× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c2cb907d96e321ba973f7c3b44eb2ae1fce5c642ea60edf78e70ffe5d8251942
File name: Transaction_Log2.exe
Detection ratio: 12 / 60
Analysis date: 2018-11-01 15:05:37 UTC ( 3 months, 2 weeks ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20181101
AVG FileRepMalware 20181101
CAT-QuickHeal Trojan.Drixed.100454 20181031
CrowdStrike Falcon (ML) malicious_confidence_80% (W) 20181022
Cylance Unsafe 20181101
Endgame malicious (high confidence) 20180730
Fortinet W32/GenKryptik.CMYY!tr 20181101
Sophos ML heuristic 20180717
Kaspersky UDS:DangerousObject.Multi.Generic 20181101
McAfee Artemis!04675E92AEAE 20181101
McAfee-GW-Edition Artemis 20181101
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181101
Ad-Aware 20181101
AegisLab 20181101
AhnLab-V3 20181101
Alibaba 20180921
ALYac 20181101
Antiy-AVL 20181101
Arcabit 20181101
Avast-Mobile 20181101
Avira (no cloud) 20181101
Babable 20180918
Baidu 20181101
BitDefender 20181101
Bkav 20181101
ClamAV 20181101
CMC 20181101
Cybereason 20180225
Cyren 20181101
DrWeb 20181101
eGambit 20181101
Emsisoft 20181101
ESET-NOD32 20181101
F-Prot 20181101
F-Secure 20181101
GData 20181101
Jiangmin 20181101
K7AntiVirus 20181101
K7GW 20181101
Kingsoft 20181101
Malwarebytes 20181101
MAX 20181101
Microsoft 20181101
eScan 20181101
NANO-Antivirus 20181101
Palo Alto Networks (Known Signatures) 20181101
Panda 20181101
Qihoo-360 20181101
Rising 20181101
SentinelOne (Static ML) 20181011
Sophos AV 20181101
SUPERAntiSpyware 20181031
Symantec 20181101
Symantec Mobile Insight 20181030
TACHYON 20181101
Tencent 20181101
TheHacker 20181031
TrendMicro 20181101
TrendMicro-HouseCall 20181101
Trustlook 20181101
VBA32 20181101
VIPRE 20181101
ViRobot 20181101
Webroot 20181101
Yandex 20181101
Zillya 20181101
Zoner 20181101
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product SQLite Database Library
Original name sqlite3.dll
Internal name sqlite3
File version 3.7.4
Description SQLite Database Library
Signature verification Signed file, verified signature
Signing date 9:06 AM 11/1/2018
Signers
[+] DECORDOVA LTD
Status Valid
Issuer COMODO RSA Code Signing CA
Valid from 1:00 AM 10/13/2018
Valid to 12:59 AM 10/14/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint C85CBB1C7FC4A6AB926EBA0EB5C27BE7C863C18F
Serial number 00 96 ED A7 AE D1 C1 E3 D7 BE 56 E7 CB 01 12 79 5E
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 5/9/2013
Valid to 12:59 AM 5/9/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 1/19/2010
Valid to 12:59 AM 1/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] DigiCert Timestamp Responder
Status Valid
Issuer DigiCert Assured ID CA-1
Valid from 1:00 AM 10/22/2014
Valid to 1:00 AM 10/22/2024
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 614D271D9102E30169822487FDE5DE00A352B01D
Serial number 03 01 9A 02 3A FF 58 B1 6B D6 D5 EA E6 17 F0 66
[+] DigiCert Assured ID CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2021
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing
Algorithm sha1RSA
Thumbrint 19A09B5A36F4DD99727DF783C17A51231A56C117
Serial number 06 FD F9 03 96 03 AD EA 00 0A EB 3F 27 BB BA 1B
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbrint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-03-18 14:03:08
Entry Point 0x000026C0
Number of sections 6
PE sections
Overlays
MD5 ee828e061b4f493e02a78ab20f1a9e6a
File type data
Offset 180224
Size 7576
Entropy 7.24
PE imports
InitiateSystemShutdownA
IsTokenRestricted
GetOutlineTextMetricsW
GetCharWidth32W
ExtCreatePen
GetTempFileNameW
GetQueuedCompletionStatus
FileTimeToLocalFileTime
GetCPInfo
GlobalHandle
GetBinaryTypeW
EnumSystemLocalesW
EnumSystemGeoID
FindNextVolumeMountPointW
FlushFileBuffers
WritePrivateProfileStructW
GetModuleHandleW
GetShortPathNameA
LockWindowUpdate
MessageBoxW
MessageBoxIndirectW
GetComboBoxInfo
FindCloseUrlCache
GetUrlCacheEntryInfoExW
GetColorDirectoryW
Ord(29)
GetClassFileOrMime
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.7.4.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
SQLite Database Library

ImageFileCharacteristics
Executable, 32-bit, System file

CharacterSet
Unicode

InitializedDataSize
159744

EntryPoint
0x26c0

OriginalFileName
sqlite3.dll

MIMEType
application/octet-stream

FileVersion
3.7.4

TimeStamp
2011:03:18 15:03:08+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
sqlite3

ProductVersion
3.7.4

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
sqlite.org

CodeSize
20480

ProductName
SQLite Database Library

ProductVersionNumber
3.7.4.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 04675e92aeae081cd5f24b5f1f8b2977
SHA1 03d0e876fc642e60697b2db3d1a6aee828c30f5a
SHA256 c2cb907d96e321ba973f7c3b44eb2ae1fce5c642ea60edf78e70ffe5d8251942
ssdeep

authentihash ccc7e7bb8277357c339124f6f08a81a09fa62c5d2459fae8b8e3df4b1ea3f798
imphash 38082b521af69d4e5ca7ec2cf0cc2470
File size 183.4 KB ( 187800 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-11-01 12:10:22 UTC ( 3 months, 2 weeks ago )
Last submission 2018-11-12 02:02:18 UTC ( 3 months, 1 week ago )
File names sqlite3.dll
Transaction_Log.exe
Transaction_Log.exe
04675e92aeae081cd5f24b5f1f8b2977
Transaction_Log.exe
sqlite3
Transaction_Log2.exe
Transaction_Log.exe";filename*=UTF-8''Transaction_Log.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.