× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b516c0173aedefda0d5c00d2a56a7fd982f938ae904c1e83d45cb26c6151ab5d
File name: UsbFix_9.039.exe
Detection ratio: 1 / 61
Analysis date: 2017-03-30 18:34:29 UTC ( 1 year, 10 months ago ) View latest
Antivirus Result Update
Cyren W32/GenBl.26092B7F!Olympus 20170330
Ad-Aware 20170330
AegisLab 20170330
AhnLab-V3 20170330
Alibaba 20170330
ALYac 20170330
Antiy-AVL 20170330
Arcabit 20170330
Avast 20170330
AVG 20170330
Avira (no cloud) 20170330
AVware 20170330
Baidu 20170330
BitDefender 20170330
Bkav 20170330
CAT-QuickHeal 20170330
ClamAV 20170330
CMC 20170330
Comodo 20170330
CrowdStrike Falcon (ML) 20170130
DrWeb 20170330
Emsisoft 20170330
Endgame 20170329
ESET-NOD32 20170330
F-Prot 20170330
F-Secure 20170330
Fortinet 20170330
GData 20170330
Ikarus 20170330
Sophos ML 20170203
Jiangmin 20170330
K7AntiVirus 20170330
K7GW 20170330
Kaspersky 20170330
Kingsoft 20170330
Malwarebytes 20170330
McAfee 20170330
McAfee-GW-Edition 20170330
Microsoft 20170330
eScan 20170330
NANO-Antivirus 20170330
nProtect 20170330
Palo Alto Networks (Known Signatures) 20170330
Panda 20170330
Qihoo-360 20170330
Rising 20170330
SentinelOne (Static ML) 20170330
Sophos AV 20170330
SUPERAntiSpyware 20170330
Symantec 20170330
Symantec Mobile Insight 20170329
Tencent 20170330
TheHacker 20170330
TrendMicro 20170330
TrendMicro-HouseCall 20170330
Trustlook 20170330
VBA32 20170330
VIPRE 20170330
ViRobot 20170330
Webroot 20170330
WhiteArmor 20170327
Yandex 20170327
Zillya 20170329
ZoneAlarm by Check Point 20170330
Zoner 20170330
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© 2008/2016 - El Desaparecido - www.SOSVirus.net

