× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b5c41658e9376eacf93ab7156a87ec5e66ab76253ef6d3e4f448dc9fe5c2f9f5
File name: nuzdizvax.exe
Detection ratio: 4 / 57
Analysis date: 2016-09-23 07:21:32 UTC ( 2 years, 4 months ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_64% (D) 20160725
Sophos ML virus.win32.sality.at 20160917
Qihoo-360 HEUR/QVM10.1.0000.Malware.Gen 20160923
Rising Malware.Obscure/Heur!1.A121 (classic) 20160923
Ad-Aware 20160923
AegisLab 20160923
AhnLab-V3 20160922
Alibaba 20160923
ALYac 20160922
Antiy-AVL 20160923
Arcabit 20160923
Avast 20160923
AVG 20160923
Avira (no cloud) 20160923
AVware 20160923
Baidu 20160923
BitDefender 20160923
Bkav 20160923
CAT-QuickHeal 20160923
ClamAV 20160922
CMC 20160921
Comodo 20160923
Cyren 20160923
DrWeb 20160923
Emsisoft 20160923
ESET-NOD32 20160923
F-Prot 20160923
F-Secure 20160923
Fortinet 20160923
GData 20160923
Ikarus 20160922
Jiangmin 20160923
K7AntiVirus 20160923
K7GW 20160923
Kaspersky 20160923
Kingsoft 20160923
Malwarebytes 20160923
McAfee 20160923
McAfee-GW-Edition 20160922
Microsoft 20160923
eScan 20160923
NANO-Antivirus 20160922
nProtect 20160923
Panda 20160922
Sophos AV 20160923
SUPERAntiSpyware 20160923
Symantec 20160923
Tencent 20160923
TheHacker 20160922
TrendMicro 20160923
TrendMicro-HouseCall 20160923
VBA32 20160922
VIPRE 20160923
ViRobot 20160923
Yandex 20160921
Zillya 20160922
Zoner 20160923
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 12:26 PM 9/22/2016
Signers
[+] OOO Alkon
Status Valid
Issuer COMODO RSA Code Signing CA
Valid from 1:00 AM 9/19/2016
Valid to 12:59 AM 9/20/2017
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint A349DCC68ED6CAF34B7A257B659EED0277BA7FA4
Serial number 3B 86 97 50 DF 4E 11 61 A9 40 F5 4C 5A 43 13 DA
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 5/9/2013
Valid to 12:59 AM 5/9/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE?
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 1/19/2010
Valid to 12:59 AM 1/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-09-12 05:04:30
Entry Point 0x0000306F
Number of sections 4
PE sections
Overlays
MD5 d0b4ca0b189cd612d2125da4ee83aeac
File type data
Offset 257536
Size 6368
Entropy 7.40
PE imports
RegDeleteKeyA
LookupPrivilegeValueA
RegOpenKeyA
RegCloseKey
OpenProcessToken
GetUserNameW
RegQueryValueA
RegQueryValueExA
RegDeleteValueW
RegSetValueA
RegCreateKeyW
AdjustTokenPrivileges
RegSetValueExA
RegDeleteKeyW
RegOpenKeyExA
RegSetValueW
RegCreateKeyA
RegQueryValueExW
RegQueryValueW
RegSetValueExW
AddFontResourceA
GetCharABCWidthsFloatW
TextOutW
CreatePen
SaveDC
TextOutA
CreateFontIndirectA
GetTextMetricsA
SetStretchBltMode
GetPixel
Rectangle
GetObjectA
CreateDCA
LineTo
DeleteDC
SetBkMode
GetTextExtentPoint32A
StretchBlt
SetPixel
EndDoc
PtInRegion
StartPage
DeleteObject
BitBlt
CreateDIBSection
SetTextColor
GetDeviceCaps
CreateFontA
ExtTextOutW
MoveToEx
GetStockObject
CreateDIBitmap
SetPixelV
ExtTextOutA
GetDIBits
SetTextAlign
SelectClipRgn
CreateCompatibleDC
StartDocW
StretchDIBits
EndPage
CreateRectRgn
RemoveFontResourceA
GetBkColor
StartDocA
AbortDoc
GetTextColor
CreateSolidBrush
ExtCreatePen
SelectObject
