× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dfd3c336b8b58550f7c5647ae84009d2457aedff8eb0342fba22771ab32b9eee
File name: Eazfuscator.NET_Updater.exe
Detection ratio: 0 / 62
Analysis date: 2017-05-18 12:59:36 UTC ( 1 year, 2 months ago )
Antivirus Result Update
Ad-Aware 20170518
AegisLab 20170518
AhnLab-V3 20170518
Alibaba 20170518
ALYac 20170518
Antiy-AVL 20170518
Arcabit 20170518
Avast 20170518
AVG 20170518
Avira (no cloud) 20170518
AVware 20170518
Baidu 20170503
BitDefender 20170518
Bkav 20170518
CAT-QuickHeal 20170518
ClamAV 20170518
CMC 20170517
Comodo 20170518
CrowdStrike Falcon (ML) 20170130
Cyren 20170518
DrWeb 20170518
Emsisoft 20170518
Endgame 20170515
ESET-NOD32 20170518
F-Prot 20170518
F-Secure 20170518
Fortinet 20170518
GData 20170518
Ikarus 20170518
Sophos ML 20170516
Jiangmin 20170518
K7AntiVirus 20170518
K7GW 20170518
Kaspersky 20170518
Kingsoft 20170518
Malwarebytes 20170518
McAfee 20170518
McAfee-GW-Edition 20170517
Microsoft 20170518
eScan 20170518
NANO-Antivirus 20170518
nProtect 20170518
Palo Alto Networks (Known Signatures) 20170518
Panda 20170517
Qihoo-360 20170518
Rising None
SentinelOne (Static ML) 20170516
Sophos AV 20170518
SUPERAntiSpyware 20170518
Symantec 20170517
Symantec Mobile Insight 20170518
Tencent 20170518
TheHacker 20170516
TotalDefense 20170518
TrendMicro 20170518
TrendMicro-HouseCall 20170518
VBA32 20170518
VIPRE 20170518
ViRobot 20170518
Webroot 20170518
WhiteArmor 20170517
Yandex 20170517
Zillya 20170518
ZoneAlarm by Check Point 20170518
Zoner 20170518
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) CatenaLogic 2004 - 2009

Product Updater
Original name Updater.exe
Internal name Updater
File version 1.6.0.504
Description Updater - Advanced auto update module
Comments http://www.catenalogic.com
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-12-19 13:23:50
Entry Point 0x00501B60
Number of sections 3
PE sections
PE imports
GetFileTitleW
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
SysAllocString
DragFinish
PathIsUNCW
VerQueryValueW
WinHttpOpen
FtpCommandW
OpenPrinterW
WSAStartup
OleRun
OleUIBusyW
Number of PE resources by type
RT_ICON 61
RT_DIALOG 29
RT_STRING 26
RT_CURSOR 16
RT_GROUP_CURSOR 15
RT_BITMAP 10
RT_GROUP_ICON 7
BIN 3
Struct(240) 2
RT_MANIFEST 1
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 98
DUTCH 74
PE resources
ExifTool file metadata
FileDescription
Updater - Advanced auto update module

Comments
http://www.catenalogic.com

LinkerVersion
9.0

ImageVersion
0.0

ProductName
Updater

FileVersionNumber
1.6.0.504

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
102400

FileTypeExtension
exe

OriginalFileName
Updater.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.6.0.504

TimeStamp
2008:12:19 14:23:50+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Updater

SubsystemVersion
5.0

ProductVersion
1.6.0.504

UninitializedDataSize
4153344

OSVersion
5.0

FileOS
Win32

LegalCopyright
Copyright (C) CatenaLogic 2004 - 2009

MachineType
Intel 386 or later, and compatibles

CompanyName
CatenaLogic

CodeSize
1093632

FileSubtype
0

ProductVersionNumber
1.6.0.504

EntryPoint
0x501b60

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
Overlay parents
Compressed bundles
File identification
MD5 230d6ad35cd3b94b2d3f444fd6c101a2
SHA1 053999261b7a18bb14c5e3b424f0bc245b020356
SHA256 dfd3c336b8b58550f7c5647ae84009d2457aedff8eb0342fba22771ab32b9eee
ssdeep
24576:uR29l5bXmE1gCDBfHMeyKlSAMNNnzBiMHr8fEz/+qNMB69OxCMM:uU9Lz9fNdtMNNnzBH8fwWeMLxCMM

authentihash 009bcdde6f7c6896f4b0cda6fedc9d8ea88d8d3900cbbd385f33e46dec59c708
imphash 9118265ba324013e093d4da54ba9d837
File size 1.1 MB ( 1195520 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (43.5%)
Win32 EXE Yoda's Crypter (42.7%)
Win32 Executable (generic) (7.2%)
Generic Win/DOS Executable (3.2%)
DOS Executable Generic (3.2%)
Tags
peexe upx

VirusTotal metadata
First submission 2010-10-05 13:16:37 UTC ( 7 years, 9 months ago )
Last submission 2017-01-02 22:34:11 UTC ( 1 year, 6 months ago )
File names Eazfuscator.NET Updater.exe
smona130612603196875592541
smona132473039373039506951
eazfuscator.net updater.exe.tmp
Updater.exe
smona132618978536283467749
AegateUM.exe
Eazfuscator.NET_Updater.exe
smona_dfd3c336b8b58550f7c5647ae84009d2457aedff8eb0342fba22771ab32b9eee.bin
smona132165214429628742961
Eazfuscator.NET Updater.exe
Updater
smona132205884384234845437
_C05CB790833049929758F127DA5F3A05
Eazfuscator.NET Updater.exe
smona132259973781175870409
smona130607707096882802514
smona130609075206186366134
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!