× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ba6639229dae83107e1faa25d3a4703d40d9df6f2689ae545222f3426d911575
File name: zbetcheckin_tracker_fontbase_setup_amd64.exe
Detection ratio: 9 / 68
Analysis date: 2018-12-04 08:58:35 UTC ( 2 months, 1 week ago ) View latest
Antivirus Result Update
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GNFV 20181204
Sophos ML heuristic 20181128
Kaspersky Trojan-Spy.Win32.Ursnif.afcx 20181204
McAfee Artemis!CBE11741930C 20181204
McAfee-GW-Edition Artemis!Trojan 20181204
Rising Malware.Heuristic!ET#87% (RDM+:cmRtazpRlUYhcMt/C8sT03bHgB9A) 20181204
Sophos AV Mal/Generic-S 20181204
ZoneAlarm by Check Point Trojan-Spy.Win32.Ursnif.afcx 20181204
Ad-Aware 20181204
AegisLab 20181204
AhnLab-V3 20181203
Alibaba 20180921
ALYac 20181204
Antiy-AVL 20181204
Arcabit 20181204
Avast 20181204
Avast-Mobile 20181203
AVG 20181204
Avira (no cloud) 20181204
Babable 20180918
Baidu 20181203
BitDefender 20181204
Bkav 20181203
CAT-QuickHeal 20181203
ClamAV 20181203
CMC 20181204
Comodo 20181204
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181204
Cyren 20181204
DrWeb 20181204
eGambit 20181204
Emsisoft 20181204
F-Prot 20181204
F-Secure 20181204
Fortinet 20181204
GData 20181204
Ikarus 20181203
Jiangmin 20181204
K7AntiVirus 20181204
K7GW 20181204
Kingsoft 20181204
Malwarebytes 20181204
MAX 20181204
Microsoft 20181204
eScan 20181204
NANO-Antivirus 20181204
Palo Alto Networks (Known Signatures) 20181204
Panda 20181203
Qihoo-360 20181204
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181128
Symantec 20181204
Symantec Mobile Insight 20181204
TACHYON 20181204
Tencent 20181204
TheHacker 20181202
Trapmine 20181128
TrendMicro 20181204
TrendMicro-HouseCall 20181204
Trustlook 20181204
VBA32 20181203
ViRobot 20181204
Webroot 20181204
Yandex 20181130
Zillya 20181203
Zoner 20181204
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© Microso

Product Microsoft
Original name tv_w32.dll
Internal name kbdfi (3.
File version 13.0.5640.0
Description Finnish Keyb
Comments Used by TeamViewer Remote Control
Signature verification A certificate was explicitly revoked by its issuer.
Signing date 7:35 AM 12/3/2018
Signers
[+] AXITRONICS LTD
Status Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer COMODO RSA Code Signing CA
Valid from 12:00 AM 11/28/2018
Valid to 11:59 PM 11/28/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 6A7874902FF2775157E2A6A4B0CFE1453F2B25E2
Serial number 76 47 29 5A 0C 98 F9 5C 19 83 FD C4 16 BD A8 34
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 05/09/2013
Valid to 11:59 PM 05/08/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 01/19/2010
Valid to 11:59 PM 01/18/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] COMODO SHA-1 Time Stamping Signer
Status Valid
Issuer UTN-USERFirst-Object
Valid from 12:00 AM 12/31/2015
Valid to 06:40 PM 07/09/2019
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 03A5B14663EB12023091B84A6D6A68BC871DE66B
Serial number 16 88 F0 39 25 5E 63 8E 69 14 39 07 E6 33 0B
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 06:31 PM 07/09/1999
Valid to 06:40 PM 07/09/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-12-05 09:46:19
Entry Point 0x00004550
Number of sections 5
PE sections
Overlays
MD5 5edc2ac33f145757b714eec956bd6e2a
File type data
Offset 94208
Size 5328
Entropy 7.43
PE imports
GetArcDirection
GetDiskFreeSpaceExA
CreateProcessA
GetModuleHandleW
AllocConsole
HeapAlloc
AddRefActCtx
GetGeoInfoW
VarR4FromDec
NdrSimpleStructUnmarshall
RpcBindingInqObject
SetupQuerySpaceRequiredOnDriveW
SetupDiGetClassImageListExW
UrlApplySchemeW
wvsprintfW
EnumDisplayMonitors
GetIconInfo
CharUpperBuffA
GetMessagePos
GetClipboardData
CoInvalidateRemoteMachineBindings
Number of PE resources by type
RT_BITMAP 6
RT_VERSION 1
Number of PE resources by language
GERMAN 7
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

Comments
Used by TeamViewer Remote Control

LinkerVersion
14.11

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
13.0.5640.0

LanguageCode
Neutral

FileFlagsMask
0x0017

FileDescription
Finnish Keyb

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
65520

EntryPoint
0x4550

OriginalFileName
tv_w32.dll

MIMEType
application/octet-stream

LegalCopyright
Microso

FileVersion
13.0.5640.0

TimeStamp
2017:12:05 10:46:19+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
kbdfi (3.

ProductVersion
13.0.5640.0

UninitializedDataSize
0

OSVersion
5.0

FileOS
Windows NT

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corp

CodeSize
24576

ProductName
Microsoft

ProductVersionNumber
13.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 cbe11741930cc6559f6b22f42848fcc8
SHA1 f38b9842f583dfa9a04128db5ebf959d821ac59b
SHA256 ba6639229dae83107e1faa25d3a4703d40d9df6f2689ae545222f3426d911575
ssdeep
1536:N9uHM2LSlV1DzLkUUQvgBNZXE8IUnWCLyzfE3cJoxr5hV06RZcOIBnigigiC:NaLiVzLj8NZU8ZnPL4fD24Bnigim

authentihash fabdf84b34c6f1bb4bdae565e134dde3885f2426f42f92626b800526651fb884
imphash dd75fd9505c6dbd9470fa5edd7197580
File size 97.2 KB ( 99536 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
revoked-cert peexe signed overlay

VirusTotal metadata
First submission 2018-12-03 10:08:44 UTC ( 2 months, 2 weeks ago )
Last submission 2018-12-03 10:08:44 UTC ( 2 months, 2 weeks ago )
File names kbdfi (3.
fontbase_setup_amd64.exe
zbetcheckin_tracker_fontbase_setup_amd64.exe
tv_w32.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs