× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bfcafdcd7bbfd350a61f41ab802a21c1c103df49ae295ff3fcd5d55678cf41b0
File name: ipseclog.exe
Detection ratio: 0 / 68
Analysis date: 2018-02-27 08:49:17 UTC ( 10 months, 4 weeks ago )
Antivirus Result Update
Ad-Aware 20180227
AegisLab 20180227
AhnLab-V3 20180227
Alibaba 20180227
ALYac 20180227
Antiy-AVL 20180227
Arcabit 20180227
Avast 20180227
Avast-Mobile 20180226
AVG 20180227
Avira (no cloud) 20180227
AVware 20180227
Baidu 20180227
BitDefender 20180227
Bkav 20180224
CAT-QuickHeal 20180227
ClamAV 20180227
CMC 20180227
Comodo 20180227
CrowdStrike Falcon (ML) 20170201
Cybereason 20180225
Cylance 20180227
Cyren 20180227
DrWeb 20180227
eGambit 20180227
Emsisoft 20180227
Endgame 20180223
ESET-NOD32 20180227
F-Prot 20180227
F-Secure 20180227
Fortinet 20180227
GData 20180227
Ikarus 20180226
Sophos ML 20180121
Jiangmin 20180227
K7AntiVirus 20180227
K7GW 20180227
Kaspersky 20180227
Kingsoft 20180227
Malwarebytes 20180227
MAX 20180227
McAfee 20180227
McAfee-GW-Edition 20180227
Microsoft 20180227
eScan 20180227
NANO-Antivirus 20180227
nProtect 20180227
Palo Alto Networks (Known Signatures) 20180227
Panda 20180226
Qihoo-360 20180227
Rising 20180227
SentinelOne (Static ML) 20180225
Sophos AV 20180227
SUPERAntiSpyware 20180227
Symantec 20180227
Symantec Mobile Insight 20180220
Tencent 20180227
TheHacker 20180225
TotalDefense 20180227
TrendMicro 20180227
Trustlook 20180227
VBA32 20180226
VIPRE 20180227
ViRobot 20180227
Webroot 20180227
WhiteArmor 20180223
Yandex 20180226
Zillya 20180226
ZoneAlarm by Check Point 20180227
Zoner 20180227
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 7:00 PM 9/27/2010
Signers
[+] Cisco Systems, Inc.
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer Thawte Code Signing CA
Valid from 1:00 AM 3/12/2009
Valid to 12:59 AM 5/24/2011
Valid usage Code Signing, 1.3.6.1.4.1.311.2.1.22
Algorithm sha1RSA
Thumbprint C0E220A42F6627694339196F1C414382E28D45B1
Serial number 33 2B 73 95 83 1C FA 9C EC 1E CB 70 68 80 ED
[+] Thawte Code Signing CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Premium Server CA
Valid from 1:00 AM 8/6/2003
Valid to 12:59 AM 8/6/2013
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint A706BA1ECAB6A2AB18699FC0D7DD8C7DE36F290F
Serial number 0A
[+] thawte
Status Valid
Issuer Thawte Premium Server CA
Valid from 1:00 AM 8/1/1996
Valid to 12:59 AM 1/1/2021
Valid usage Server Auth, Code Signing
Algorithm md5RSA
Thumbprint 627F8D7827656399D27D7F9044C9FEB3F33EFA9A
Serial number 01
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 1:00 AM 6/15/2007
Valid to 12:59 AM 6/15/2012
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-09-27 17:55:08
Entry Point 0x00021CB0
Number of sections 4
PE sections
Overlays
MD5 4fb157d336b676fd7d089467df3f167c
File type data
Offset 172032
Size 4912
Entropy 7.27
PE imports
RegCloseKey
DeregisterEventSource
RegQueryValueExA
RegisterEventSourceA
RegOpenKeyExA
ReportEventA
GetLastError
MoveFileA
CreateFileA
SetConsoleCtrlHandler
GetModuleHandleA
FindFirstFileA
DeleteFileA
RemoveDirectoryA
GetCurrentDirectoryA
FindClose
CopyFileA
Sleep
CloseHandle
CreateDirectoryA
FindNextFileA
GetVersionExA
GetProcAddress
SetCurrentDirectoryA
_purecall
__p__fmode
malloc
realloc
_strdate
__dllonexit
fgets
fprintf
_chmod
_getch
fflush
fopen
_iob
_except_handler3
_errno
??2@YAPAXI@Z
fwrite
fseek
_mbscmp
_open
_onexit
ftell
exit
_XcptFilter
__setusermatherr
getchar
_controlfp
localtime
_adjust_fdiv
__CxxFrameHandler
_mbsicmp
_fdopen
fclose
__p__commode
??3@YAXPAX@Z
free
__p___initenv
atol
__getmainargs
calloc
_write
_initterm
_stat
_putch
_vsnprintf
perror
ctime
memmove
_read
strchr
isspace
time
_exit
_close
_ftime
__set_app_type
htonl
getsockname
accept
WSAStartup
connect
shutdown
htons
inet_ntoa
WSAGetLastError
gethostname
closesocket
ntohl
inet_addr
send
ntohs
select
listen
__WSAFDIsSet
WSACleanup
gethostbyname
WSASetLastError
recv
setsockopt
socket
bind
recvfrom
sendto
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

TimeStamp
2010:09:27 18:55:08+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
139264

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
49152

SubsystemVersion
4.0

EntryPoint
0x21cb0

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 9fb7042a9e25466b97308a4071ba9786
SHA1 a36a51b67df0e1558102722c09d47ff5fcbabe19
SHA256 bfcafdcd7bbfd350a61f41ab802a21c1c103df49ae295ff3fcd5d55678cf41b0
ssdeep
3072:bmlqvJ5tL6uA53Ly72Rf4Ws7wOlbLu9iMWBTIJswsf:bmlqv5q7yCV4Ws7wOlXfMWBTQG

authentihash 240fcc4c9183b385010ed4de05b6a413beba4cb7b6bff7702b4d8593b0026f5b
imphash fd042602d533f5c0f60d4c862f868ea8
File size 172.8 KB ( 176944 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2011-09-20 11:30:10 UTC ( 7 years, 4 months ago )
Last submission 2016-04-27 21:24:28 UTC ( 2 years, 8 months ago )
File names sbs_ve_ambr_20151011210340.464_ 241
file-2813890_exe
ipseclog.exe
ipseclog.exe
IPSecLog.exe
IPSecLog.exe
sbs_ve_ambr_20150926210157.647_ 241
IPSecLog.exe
IPSecLog.exe
sbs_ve_ambr_20150701210127.690_ 607
IPSecLog.exe
IPSecLog.exe
IPSecLog.exe
sbs_ve_ambr_20150926210159.597_ 607
IPSecLog.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Deleted files