× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bd9ca389c2c5d8ddee67e15ce01dec86c630195dd17a63827f5fb80badadda76
File name: kioslave.exe
Detection ratio: 0 / 66
Analysis date: 2019-02-15 06:26:42 UTC ( 3 months, 1 week ago )
Antivirus Result Update
Acronis 20190221
Ad-Aware 20190221
AegisLab 20190221
AhnLab-V3 20190221
Alibaba 20180921
ALYac 20190221
Antiy-AVL 20190221
Arcabit 20190221
Avast 20190221
Avast-Mobile 20190221
AVG 20190221
Avira (no cloud) 20190221
Babable 20180918
Baidu 20190215
BitDefender 20190221
CAT-QuickHeal 20190221
ClamAV 20190221
CMC 20190221
Comodo 20190221
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cylance 20190221
Cyren 20190221
DrWeb 20190221
eGambit 20190221
Emsisoft 20190221
Endgame 20190215
ESET-NOD32 20190221
F-Secure 20190221
Fortinet 20190220
GData 20190221
Ikarus 20190221
Sophos ML 20181128
Jiangmin 20190221
K7AntiVirus 20190221
K7GW 20190221
Kaspersky 20190221
Kingsoft 20190221
Malwarebytes 20190221
MAX 20190221
McAfee 20190221
McAfee-GW-Edition 20190221
Microsoft 20190221
eScan 20190221
NANO-Antivirus 20190221
Palo Alto Networks (Known Signatures) 20190221
Panda 20190221
Qihoo-360 20190221
Rising 20190221
SentinelOne (Static ML) 20190203
Sophos AV 20190221
SUPERAntiSpyware 20190220
Symantec 20190221
Symantec Mobile Insight 20190220
TACHYON 20190221
Tencent 20190221
TheHacker 20190217
TotalDefense 20190221
Trapmine 20190123
Trustlook 20190221
VBA32 20190221
VIPRE 20190221
ViRobot 20190221
Webroot 20190221
Yandex 20190221
ZoneAlarm by Check Point 20190221
Zoner 20190220
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 7:12 PM 1/23/2019
Signers
[+] K Desktop Environment e.V.
Status Valid
Issuer DigiCert SHA2 Assured ID Code Signing CA
Valid from 11:00 PM 09/08/2017
Valid to 11:00 AM 09/11/2020
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint B3C0F5F192924AEBED669F1D180279A954A066B3
Serial number 08 7C F8 78 79 FA A9 4B 9D CA BA 3C 3A 8B 0D 88
[+] DigiCert SHA2 Assured ID Code Signing CA
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 11:00 AM 10/22/2013
Valid to 11:00 AM 10/22/2028
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 92C1588E85AF2201CE7915E8538B492F605B80C6
Serial number 04 09 18 1B 5F D5 BB 66 75 53 43 B5 6F 95 50 08
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 12:00 AM 11/10/2006
Valid to 12:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
Counter signers
[+] DigiCert SHA2 Timestamp Responder
Status Valid
Issuer DigiCert SHA2 Assured ID Timestamping CA
Valid from 12:00 AM 01/04/2017
Valid to 12:00 AM 01/18/2028
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 400191475C98891DEBA104AF47091B5EB6D4CBCB
Serial number 09 C0 FC 46 C8 04 42 13 B5 59 8B AF 28 4F 4E 41
[+] DigiCert SHA2 Assured ID Timestamping CA
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 12:00 PM 01/07/2016
Valid to 12:00 PM 01/07/2031
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 3BA63A6E4841355772DEBEF9CDCF4D5AF353A297
Serial number 0A A1 25 D6 D6 32 1B 7E 41 E4 05 DA 36 97 C2 15
