× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d23d4341b92af4ae2c98681dd5ea035e7a47869e024b886aad11be9939c3ed53
File name: DesktopStartMenuReviverService.exe.infected
Detection ratio: 2 / 56
Analysis date: 2016-11-19 13:13:52 UTC ( 1 year, 9 months ago ) View latest
Antivirus Result Update
DrWeb Program.Unwanted.705 20161119
Rising Malware.Undefined!8.C-LEuHOgXsQpL (cloud) 20161119
Ad-Aware 20161119
AegisLab 20161119
AhnLab-V3 20161118
Alibaba 20161118
ALYac 20161119
Antiy-AVL 20161119
Arcabit 20161119
Avast 20161119
AVG 20161119
Avira (no cloud) 20161119
AVware 20161119
Baidu 20161118
BitDefender 20161119
Bkav 20161119
CAT-QuickHeal 20161118
ClamAV 20161119
CMC 20161119
Comodo 20161119
CrowdStrike Falcon (ML) 20161024
Cyren 20161119
Emsisoft 20161119
ESET-NOD32 20161119
F-Prot 20161119
F-Secure 20161119
Fortinet 20161119
GData 20161119
Ikarus 20161119
Sophos ML 20161018
Jiangmin 20161119
K7AntiVirus 20161119
K7GW 20161119
Kaspersky 20161119
Kingsoft 20161119
Malwarebytes 20161119
McAfee 20161119
McAfee-GW-Edition 20161119
Microsoft 20161119
eScan 20161119
NANO-Antivirus 20161119
nProtect 20161119
Panda 20161119
Qihoo-360 20161119
Sophos AV 20161119
SUPERAntiSpyware 20161119
Symantec 20161119
Tencent 20161119
TheHacker 20161117
TrendMicro 20161119
TrendMicro-HouseCall 20161119
VBA32 20161118
VIPRE 20161119
ViRobot 20161119
Yandex 20161118
Zillya 20161118
Zoner 20161119
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem that targets 64bit architectures.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2013. ReviverSoft. All Rights Reserved.

Product Start Menu Reviver
Original name SMService.exe
Internal name SMService.exe
File version 1.0.0.40
Description Start Menu Reviver Helper Service
Signature verification Certificate out of its validity period
Signers
[+] ReviverSoft
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 5/2/2014
Valid to 12:59 AM 8/2/2015
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 4DFA964D571330964E5D3A4D54D290FAB1AD2133
Serial number 78 7A 45 98 F6 38 59 61 00 81 F5 28 B3 3B E8 2F
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
PE header basic information
Target machine x64
Compilation timestamp 2014-09-17 17:23:16
Entry Point 0x00025BD0
Number of sections 7
PE sections
Overlays
MD5 b1190682c6b35532a805e5ce61190617
File type data
Offset 761344
Size 3704
Entropy 7.27
PE imports
RegCreateKeyExW
RegCloseKey
ConvertSidToStringSidW
OpenServiceW
ControlService
RegDeleteKeyW
DeleteService
UnlockServiceDatabase
RegQueryValueExW
CloseServiceHandle
ChangeServiceConfig2W
RegisterEventSourceW
DeregisterEventSource
RegOpenKeyExW
CreateServiceW
GetTokenInformation
SetServiceStatus
RegQueryInfoKeyW
RegisterServiceCtrlHandlerW
RegEnumKeyExW
LockServiceDatabase
CreateProcessAsUserW
RegDeleteValueW
RegSetValueExW
OpenSCManagerW
ReportEventW
StartServiceCtrlDispatcherW
ChangeServiceConfigW
GetStdHandle
GetThreadPreferredUILanguages
WaitForSingleObject
HeapDestroy
EncodePointer
FlsGetValue
HeapAlloc
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
RtlUnwindEx
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
CreateEventW
LoadResource
FormatMessageA
SetLastError
InitializeCriticalSection
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
FlsSetValue
HeapSetInformation
EnumSystemLocalesA
RtlVirtualUnwind
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
CreateThread
SetUnhandledExceptionFilter
ExitThread
DecodePointer
SetEnvironmentVariableA
TerminateProcess
SetEndOfFile
GetVersion
GetProcAddress
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
LoadLibraryW
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
lstrcmpiW
GetDateFormatA
RtlPcToFileHeader
OpenProcess
GetStartupInfoW
CreateDirectoryW
WaitForMultipleObjects
GetProcessHeap
CompareStringW
WTSGetActiveConsoleSessionId
RtlLookupFunctionEntry
GetTimeFormatA
IsValidLocale
GetUserDefaultLCID
GetTimeZoneInformation
CreateFileW
GetFileType
GetCurrentThreadId
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
GetEnvironmentStringsW
lstrlenW
Process32NextW
SizeofResource
GetCurrentProcessId
LockResource
ProcessIdToSessionId
GetCommandLineW
GetCPInfo
HeapSize
FlsAlloc
FlsFree
Process32FirstW
RaiseException
SetFilePointer
ReadFile
RtlCaptureContext
CloseHandle
GetACP
GetModuleHandleW
FindResourceExW
IsValidCodePage
HeapCreate
FindResourceW
Sleep
GetOEMCP
LoadRegTypeLib
SysStringLen
UnRegisterTypeLib
RegisterTypeLib
VarUI4FromStr
SysAllocString
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserSize
LoadTypeLib
SysFreeString
BSTR_UserMarshal
IUnknown_Release_Proxy
NdrOleAllocate
IUnknown_QueryInterface_Proxy
NdrStubCall2
NdrStubForwardingFunction
NdrOleFree
IUnknown_AddRef_Proxy
NdrCStdStubBuffer2_Release
SHGetFolderPathW
SHGetSpecialFolderPathW
Ord(12)
SHCreateStreamOnFileEx
Ord(568)
Ord(214)
Ord(213)
GetSystemMetrics
MessageBoxW
PostThreadMessageW
TranslateMessage
CharUpperW
LoadStringW
GetMessageW
CharNextW
DispatchMessageW
CreateEnvironmentBlock
DestroyEnvironmentBlock
WTSWaitSystemEvent
WTSQueryUserToken
WTSFreeMemory
WTSEnumerateSessionsW
CoInitializeEx
CoRegisterClassObject
CoTaskMemAlloc
CoRevokeClassObject
CoAddRefServerProcess
CoUninitialize
CoTaskMemRealloc
CoCreateInstance
CoInitializeSecurity
CoResumeClassObjects
CoReleaseServerProcess
CoTaskMemFree
StringFromGUID2
PE exports
Number of PE resources by type
REGISTRY 3
RT_MANIFEST 1
TYPELIB 1
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 7
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.2

