× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c9b87bbb56caa63d0bb1588e44a3cfbf686f0e5f5dac173c3c25f864f44b7991
File name: NGH150_AllWin_EnglishTryBuy30.exe
Detection ratio: 0 / 57
Analysis date: 2016-03-31 23:18:17 UTC ( 2 years, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware 20160331
AegisLab 20160331
AhnLab-V3 20160330
Alibaba 20160323
ALYac 20160331
Antiy-AVL 20160331
Arcabit 20160331
Avast 20160331
AVG 20160331
Avira (no cloud) 20160331
AVware 20160331
Baidu 20160331
Baidu-International 20160331
BitDefender 20160331
Bkav 20160331
CAT-QuickHeal 20160331
ClamAV 20160331
CMC 20160322
Comodo 20160331
Cyren 20160331
DrWeb 20160331
Emsisoft 20160331
ESET-NOD32 20160331
F-Prot 20160331
F-Secure 20160331
Fortinet 20160330
GData 20160331
Ikarus 20160331
Jiangmin 20160331
K7AntiVirus 20160331
K7GW 20160331
Kaspersky 20160331
Kingsoft 20160401
Malwarebytes 20160331
McAfee 20160331
McAfee-GW-Edition 20160331
Microsoft 20160331
eScan 20160331
NANO-Antivirus 20160331
nProtect 20160331
Panda 20160331
Qihoo-360 20160401
Rising 20160331
Sophos AV 20160331
SUPERAntiSpyware 20160331
Symantec 20160331
Tencent 20160401
TheHacker 20160330
TotalDefense 20160330
TrendMicro 20160331
TrendMicro-HouseCall 20160331
VBA32 20160331
VIPRE 20160401
ViRobot 20160331
Yandex 20160316
Zillya 20160331
Zoner 20160331
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 7:54 AM 10/2/2009
Signers
[+] Symantec Corporation
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2004 CA
Valid from 1:00 AM 10/31/2007
Valid to 12:59 AM 11/25/2010
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 508E846523E1B131438B220694BE91793886508E
Serial number 75 8F 5E E8 26 3B 66 94 71 9D 84 34 EB 99 86 08
[+] VeriSign Class 3 Code Signing 2004 CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 7/16/2004
Valid to 12:59 AM 7/16/2014
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 197A4AEBDB25F0170079BB8C73CB2D655E0018A4
Serial number 41 91 A1 5A 39 78 DF CF 49 65 66 38 1D 4C 75 C2
[+] VeriSign Class 3 Public Primary CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 1/29/1996
Valid to 12:59 AM 8/2/2028
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm md2RSA
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 1:00 AM 6/15/2007
Valid to 12:59 AM 6/15/2012
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT UPX, appended, RAR, UTF-8, Unicode, CAB
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-01-09 10:12:26
Entry Point 0x000451E0
Number of sections 3
PE sections
Overlays
MD5 ee48f73e9165fe9a8aced4dbacef2378
File type application/x-rar
Offset 74752
Size 125422288
Entropy 8.00
PE imports
RegCloseKey
GetOpenFileNameA
DeleteObject
LoadLibraryA
ExitProcess
GetProcAddress
OleInitialize
SHGetMalloc
SetMenu
Number of PE resources by type
RT_DIALOG 6
RT_STRING 4
RT_ICON 4
RT_RCDATA 1
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 16
NEUTRAL 1
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2004:01:09 11:12:26+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
69632

LinkerVersion
5.0

EntryPoint
0x451e0

InitializedDataSize
8192

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
212992

File identification
MD5 90f2927c741928051b5637a599e0eb0d
SHA1 cceffacd067d38b07e3d6722138bdafb56184560
SHA256 c9b87bbb56caa63d0bb1588e44a3cfbf686f0e5f5dac173c3c25f864f44b7991
ssdeep
3145728:g+wsKk7HrtZlPy+8/xjlNBrSD6i+mPZp7no12jHPiKDQFY4:glsvblKZvLroPZJo1QbDwY4

authentihash d499c4743968ae24a8e80ec72a74cb7625e1b52f7f6cb579bdf8862e366bfaf3
imphash b602426ec706e7b23572160bb5b68285
File size 119.7 MB ( 125497040 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID WinRAR Self Extracting archive (87.9%)
UPX compressed Win32 Executable (4.5%)
Win32 EXE Yoda's Crypter (4.5%)
Win32 Dynamic Link Library (generic) (1.1%)
Win32 Executable (generic) (0.7%)
Tags
peexe overlay signed upx via-tor software-collection

VirusTotal metadata
First submission 2013-04-12 14:55:32 UTC ( 5 years, 2 months ago )
Last submission 2018-06-06 17:04:39 UTC ( 2 weeks ago )
File names NGH150_AllWin_English.exe
NGH150_AllWin_EnglishTryBuy30.exe
norton-ghost_15.exe
NGH150_AllWin_EnglishTryBuy30 (1).exe
AppNee.com.Norton.Ghost.15.Full.Setup.exe
NGH150_AllWin_EnglishTryBuy30.exe
install(norton ghost).exe
NortonGhost15.0_English.exe
setupNGH150_AllWin_EnglishTryBuy30.exe
norton-ghost-15-0-NGH150_AllWin_EnglishTryBuy30.exe
_Getintopc.com_NGH150_AllWin_Setup.exe
ngh150_allwin_englishtrybuy30.exe
NGH150_AllWin_EnglishTryBuy30.exe
NGH150_AllWin_EnglishTryBuy30_3.exe
NGH150_AllWin_EnglishTryBuy30.exe
NGH150_AllWin_EnglishTryBuy30.exe
norton-ghost.exe
89300
NGH150_AllWin_EnglishTryBuy30.ex
norton-ghost_15_2.exe
NortonGhost150_AllWin.exe
NGH150_AllWin_EnglishTryBuy30.exe
10605-Norton_Ghost-15_0.exe
NGH150_AllWin_EnglishTryBuy30.exe
Norton Ghost 15.0 (30 day trial).exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!