× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cf19db562ce93c9eda38e4abc52ff958c010569c0823c83bd924108279737fc3
File name: clear.fi Resident Program
Detection ratio: 0 / 66
Analysis date: 2018-04-19 09:21:11 UTC ( 1 year, 1 month ago )
Antivirus Result Update
Ad-Aware 20180419
AegisLab 20180419
AhnLab-V3 20180418
Alibaba 20180419
ALYac 20180419
Antiy-AVL 20180418
Arcabit 20180419
Avast 20180419
Avast-Mobile 20180419
AVG 20180419
Avira (no cloud) 20180419
AVware 20180419
Baidu 20180419
BitDefender 20180419
Bkav 20180410
CAT-QuickHeal 20180418
ClamAV 20180419
CMC 20180419
Comodo 20180419
CrowdStrike Falcon (ML) 20170201
Cybereason None
Cylance 20180419
Cyren 20180419
DrWeb 20180419
eGambit 20180419
Emsisoft 20180419
Endgame 20180403
ESET-NOD32 20180419
F-Prot 20180419
F-Secure 20180419
Fortinet 20180419
GData 20180419
Ikarus 20180419
Sophos ML 20180121
Jiangmin 20180419
K7AntiVirus 20180419
K7GW 20180419
Kaspersky 20180419
Kingsoft 20180419
Malwarebytes 20180419
MAX 20180419
McAfee 20180419
Microsoft 20180419
eScan 20180419
NANO-Antivirus 20180419
nProtect 20180419
Palo Alto Networks (Known Signatures) 20180419
Panda 20180418
Rising 20180419
SentinelOne (Static ML) 20180225
Sophos AV 20180419
SUPERAntiSpyware 20180419
Symantec 20180419
Symantec Mobile Insight 20180419
Tencent 20180419
TheHacker 20180415
TotalDefense 20180419
TrendMicro 20180419
TrendMicro-HouseCall 20180419
Trustlook 20180419
VBA32 20180418
VIPRE 20180419
ViRobot 20180419
Webroot 20180419
WhiteArmor 20180408
Yandex 20180417
Zillya 20180418
ZoneAlarm by Check Point 20180419
Zoner 20180418
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2010 CyberLink Corp.

