× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d124b17db4a78864dea31b35dbc6982777eda55156724d7074e7cedbb1d06a5a
File name: temp_000.exe
Detection ratio: 37 / 55
Analysis date: 2015-04-20 02:34:23 UTC ( 1 day, 10 hours ago )
Antivirus Result Update
AVG Agent4.BGSL 20150420
AVware Trojan.Win32.Generic!BT 20150420
Agnitum Riskware.Agent! 20150419
AhnLab-V3 Malware/Win32.Suspicious 20150419
Antiy-AVL Trojan/Win32.Tgenic 20150420
Avast Win32:Malware-gen 20150419
Baidu-International Adware.Win32.ELEX.81 20150419
Bkav W32.HfsAdware.A115 20150417
CAT-QuickHeal TrojanDownloader.Wysotot.r7 20150418
ClamAV Win.Trojan.Wysotot 20150420
Comodo UnclassifiedMalware 20150419
Cyren W32/Adware.DCLA-5142 20150420
DrWeb Adware.Mutabaha.30 20150420
ESET-NOD32 a variant of Win32/ELEX.O potentially unwanted 20150419
Fortinet W32/VMProtBad.A 20150420
GData Win32.Application.SubTab.B 20150420
Ikarus Trojan.Agent4 20150420
Jiangmin Trojan/StartPage.ucj 20150417
K7AntiVirus Riskware ( 0049f6ae1 ) 20150419
K7GW Riskware ( 0049f6ae1 ) 20150419
Kaspersky Trojan-Downloader.Win32.Wysotot.a 20150420
Kingsoft Win32.Troj.Generic.a.(kcloud) 20150420
Malwarebytes Trojan.Downloader 20150419
McAfee Generic.dx!331DE39B8001 20150420
McAfee-GW-Edition Generic.dx!331DE39B8001 20150419
Microsoft TrojanDownloader:Win32/Wysotot.A 20150420
NANO-Antivirus Trojan.Win32.Wysotot.cvnvmg 20150420
Panda Trj/CI.A 20150417
Qihoo-360 Win32/Trojan.Downloader.135 20150420
Sophos Mal/VMProtBad-A 20150420
Symantec exqWebSearch 20150420
Tencent Win32.Trojan.Bp-generic.Bskd 20150420
TrendMicro TROJ_GEN.R0CBC0DH314 20150420
TrendMicro-HouseCall TROJ_GEN.R0CBC0DH514 20150420
VBA32 Trojan.StartPage 20150418
VIPRE Trojan.Win32.Generic!BT 20150420
Zillya Trojan.StartPage.Win32.22364 20150420
Ad-Aware 20150420
AegisLab 20150420
Alibaba 20150420
BitDefender 20150420
ByteHero 20150420
CMC 20150418
Emsisoft 20150420
F-Prot 20150420
F-Secure 20150419
MicroWorld-eScan 20150420
Norman 20150419
Rising 20150419
SUPERAntiSpyware 20150419
TheHacker 20150417
TotalDefense 20150419
ViRobot 20150419
Zoner 20150417
nProtect 20150417
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
Copyright (C) 2013

Publisher Skytouch Technology Co.
Original name eUpdate.exe
Internal name eUpdate.exe
File version 10.2.0.2610
Signature verification Signed file, verified signature
Signing date 4:45 PM 9/26/2013
Signers
[+] Skytouch Technology Co.
Status Certificate out of its validity period
Valid from 9:29 AM 7/8/2013
Valid to 9:29 AM 7/9/2014
Valid usage Code Signing
Algorithm SHA1
Thumbprint 23F5AAF1D196D5CC01652E08F10097C56D123F0F
Serial number 11 21 60 78 02 2F A9 1C 0E B6 13 26 E0 E8 FD BE 9C 30
[+] GlobalSign CodeSigning CA - G2
Status Valid
Valid from 11:00 AM 4/13/2011
Valid to 11:00 AM 4/13/2019
Valid usage Code Signing
Algorithm SHA1
Thumbprint 9000401777DD2B43393D7B594D2FF4CBA4516B38
Serial number 04 00 00 00 00 01 2F 4E E1 35 5C
[+] GlobalSign
Status Valid
Valid from 1:00 PM 9/1/1998
Valid to 1:00 PM 1/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm SHA1
Thumbprint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm MD5
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-21 11:11:53
Entry Point 0x000ED2A9
Number of sections 7
PE sections
PE imports
RegCreateKeyExW
LocalFree
LocalAlloc
GetModuleHandleA
GetModuleFileNameW
ExitProcess
TlsSetValue
LoadLibraryA
GetModuleFileNameA
SHChangeNotify
SHDeleteKeyW
IsNetworkAlive
wsprintfW
GetFileVersionInfoW
WinHttpOpenRequest
InternetCheckConnectionW
CoCreateGuid
Number of PE resources by type
RT_MANIFEST 1
SAFE 1
MAGIC 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
CHINESE SIMPLIFIED 1
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
11.0

ImageVersion
0.0

FileVersionNumber
10.2.0.2610

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
489984

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
10.2.0.2610

TimeStamp
2013:08:21 12:11:53+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
eUpdate.exe

ProductVersion
10.2.0.2610

SubsystemVersion
5.1

OSVersion
5.1

OriginalFilename
eUpdate.exe

LegalCopyright
Copyright (C) 2013

MachineType
Intel 386 or later, and compatibles

CodeSize
132096

FileSubtype
0

ProductVersionNumber
10.2.0.2610

EntryPoint
0xed2a9

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 331de39b80019a55da553830a92b3195
SHA1 8b46591b11a2124297c4a5ebb993ab08389c99ab
SHA256 d124b17db4a78864dea31b35dbc6982777eda55156724d7074e7cedbb1d06a5a
ssdeep
12288:j3lwFi3OwrVPbMdKVwgv21X1eCe3PBgZCaaNt+HBVeF+g7c0JQ2BQoIgbUQ3eB3g:7smPbn2GJgYl+HBsF+gXJVZJbU1rG

authentihash 17b3b4c4c61255faf9abd0fb5f223660ba71115823b42cc2615f081b50fe033c
imphash a217e738b82f10d42e576ccc80b1a1f9
File size 692.6 KB ( 709240 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe signed

VirusTotal metadata
First submission 2013-09-26 16:29:31 UTC ( 1 year, 6 months ago )
Last submission 2015-04-20 02:34:23 UTC ( 1 day, 10 hours ago )
File names temp_000.exe
331de39b80019a55da553830a92b3195.malware
_eUpdate_13.3.2.2700(1).exe
15499237
13199950.malware
13220627.malware
_eUpdate_13.3.2.2700.exe
331de39b80019a55da553830a92b3195__eUpdate_13.3.2.2700.exe.exe
file-6020014_exe
temp_000.exe
output.15499237.txt
eUpdate.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections