× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b6b49d57c21b7b049e73320a0786bdcaa5d57d64ac8a217db4e14663cd86e34a
File name: 1f23f467f12ca8f523e76d6953a0148b.exe
Detection ratio: 4 / 55
Analysis date: 2015-07-13 20:51:12 UTC ( 3 years, 10 months ago ) View latest
Antivirus Result Update
Avira (no cloud) TR/Injector.328256 20150713
ESET-NOD32 a variant of MSIL/Injector.KRZ 20150713
Fortinet MSIL/KQT!tr 20150713
Malwarebytes PUP.Optional.Bundle 20150713
Ad-Aware 20150713
AegisLab 20150713
Yandex 20150713
AhnLab-V3 20150713
Alibaba 20150713
ALYac 20150713
Antiy-AVL 20150713
Arcabit 20150713
Avast 20150713
AVG 20150713
AVware 20150713
Baidu-International 20150713
BitDefender 20150713
Bkav 20150713
ByteHero 20150713
CAT-QuickHeal 20150713
ClamAV 20150713
Comodo 20150713
Cyren 20150713
DrWeb 20150713
Emsisoft 20150713
F-Prot 20150713
F-Secure 20150713
GData 20150713
Ikarus 20150713
Jiangmin 20150713
K7AntiVirus 20150713
K7GW 20150713
Kaspersky 20150713
Kingsoft 20150713
McAfee 20150713
McAfee-GW-Edition 20150713
Microsoft 20150713
eScan 20150713
NANO-Antivirus 20150713
nProtect 20150713
Panda 20150713
Qihoo-360 20150713
Rising 20150713
Sophos AV 20150713
SUPERAntiSpyware 20150713
Symantec 20150713
Tencent 20150713
TheHacker 20150713
TrendMicro 20150713
TrendMicro-HouseCall 20150713
VBA32 20150713
VIPRE 20150713
ViRobot 20150713
Zillya 20150713
Zoner 20150713
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright

Original name OveractOrderingsPop.exe
Internal name OveractOrderingsPop.exe
File version 0.0.0.1
Description
Signature verification A certificate was explicitly revoked by its issuer.
Signing date 12:01 AM 7/11/2015
Signers
[+] Brand IT
Status This certificate or one of the certificates in the certificate chain is not time valid., Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer thawte SHA256 Code Signing CA
Valid from 1:00 AM 5/8/2015
Valid to 12:59 AM 5/8/2016
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint B3B722F698D160E18A4804D080673CB24C07EE3D
Serial number 50 4A 4A B6 A1 86 38 1D EF 8F D5 F2 D9 DC 1C 66
[+] thawte SHA256 Code Signing CA
Status Valid
Issuer thawte Primary Root CA
Valid from 1:00 AM 12/10/2013
Valid to 12:59 AM 12/10/2023
Valid usage Client Auth, Code Signing
Algorithm sha256RSA
Thumbprint D00CFDBF46C98A838BC10DC4E097AE0152C461BC
Serial number 71 A0 B7 36 95 DD B1 AF C2 3B 2B 9A 18 EE 54 CB
[+] thawte
Status Valid
Issuer thawte Primary Root CA
Valid from 1:00 AM 11/17/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 91C6D6EE3E8AC86384E548C299295C756C817B81
Serial number 34 4E D5 57 20 D5 ED EC 49 F4 2F CE 37 DB 2B 6D
Counter signers
[+] COMODO Time Stamping Signer
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 5/5/2015
Valid to 12:59 AM 1/1/2016
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint DF946A5E503015777FD22F46B5624ECD27BEE376
Serial number 00 9F EA C8 11 B0 F1 62 47 A5 FC 20 D8 05 23 AC E6
[+] UTN-USERFirst-Object
Status Valid
Issuer AddTrust External CA Root
Valid from 9:09 AM 6/7/2005
Valid to 11:48 AM 5/30/2020
Valid usage All
Algorithm sha1RSA
Thumbrint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] The USERTrust Network?
Status Valid
Issuer AddTrust External CA Root
Valid from 11:48 AM 5/30/2000
Valid to 11:48 AM 5/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbrint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-07-10 23:01:46
Entry Point 0x000503DE
Number of sections 3
.NET details
Module Version ID 8136dde2-df40-4e76-ad3b-986e95b79f91
PE sections
Overlays
MD5 788d6676f2af39d6d48aed4610874022
File type data
Offset 324608
Size 3648
Entropy 7.39
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
GERMAN AUSTRIAN 1
LATVIAN DEFAULT 1
SPANISH VENEZUELA 1
SWAHILI DEFAULT 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
3584

EntryPoint
0x503de

OriginalFileName
OveractOrderingsPop.exe

MIMEType
application/octet-stream

FileVersion
0.0.0.1

TimeStamp
2015:07:11 00:01:46+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
OveractOrderingsPop.exe

ProductVersion
0.0.0.1

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
320512

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
0.0.0.1

File identification
MD5 1f23f467f12ca8f523e76d6953a0148b
SHA1 9adeb8fc8c7ce95e47e692d0cafeb98f4aa05192
SHA256 b6b49d57c21b7b049e73320a0786bdcaa5d57d64ac8a217db4e14663cd86e34a
ssdeep
6144:FOmqW6vkKE9ZDFZBm8muXSa90gJuROJFt4G7FX3h2YtWd2xXEhNpBeYpS:JTdBXzRRJL42oXbpS

authentihash bb16e5f170983ce32a667abb36c01a76c1c038edf7e6f732ec3f388bc28860db
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 320.6 KB ( 328256 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Windows screen saver (46.4%)
Win32 Dynamic Link Library (generic) (23.3%)
Win32 Executable (generic) (15.9%)
Generic Win/DOS Executable (7.1%)
DOS Executable Generic (7.0%)
Tags
revoked-cert peexe assembly signed overlay

VirusTotal metadata
First submission 2015-07-13 20:51:12 UTC ( 3 years, 10 months ago )
Last submission 2015-07-13 20:51:12 UTC ( 3 years, 10 months ago )
File names 1f23f467f12ca8f523e76d6953a0148b.exe
OveractOrderingsPop.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections