× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d883c2c3ac978e3cdbd1fc892bbe511bd26caf82b66f18ae4617771446e718f1
File name: RoboForm-Setup-dot01.exe
Detection ratio: 1 / 48
Analysis date: 2013-09-25 21:31:02 UTC ( 5 years, 5 months ago ) View latest
Antivirus Result Update
Bkav HW32.Laneul.fcey 20130925
Yandex 20130925
AhnLab-V3 20130925
AntiVir 20130925
Antiy-AVL 20130925
Avast 20130925
AVG 20130925
Baidu-International 20130925
BitDefender 20130925
ByteHero 20130924
CAT-QuickHeal 20130925
ClamAV 20130925
Commtouch 20130925
Comodo 20130925
DrWeb 20130925
Emsisoft 20130925
ESET-NOD32 20130925
F-Prot 20130925
F-Secure 20130925
Fortinet 20130925
GData 20130925
Ikarus 20130925
Jiangmin 20130903
K7AntiVirus 20130925
K7GW 20130925
Kaspersky 20130925
Kingsoft 20130829
Malwarebytes 20130925
McAfee 20130925
McAfee-GW-Edition 20130925
Microsoft 20130925
eScan 20130925
NANO-Antivirus 20130925
Norman 20130925
nProtect 20130925
Panda 20130925
PCTools 20130925
Rising 20130925
Sophos AV 20130925
SUPERAntiSpyware 20130925
Symantec 20130925
TheHacker 20130924
TotalDefense 20130925
TrendMicro 20130925
TrendMicro-HouseCall 20130925
VBA32 20130925
VIPRE 20130925
ViRobot 20130925
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 1999-2013 Siber Systems Inc.