Product Acer clear.fi
Original name clear.fiAgent.exe
Internal name clear.fi Resident Program
File version 4, 0, 7229, 0
Description clear.fi Resident Program
Signature verification A certificate was explicitly revoked by its issuer.
Signing date 7:47 AM 9/18/2012
Signers
[+] CyberLink
Status This certificate or one of the certificates in the certificate chain is not time valid., Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 3/9/2012
Valid to 12:59 AM 4/13/2015
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint B9140E3C0AAD78C194F0E28EFF6B5A0147F55A54
Serial number 1D 22 61 08 CB B0 EB 7B 50 46 97 BD FE C6 6A 8B
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G3
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 1:00 AM 5/1/2012
Valid to 12:59 AM 1/1/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 8FD99D63FB3AFBD534A4F6E31DACD27F59504021
Serial number 79 A2 A5 85 F9 D1 15 42 13 D9 B8 3E F6 B6 8D ED
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-09-18 06:34:40
Entry Point 0x00011B1B
Number of sections 4
PE sections
Overlays
MD5 6d4b932d543e268c57082d8713d63c79
File type data
Offset 212992
Size 7280
Entropy 7.28
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegQueryValueExW
GetDeviceCaps
DeleteDC
SelectObject
GetStockObject
CreateSolidBrush
GetObjectW
BitBlt
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
HttpCloseRequestQueue
HttpSendHttpResponse
HttpTerminate
HttpInitialize
HttpCloseServerSession
HttpCloseUrlGroup
HttpCreateServerSession
HttpShutdownRequestQueue
HttpCreateRequestQueue
HttpAddUrlToUrlGroup
HttpReceiveHttpRequest
HttpSetUrlGroupProperty
HttpCreateUrlGroup
ReleaseMutex
GetOverlappedResult
WaitForSingleObject
GetFileAttributesW
DisconnectNamedPipe
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
WideCharToMultiByte
GetProcAddress
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
CreateThreadpoolIo
FreeLibrary
LocalFree
ConnectNamedPipe
InitializeCriticalSection
OutputDebugStringW
FindClose
InterlockedDecrement
OutputDebugStringA
SetLastError
LoadResource
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
lstrcmpiW
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
FlushInstructionCache
GetPrivateProfileStringW
CreateThread
DeleteCriticalSection
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
IsProcessorFeaturePresent
TerminateProcess
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
HeapFree
EnterCriticalSection
LoadLibraryW
CloseThreadpoolIo
SetEvent
QueryPerformanceCounter
GetTickCount
GetVersionExA
LoadLibraryA
StartThreadpoolIo
GetStartupInfoW
DeleteFileW
WaitForMultipleObjects
GetProcessHeap
FindNextFileW
ResetEvent
FindFirstFileW
lstrcmpW
FindFirstFileExW
GlobalLock
GetProcessAffinityMask
CreateFileW
CreateEventA
LeaveCriticalSection
GetLastError
CreateNamedPipeW
GetThreadLocale
GlobalUnlock
lstrlenW
SizeofResource
CancelThreadpoolIo
InterlockedCompareExchange
RaiseException
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
FindResourceW
VirtualFree
WaitForThreadpoolIoCallbacks
Sleep
VirtualAlloc
GetCurrentProcessId
Ord(293)
Ord(265)
Ord(762)
Ord(266)
Ord(3249)
Ord(776)
Ord(1162)
Ord(6751)
Ord(764)
Ord(765)
Ord(1200)
Ord(315)
Ord(314)
Ord(577)
Ord(581)
Ord(1087)
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
_purecall
__wgetmainargs
malloc
_crt_debugger_hook
?what@exception@std@@UBEPBDXZ
__p__fmode
_configthreadlocale
memset
__dllonexit
?terminate@@YAXXZ
wcsncpy_s
_vsnprintf_s
wcscpy_s
_invoke_watson
_recalloc
_amsg_exit
_wsplitpath_s
swprintf_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
strtok
_lock
_vswprintf
_onexit
exit
wcscat_s
_initterm
_encode_pointer
__setusermatherr
_initterm_e
__p__commode
_XcptFilter
_cexit
_CxxThrowException
memmove_s
_unlock
_adjust_fdiv
_wmakepath
free
memcpy_s
_except_handler4_common
atoi
_wsplitpath
_decode_pointer
memcpy
??0exception@std@@QAE@ABV01@@Z
sprintf_s
??1exception@std@@UAE@XZ
__CxxFrameHandler3
_vsnwprintf_s
_invalid_parameter_noinfo
_controlfp_s
??0exception@std@@QAE@ABQBD@Z
wcstok
wcsstr
??0exception@std@@QAE@XZ
_exit
_wcmdln
__set_app_type
LoadRegTypeLib
OleCreateFontIndirect
SysStringLen
SysAllocStringLen
SysStringByteLen
VariantClear
SysAllocString
LoadTypeLib
SysFreeString
VariantInit
VarUI4FromStr
UuidCreate
RpcStringFreeW
UuidToStringW
ShellExecuteW
StrStrIW
SetFocus
RedrawWindow
GetForegroundWindow
GetClassInfoExW
RegisterWindowMessageW
EndDialog
GetMessageW
DefWindowProcW
MoveWindow
DestroyAcceleratorTable
TranslateAcceleratorW
PostQuitMessage
ShowWindow
SetWindowPos
GetParent
GetWindowThreadProcessId
SetWindowLongW
IsWindow
EndPaint
UpdateWindow
SetCapture
ReleaseCapture
DialogBoxParamW
TranslateMessage
GetWindow
PostMessageW
GetSysColor
GetDC
CreateWindowExW
ReleaseDC
BeginPaint
RegisterClassExW
SendMessageW
UnregisterClassA
wsprintfW
LoadStringW
SetWindowTextW
GetDlgItem
CallWindowProcW
FindWindowW
ScreenToClient
InvalidateRect
GetClientRect
GetClassNameW
GetWindowTextLengthW
ClientToScreen
FillRect
AttachThreadInput
CreateAcceleratorTableW
GetWindowTextW
GetDesktopWindow
LoadCursorW
LoadIconW
GetFocus
DispatchMessageW
LoadAcceleratorsW
GetWindowLongW
SetForegroundWindow
InvalidateRgn
CharNextW
IsChild
DestroyWindow
CreateStreamOnHGlobal
OleUninitialize
CoUninitialize
OleInitialize
CoCreateInstance
CoGetClassObject
CLSIDFromString
CoTaskMemRealloc
CLSIDFromProgID
OleLockRunning
CoTaskMemFree
StringFromGUID2
CoTaskMemAlloc
Number of PE resources by type
RT_ICON 13
RT_DIALOG 1
RT_MANIFEST 1
RT_STRING 1
RT_MENU 1
RT_ACCELERATOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE TRADITIONAL 19
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
131072

ImageVersion
0.0

ProductName
Acer clear.fi

FileVersionNumber
4.0.7229.0

LanguageCode
Chinese (Traditional)

FileFlagsMask
0x0017

FileDescription
clear.fi Resident Program

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
clear.fiAgent.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
4, 0, 7229, 0

TimeStamp
2012:09:18 07:34:40+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
clear.fi Resident Program

ProductVersion
4, 0, 7229, 0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright (C) 2010 CyberLink Corp.

MachineType
Intel 386 or later, and compatibles

CompanyName
CyberLink Corp.

CodeSize
77824

FileSubtype
0

ProductVersionNumber
4.0.7229.0

EntryPoint
0x11b1b

ObjectFileType
Executable application

File identification
MD5 9e430980f07d8fb2ed3133fd32f063d9
SHA1 6e50ed4fe5a615acfb23a36bf86fec138d347d50
SHA256 cf19db562ce93c9eda38e4abc52ff958c010569c0823c83bd924108279737fc3
ssdeep
3072:LAVzGmMZRmMW569rkVVOrvq0+wDH/ftzygnaS7HHAq41E3lpCk:M1HgUMNKOrvq0RntjaS7HIkpt

authentihash 65042a9cdc9826dee74ca04bdeb7260426ebeae9cbb5035694299161e9d0cab6
imphash eea11222047f4122ae1ef9ee4b57b2ba
File size 215.1 KB ( 220272 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
revoked-cert peexe signed overlay

VirusTotal metadata
First submission 2013-05-11 15:08:53 UTC ( 6 years ago )
Last submission 2013-05-11 15:08:53 UTC ( 6 years ago )
File names clear.fiAgent.exe
clear.fiAgent.exe
clear.fiAgent.exe
CLEAR.FIAGENT.EXE
clear.fiAgent.exe
clear.fi Resident Program
clear.fiagent.exe
clear.fiagent.exe
Behaviour characterization
Zemana
keylogger

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!