InitializedDataSize
265728

ImageVersion
0.0

ProductName
Start Menu Reviver

FileVersionNumber
1.0.0.40

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
10.0

FileTypeExtension
exe

OriginalFileName
SMService.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.40

TimeStamp
2014:09:17 18:23:16+01:00

FileType
Win64 EXE

PEType
PE32+

InternalName
SMService.exe

ProductVersion
1.0.0.40

FileDescription
Start Menu Reviver Helper Service

OSVersion
5.2

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2013. ReviverSoft. All Rights Reserved.

MachineType
AMD AMD64

CompanyName
ReviverSoft

CodeSize
494592

FileSubtype
0

ProductVersionNumber
1.0.0.40

EntryPoint
0x25bd0

ObjectFileType
Executable application

File identification
MD5 663533b07b7c6e4893a48832641d815b
SHA1 75d23258638a162a21c209dd2e28484ebdfa88d4
SHA256 d23d4341b92af4ae2c98681dd5ea035e7a47869e024b886aad11be9939c3ed53
ssdeep
12288:htm4VWiEqKcWKsPQTowg9Ybsn1qm39FUg:Pm4VWiE2WKx8wgQm39FUg

authentihash 4f164479014678a416a8f81fb5ee56d2463a7b0d0e5729624bfe1e528898435a
imphash db3acdf7753f1fd2ef7304b3edb268a1
File size 747.1 KB ( 765048 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (GUI) Mono/.Net assembly

TrID Win64 Executable (generic) (87.3%)
Generic Win/DOS Executable (6.3%)
DOS Executable Generic (6.3%)
Tags
64bits peexe assembly signed overlay

VirusTotal metadata
First submission 2014-09-25 08:46:57 UTC ( 3 years, 10 months ago )
Last submission 2018-01-29 08:07:40 UTC ( 6 months, 3 weeks ago )
File names StartMenuReviverService.exe
DesktopStartMenuReviverService.exe.infected
vt-upload-J10eru
SMService.exe
startmenureviverservice.exe
StartMenuReviverService.exe
StartMenuReviverService.exe
startmenureviverservice.exe
startmenureviverservice.exe
StartMenuReviverService.exe
startmenureviverservice.exe
StartMenuReviverService.exe
startmenureviverservice.exe
StartMenuReviverService.exe
startmenureviverservice.exe
StartMenuReviverService.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!