Product RoboForm
Original name rfwipeout.exe
Internal name rfwipeout
File version 7-9-1-1
Description RoboForm Installer and Uninstaller
Signature verification Signed file, verified signature
Signing date 9:43 PM 9/25/2013
Signers
[+] Siber Systems Inc
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer COMODO Code Signing CA 2
Valid from 1:00 AM 2/13/2012
Valid to 12:59 AM 2/13/2017
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 70C52460C46BA4FD26D85D91C0ACF51E8C864C00
Serial number 00 EE 72 1E 6F 48 5B BE 35 5E 57 D2 A4 AA 24 D7 C2
[+] COMODO Code Signing CA 2
Status Valid
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 8/24/2011
Valid to 11:48 AM 5/30/2020
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint B64771392538D1EB7A9281998791C14AFD0C5035
Serial number 10 70 9D 4F F5 54 08 D7 30 60 01 D8 EA 91 75 BB
[+] UTN-USERFirst-Object
Status Valid
Issuer AddTrust External CA Root
Valid from 9:09 AM 6/7/2005
Valid to 11:48 AM 5/30/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] The USERTrust Network™
Status Valid
Issuer AddTrust External CA Root
Valid from 11:48 AM 5/30/2000
Valid to 11:48 AM 5/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbprint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-19 17:32:43
Entry Point 0x000292BE
Number of sections 5
PE sections
Overlays
MD5 d9a8b1421b325355ed28e448513b004c
File type data
Offset 485376
Size 13778752
Entropy 8.00
PE imports
RegCreateKeyExW
GetTokenInformation
RegDeleteValueW
RegCloseKey
OpenProcessToken
RegSetValueExW
DeregisterEventSource
FreeSid
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
CheckTokenMembership
RegisterEventSourceA
AllocateAndInitializeSid
RegDeleteKeyW
ReportEventA
RegQueryValueExW
InitCommonControlsEx
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
WaitForSingleObject
HeapDestroy
GetFileAttributesW
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
SetErrorMode
FreeEnvironmentStringsW
lstrcatW
SetStdHandle
GetFileTime
WideCharToMultiByte
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
LocalFree
FormatMessageW
GetTimeZoneInformation
LoadResource
FindClose
TlsGetValue
SetLastError
GetSystemTime
DeviceIoControl
ReadConsoleInputA
CopyFileW
RemoveDirectoryW
IsDebuggerPresent
ExitProcess
GetVersionExA
GetModuleFileNameA
lstrcmpiW
SetConsoleCtrlHandler
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
FlushInstructionCache
GetPrivateProfileStringW
GetModuleHandleA
HeapAlloc
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InterlockedDecrement
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
SetEndOfFile
GetVersion
LeaveCriticalSection
HeapCreate
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoA
GetDateFormatA
GetWindowsDirectoryW
GetFileSize
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GetTempFileNameW
CreateFileMappingW
CompareStringW
lstrcpyW
GetModuleFileNameW
FindNextFileW
CompareStringA
FindFirstFileW
GlobalMemoryStatus
lstrcmpW
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
GetCurrentThreadId
InterlockedIncrement
GetLastError
InitializeCriticalSection
FlushConsoleInputBuffer
LCMapStringW
GetShortPathNameW
UnmapViewOfFile
lstrlenA
GetConsoleCP
FindResourceW
LCMapStringA
GetThreadLocale
GetEnvironmentStringsW
lstrlenW
CreateProcessW
GetEnvironmentStrings
CompareFileTime
GetCurrentProcessId
SetFileTime
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
InterlockedCompareExchange
lstrcpynW
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetFileAttributesExW
SizeofResource
IsValidCodePage
SetConsoleMode
GetTempPathW
VirtualFree
Sleep
VirtualAlloc
GetTimeFormatA
VarUI4FromStr
ShellExecuteExW
MapWindowPoints
GetUserObjectInformationW
GetParent
UpdateWindow
PostQuitMessage
ShowWindow
SetWindowPos
SetWindowLongW
MessageBoxW
PeekMessageW
GetWindowRect
MessageBoxA
TranslateMessage
GetWindow
GetProcessWindowStation
DispatchMessageW
CreateDialogParamW
SendMessageW
UnregisterClassA
GetWindowLongW
GetClientRect
GetDlgItem
SystemParametersInfoW
IsWindow
SetWindowTextW
GetDesktopWindow
MsgWaitForMultipleObjects
wsprintfW
CharNextW
ExitWindowsEx
DestroyWindow
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
Number of PE resources by type
RT_ICON 8
RT_GROUP_ICON 1
RT_DIALOG 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL DEFAULT 10
NEUTRAL 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.9.1.1

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
RoboForm Installer and Uninstaller

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
253952

EntryPoint
0x292be

OriginalFileName
rfwipeout.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 1999-2013 Siber Systems Inc.

FileVersion
7-9-1-1

TimeStamp
2013:08:19 18:32:43+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
rfwipeout

ProductVersion
7-9-1-1

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Siber Systems

CodeSize
257024

ProductName
RoboForm

ProductVersionNumber
7.9.1.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 dfc24e7eacd05f3f78e70319838c2a5a
SHA1 13c567104893758580fdfceb0e678cce4584f5ba
SHA256 d883c2c3ac978e3cdbd1fc892bbe511bd26caf82b66f18ae4617771446e718f1
ssdeep
393216:nHv0+fCMFnruajqVTBZnB04vAW28RFKyCKR8k/ymGwCpC1DQ:H9KMlWBRoWPRFKtD1eDQ

authentihash 0f8ae1b3a50263147e4ba283d77016cf0825424a5c2b510b08cbe210ef801f40
imphash a8d1c80812b3ac660770f7a1238c73ba
File size 13.6 MB ( 14264128 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2013-09-25 21:31:02 UTC ( 5 years, 5 months ago )
Last submission 2013-09-25 21:31:02 UTC ( 5 years, 5 months ago )
File names RoboForm-Setup-dot01.exe
rfwipeout.exe
rfwipeout
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Terminated processes
Created mutexes
Opened mutexes
Searched windows
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.