Product UsbFix - Remove Malware From Your Drive!
Original name UsbFix.exe
Internal name UsbFix.exe
File version 9.0.0.1
Description UsbFix BY SOSVirus
Signature verification Certificate out of its validity period
Signers
[+] SOSVIRUS
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer GlobalSign CodeSigning CA - SHA256 - G3
Valid from 3:59 PM 2/23/2017
Valid to 3:59 PM 2/24/2018
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint E1E9DF451E12AAE78D5D9DE5AFC40ABC0F18D99E
Serial number 4A 75 CF E5 6B 31 FD 21 78 DC AE A9
[+] GlobalSign CodeSigning CA - SHA256 - G3
Status Valid
Issuer GlobalSign
Valid from 1:00 AM 6/15/2016
Valid to 1:00 AM 6/15/2024
Valid usage Code Signing, OCSP Signing
Algorithm sha256RSA
Thumbprint 090D03435EB2A8364F79B78CB173D35E8EB63558
Serial number 48 1B 6A 07 26 D2 E8 3F 26 02 D4 82 5A CD
[+] GlobalSign Root CA - R3
Status Valid
Issuer GlobalSign
Valid from 11:00 AM 3/18/2009
Valid to 11:00 AM 3/18/2029
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha256RSA
Thumbprint D69B561148F01C77C54578C10926DF5B856976AD
Serial number 04 00 00 00 00 01 21 58 53 08 A2
Packers identified
F-PROT NSIS, appended, UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-07-25 00:55:54
Entry Point 0x0000310F
Number of sections 5
PE sections
Overlays
MD5 70655e427ad6c10f1c52e444e19bd702
File type data
Offset 305664
Size 3514488
Entropy 8.00
PE imports
RegDeleteKeyA
LookupPrivilegeValueA
RegCloseKey
RegDeleteValueA
OpenProcessToken
RegSetValueExA
RegQueryValueExA
AdjustTokenPrivileges
RegEnumKeyA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SelectObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetBkColor
DeleteObject
SetTextColor
GetLastError
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
FreeLibrary
CopyFileA
ExitProcess
SetFileTime
GlobalUnlock
GetModuleFileNameA
DeleteFileA
RemoveDirectoryA
GetShortPathNameA
GetCurrentProcess
LoadLibraryExA
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
ExpandEnvironmentStringsA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GlobalLock
GetFullPathNameA
GetModuleHandleA
GetTempPathA
CreateThread
lstrcmpiA
SetFilePointer
lstrcmpA
ReadFile
WriteFile
FindFirstFileA
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
GetSystemDirectoryA
GetDiskFreeSpaceA
MoveFileExA
GetProcAddress
SetEnvironmentVariableA
SetFileAttributesA
GetExitCodeProcess
MoveFileA
CreateProcessA
lstrcpyA
GlobalAlloc
SearchPathA
FindClose
Sleep
CreateFileA
GetTickCount
GetVersion
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
SHFileOperationA
EmptyClipboard
GetMessagePos
CharPrevA
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
GetClassInfoA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
MessageBoxIndirectA
LoadImageA
GetDlgItemTextA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
FindWindowExA
ReleaseDC
SystemParametersInfoA
CreatePopupMenu
wsprintfA
ShowWindow
SetClipboardData
IsWindowVisible
SendMessageA
DialogBoxParamA
GetClientRect
SetTimer
GetDlgItem
SetForegroundWindow
CreateDialogParamA
SetWindowTextA
EnableMenuItem
ScreenToClient
InvalidateRect
GetWindowLongA
SendMessageTimeoutA
CreateWindowExA
LoadCursorA
TrackPopupMenu
DrawTextA
DestroyWindow
FillRect
RegisterClassA
CharNextA
CallWindowProcA
GetSystemMenu
EndPaint
CloseClipboard
OpenClipboard
ExitWindowsEx
SetCursor
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
RT_DIALOG 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 5
PE resources
ExifTool file metadata
CodeSize
24576

SubsystemVersion
4.0

InitializedDataSize
162816

ImageVersion
6.0

URLInfoAbout
https://www.usb-antivirus.com/

FileSubtype
0

FileVersionNumber
9.0.0.1

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
UsbFix BY SOSVirus

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Windows, Latin1

LinkerVersion
6.0

EntryPoint
0x310f

OriginalFileName
UsbFix.exe

MIMEType
application/octet-stream

LegalCopyright
2008/2016 - El Desaparecido - www.SOSVirus.net

FileVersion
9.0.0.1

TimeStamp
2016:07:25 01:55:54+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
UsbFix.exe

EstimatedSize
3 200 515

ProductVersion
8

UninitializedDataSize
1024

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

HelpLink
https://www.sosvirus.net/

CompanyName
SOSVirus

LegalTrademarks
Tous droits r serv s.

ProductName
UsbFix - Remove Malware From Your Drive!

ProductVersionNumber
9.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 56cf1a61f6afeaac21150801fd796bed
SHA1 f77dcc42ae681f6816c9106024fc01e03ff6bc57
SHA256 b516c0173aedefda0d5c00d2a56a7fd982f938ae904c1e83d45cb26c6151ab5d
ssdeep
98304:9J95SR8DcavLkUtpAn1D9bZpmDGmNKMN/iHhp:t5SEhgdn1D9bZYDGNzj

authentihash c982261be6b4c6d3334ce1697e491f1cfb6f7bad3345176116ea0c46902371f6
imphash b78ecf47c0a3e24a6f4af114e2d1f5de
File size 3.6 MB ( 3820152 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
nsis peexe signed upx overlay

VirusTotal metadata
First submission 2017-03-30 09:55:27 UTC ( 1 year, 11 months ago )
Last submission 2018-09-25 12:23:49 UTC ( 5 months ago )
File names UsbFix_9.039.exe
UsbFix.exe
UsbFix_9.039.exe
UsbFix_9.039.exe
B516C0173AEDEFDA0D5C00D2A56A7FD982F938AE904C1E83D45CB26C6151AB5D.exe
usbfix_9.039.exe
usbfix_9.039.exe
UsbFix_9.039_[www.programosy.pl].exe
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
DNS requests
TCP connections
UDP communications