SetBkColor
GetTextExtentPoint32W
CreateCompatibleBitmap
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetSystemInfo
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
HeapDestroy
ExitProcess
TlsAlloc
GetVersionExA
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
GetCPInfoExA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
LoadLibraryExA
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetConsoleOutputCP
WriteConsoleW
GetLongPathNameA
GetModuleHandleW
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointerEx
FreeEnvironmentStringsW
VirtualProtect
GetCommandLineA
GetProcAddress
GetStringTypeA
GetProcessHeap
SetStdHandle
GetModuleHandleA
GetFileSizeEx
WideCharToMultiByte
TlsFree
SetFilePointer
GlobalLock
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
OutputDebugStringA
HeapAlloc
TerminateProcess
GetLongPathNameW
LCMapStringA
WriteConsoleA
InitializeCriticalSection
HeapCreate
VirtualQuery
VirtualFree
FindFirstVolumeA
InterlockedDecrement
Sleep
GetFileType
FindNextVolumeA
TlsSetValue
CreateFileA
GetTickCount
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
LocalAlloc
SetLastError
InterlockedIncrement
SHGetFileInfoA
DragQueryFileW
DragFinish
SHGetFolderPathW
DragAcceptFiles
ShellExecuteW
DragQueryPoint
SHGetFileInfoW
ExtractIconW
ExtractIconA
ExtractAssociatedIconA
ShellExecuteA
EmptyClipboard
CharUpperA
CharLowerBuffW
EndDialog
BeginPaint
DrawStateA
DefWindowProcW
CheckRadioButton
CreateCaret
DestroyMenu
DialogBoxParamW
DefWindowProcA
DrawFrameControl
DefMDIChildProcW
SetWindowLongW
DefFrameProcW
DispatchMessageA
EndPaint
CreateMDIWindowW
DrawIcon
EnumChildWindows
MessageBoxA
AppendMenuW
CharLowerW
CharToOemA
CharUpperBuffW
DestroyCaret
CheckDlgButton
DrawTextA
CreatePopupMenu
CheckMenuItem
DestroyIcon
LoadStringA
GetWindowLongW
DrawIconEx
CharLowerA
CreateMenu
DrawMenuBar
DrawTextW
BringWindowToTop
AppendMenuA
EnableMenuItem
DeleteMenu
CallNextHookEx
DrawFocusRect
CreateWindowExA
CallWindowProcW
CountClipboardFormats
CharToOemBuffA
CharLowerBuffA
CharUpperBuffA
CharNextA
EnumClipboardFormats
CallWindowProcA
CreateWindowExW
EnableWindow
CloseClipboard
CharNextW
GetKeyboardType
ExitWindowsEx
DestroyWindow
GetFileVersionInfoA
VerQueryValueA
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:09:12 06:04:30+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
45056

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
292864

SubsystemVersion
5.0

EntryPoint
0x306f

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 6edaef466a97955a842f54e53f205991
SHA1 f5a8148bbe96e4a9da0540c07172f7bcca914a75
SHA256 b5c41658e9376eacf93ab7156a87ec5e66ab76253ef6d3e4f448dc9fe5c2f9f5
ssdeep
6144:EaYOKj8HY/RdZA7Ih/exYRmMEhSkrdrhC6c5R:fYOKjUWFTEhSudrq

imphash b8fdb2c3dc968cc971de66da04db17c4
File size 257.7 KB ( 263904 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2016-09-23 07:21:32 UTC ( 2 years, 4 months ago )
Last submission 2016-09-23 07:21:32 UTC ( 2 years, 4 months ago )
File names f5a8148bbe96e4a9da0540c07172f7bcca914a75.exe
nuzdizvax.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Code injections in the following processes
Created mutexes
Runtime DLLs