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 12:00 AM 11/10/2006
Valid to 12:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbrint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-23 11:21:13
Entry Point 0x00001041
Number of sections 8
PE sections
Overlays
MD5 ef05d7aa49f8f6f5ce3cc68f3ac9abfd
File type data
Offset 36864
Size 7160
Entropy 7.25
PE imports
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
EnterCriticalSection
SetEvent
QueryPerformanceCounter
IsDebuggerPresent
DebugBreak
WaitForSingleObjectEx
DeleteCriticalSection
GetCurrentProcess
GetCurrentProcessId
UnhandledExceptionFilter
GetStartupInfoW
GetProcAddress
InitializeSListHead
SetUnhandledExceptionFilter
ResetEvent
IsProcessorFeaturePresent
GetModuleHandleW
TerminateProcess
CreateEventW
CloseHandle
GetCurrentThreadId
LeaveCriticalSection
?findPlugin@KPluginLoader@@SA?AVQString@@ABV2@@Z
?toLocal8Bit@QString@@QGBE?AVQByteArray@@XZ
??8QString@@QBE_NVQLatin1String@@@Z
?resolve@QLibrary@@QAEP6AXXZPBD@Z
?errorString@QLibrary@@QBE?AVQString@@XZ
??1QString@@QAE@XZ
??8@YA_NABVQString@@0@Z
?toLocal8Bit@QString@@QHAE?AVQByteArray@@XZ
?arg@QString@@QBE?AV1@ABV1@HVQChar@@@Z
?toLatin1@QString@@QHAE?AVQByteArray@@XZ
??1QLibrary@@UAE@XZ
?decodeName@QFile@@SA?AVQString@@PBD@Z
?fromLocal8Bit@QString@@SA?AV1@ABVQByteArray@@@Z
?qgetenv@@YA?AVQByteArray@@PBD@Z
?load@QLibrary@@QAE_NXZ
??0QLibrary@@QAE@ABVQString@@PAVQObject@@@Z
?fromLocal8Bit@QString@@SA?AV1@PBDH@Z
??1QByteArray@@QAE@XZ
??0QChar@@QAE@UQLatin1Char@@@Z
?arg@QString@@QBE?AV1@HHHVQChar@@@Z
?constData@QByteArray@@QBEPBDXZ
MessageBoxA
__CxxFrameHandler3
_except_handler4_common
memset
__std_type_info_destroy_list
_configthreadlocale
setlocale
_configure_narrow_argv
_register_onexit_function
_set_app_type
terminate
_register_thread_local_exe_atexit_callback
_controlfp_s
_initialize_onexit_table
_cexit
_seh_filter_exe
_c_exit
_getpid
_execute_onexit_table
exit
_initialize_narrow_environment
_initterm_e
_crt_at_quick_exit
_get_initial_narrow_environment
__p___argc
__p___argv
_initterm
_seh_filter_dll
_exit
_crt_atexit
__stdio_common_vfprintf
__p__commode
_set_fmode
__acrt_iob_func
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2019:01:23 12:21:13+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
18944

LinkerVersion
14.14

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x1041

InitializedDataSize
18432

SubsystemVersion
6.0

ImageVersion
0.0

OSVersion
6.0

UninitializedDataSize
0

File identification
MD5 be41ce13a185463ea35a8c6466f7148e
SHA1 9e35a34f2f4586d5e4cf3069976e3c01dcbed44e
SHA256 bd9ca389c2c5d8ddee67e15ce01dec86c630195dd17a63827f5fb80badadda76
ssdeep
384:ipFJvM09rGDJrx9ozXV24nbYN7moSuhr0DGPPnhs:ipk+GDFURnbISS0DGHhs

authentihash 84e99ad335ae2989ed82c7bc9cb1739597a1ab48ed59b74ccfb0af9c7c1c97fd
imphash ee3b2566564eaeb216089d3d4e1436e1
File size 43.0 KB ( 44024 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2019-01-24 10:13:25 UTC ( 4 months ago )
Last submission 2019-01-24 10:13:25 UTC ( 4 months ago )
File names kioslave.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!