× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c9647058fd7c76c3843f8ae696ae6aa2e43e69c55636f3c2e4ba6620763d2b1f
File name: 2deb64e6c155d01e5d0b57fe55cda143.exe
Detection ratio: 8 / 69
Analysis date: 2018-12-06 12:25:38 UTC ( 2 months, 1 week ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20181022
Cylance Unsafe 20181206
Emsisoft Trojan-Spy.Ursnif (A) 20181206
Endgame malicious (high confidence) 20181108
Sophos ML heuristic 20181128
Qihoo-360 HEUR/QVM20.1.AEFC.Malware.Gen 20181206
Rising Malware.Heuristic!ET#76% (RDM+:cmRtazpIaxQELfw0nROy/Gjki2kg) 20181206
Webroot W32.Trojan.Gen 20181206
Ad-Aware 20181206
AegisLab 20181206
AhnLab-V3 20181206
Alibaba 20180921
ALYac 20181206
Antiy-AVL 20181205
Arcabit 20181206
Avast 20181206
Avast-Mobile 20181206
AVG 20181206
Avira (no cloud) 20181206
Babable 20180918
Baidu 20181206
BitDefender 20181206
Bkav 20181205
CAT-QuickHeal 20181206
ClamAV 20181206
CMC 20181205
Comodo 20181206
Cybereason 20180225
Cyren 20181206
DrWeb 20181206
eGambit 20181206
ESET-NOD32 20181206
F-Prot 20181206
F-Secure 20181206
Fortinet 20181206
GData 20181206
Ikarus 20181206
Jiangmin 20181206
K7AntiVirus 20181206
K7GW 20181206
Kaspersky 20181206
Kingsoft 20181206
Malwarebytes 20181206
MAX 20181206
McAfee 20181206
McAfee-GW-Edition 20181206
Microsoft 20181206
eScan 20181206
NANO-Antivirus 20181206
Palo Alto Networks (Known Signatures) 20181206
Panda 20181206
SentinelOne (Static ML) 20181011
Sophos AV 20181206
SUPERAntiSpyware 20181205
Symantec 20181206
Symantec Mobile Insight 20181204
TACHYON 20181206
Tencent 20181206
TheHacker 20181202
Trapmine 20181205
TrendMicro 20181206
TrendMicro-HouseCall 20181206
Trustlook 20181206
VBA32 20181205
VIPRE 20181206
ViRobot 20181206
Yandex 20181204
Zillya 20181206
ZoneAlarm by Check Point 20181206
Zoner 20181206
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© 1984-2002 Adobe Systems Incorporated

Product BIB
Original name BIB.dll
Internal name BIB
File version 1.1.8
Description Bravo Interface Binder
Signature verification A certificate was explicitly revoked by its issuer.
Signing date 9:06 PM 12/5/2018
Signers
[+] Mashud QA Solutions Ltd
Status Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer COMODO RSA Code Signing CA
Valid from 12:00 AM 11/26/2018
Valid to 11:59 PM 11/26/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 776E562B3211BDC2A4D12A5E6D014B7C0AE29C56
Serial number 00 97 30 EE 78 C1 BD 95 52 8C 3C 7F 2C F4 FD 39 BA
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 05/09/2013
Valid to 11:59 PM 05/08/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 01/19/2010
Valid to 11:59 PM 01/18/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] GlobalSign TSA for MS Authenticode - G2
Status Valid
Issuer GlobalSign Timestamping CA - G2
Valid from 12:00 AM 05/24/2016
Valid to 12:00 AM 06/24/2027
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 63B82FAB61F583909695050B00249C502933EC79
Serial number 11 21 D6 99 A7 64 97 3E F1 F8 42 7E E9 19 CC 53 41 14
[+] GlobalSign Timestamping CA - G2
Status Valid
Issuer GlobalSign Root CA
Valid from 10:00 AM 04/13/2011
Valid to 12:00 PM 01/28/2028
Valid usage All
Algorithm sha1RSA
Thumbrint C0E49D2D7D90A5CD427F02D9125694D5D6EC5B71
Serial number 04 00 00 00 00 01 2F 4E E1 52 D7
[+] GlobalSign Root CA - R1
Status Valid
Issuer GlobalSign Root CA
Valid from 12:00 PM 09/01/1998
Valid to 12:00 PM 01/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbrint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1993-03-25 23:01:31
Entry Point 0x000038B0
Number of sections 7
PE sections
Overlays
MD5 e72778400fabda62a23762572ad5ad24
File type data
Offset 151552
Size 6512
Entropy 7.45
PE imports
LookupPrivilegeDisplayNameW
GetTextCharsetInfo
GetCurrentObject
GetOutlineTextMetricsA
GetCurrentPositionEx
GetBkMode
GdiFlush
GetCharWidthA
GetBitmapBits
InterlockedExchange
LocalFree
GetStartupInfoA
GetProcessAffinityMask
LoadLibraryA
GetProcessWorkingSetSize
GetLastError
GetCommandLineA
FreeLibrary
GetPrivateProfileSectionNamesA
GetVolumePathNameW
DefineDosDeviceA
LocalAlloc
GetFileInformationByHandle
Sleep
GetProcAddress
GetStringTypeW
GetModuleFileNameA
GetPrivateProfileStringW
RaiseException
GetMessageA
GetForegroundWindow
ShowOwnedPopups
GetMenuStringA
DrawTextW
EnumWindows
GetCursor
DeleteMenu
DrawTextExA
GetMenuItemCount
GetShellWindow
InsertMenuItemW
GetDC
DeletePrinter
GetColorProfileHeader
strcoll
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.1.8.1

LanguageCode
Neutral 2

FileFlagsMask
0x003f

BuildDate
Wed Feb 27 2002 00:03:05

FileDescription
Bravo Interface Binder

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
106496

EntryPoint
0x38b0

OriginalFileName
BIB.dll

MIMEType
application/octet-stream

LegalCopyright
1984-2002 Adobe Systems Incorporated

FileVersion
1.1.8

TimeStamp
1993:03:26 00:01:31+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
BIB

ProductVersion
1.1

SubsystemVersion
5.0

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Adobe Systems Incorporated

BuildVersion
24.66485

CodeSize
45056

ProductName
BIB

ProductVersionNumber
1.1.0.1

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 2deb64e6c155d01e5d0b57fe55cda143
SHA1 750e0b5c7868e075a74e099359764d864eedb0a4
SHA256 c9647058fd7c76c3843f8ae696ae6aa2e43e69c55636f3c2e4ba6620763d2b1f
ssdeep
1536:zc9vrzGRhTEtSUd+HyoRdJUOEnwcFcRNTcNmi7WY2X4rgJHfUkuBWhwqiJ34dXLt:wlgEh4dUacATu4orMUzghZiJIDzNx

authentihash 164b9996113630a2101e89af34749fd6f598192f6639d0037213f426acc1e83d
imphash 5c279964366e8e1042e1ac59c95bb335
File size 154.4 KB ( 158064 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
revoked-cert peexe signed overlay

VirusTotal metadata
First submission 2018-12-06 12:25:33 UTC ( 2 months, 1 week ago )
Last submission 2019-01-22 03:48:37 UTC ( 3 weeks, 4 days ago )
File names BIB.dll
BIB
2deb64e6c155d01e5d0b57fe55cda143
2deb64e6c155d01e5d0b57fe55cda143_exe
output.114662505.txt
0019873990197.exe
2deb64e6c155d01e5d0b57fe55cda143.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs