupMenu
SendMessageW
SetCursor
SetClipboardData
GetWindowLongW
FindWindowExW
IsWindowVisible
SetForegroundWindow
SetWindowTextW
GetDlgItem
SystemParametersInfoW
LoadImageW
EnableMenuItem
ScreenToClient
InvalidateRect
CreateDialogParamW
wsprintfA
SetTimer
CallWindowProcW
TrackPopupMenu
RegisterClassW
FillRect
IsDlgButtonChecked
CharNextA
SetDlgItemTextW
LoadCursorW
GetSystemMenu
SendMessageTimeoutW
CreateWindowExW
wsprintfW
CloseClipboard
GetClientRect
DrawTextW
DestroyWindow
ExitWindowsEx
OpenClipboard
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_ICON 7
RT_DIALOG 6
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 15
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:02:24 20:19:54+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
28160

LinkerVersion
10.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x3883

InitializedDataSize
445952

SubsystemVersion
5.0

ImageVersion
6.0

OSVersion
5.0

UninitializedDataSize
16896

File identification
MD5 af7d906d87b7742a7239e699123dbee2
SHA1 2cd47109d497983152fff7cc2a838aeea5d4011c
SHA256 b40b14b6637ab26bfeea29816669366f1ac42b31fbc4d333a9a64e7796a721e9
ssdeep
196608:NjlkokNvjXErEQPdYz2JPMri9DEZlukD30o26qKtTrQHjG8w8fQVoJwgR/1CgC/l:cjqEQg2Jkk4DH26qK1qS8wYQVoJt4l

authentihash 422516b83b84c38f1b2d62fe720dfe85a8a902cfecfca7f345a3fc8eb850a0c4
imphash be41bf7b8cc010b614bd36bbca606973
File size 13.2 MB ( 13852880 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
nsis peexe signed overlay

VirusTotal metadata
First submission 2017-09-08 10:11:56 UTC ( 1 year, 7 months ago )
Last submission 2018-05-22 04:22:21 UTC ( 11 months ago )
File names starus_partition_recovery.exe
2565098f62d8b4d45f68518d3a530cfe6b1e0e70
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Runtime DLLs
UDP communications