× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e2b6164cb984dd4e15b4882ea5eb382fd4fa1677de3d75c5f599dc006950f4d8
File name: detailed.php2
Detection ratio: 28 / 69
Analysis date: 2018-09-25 07:24:24 UTC ( 7 months ago )
Antivirus Result Update
Avast Win32:Malware-gen 20180925
AVG Win32:Malware-gen 20180925
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20180723
Cylance Unsafe 20180925
Cyren W32/Trojan.GXYN-1977 20180925
Emsisoft Trojan.Agent (A) 20180925
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GKYJ 20180925
Fortinet W32/Kryptik.GKYJ!tr 20180925
GData Win32.Trojan.Agent.6UHHF3 20180925
Ikarus Trojan.Win32.Krypt 20180924
Sophos ML heuristic 20180717
K7AntiVirus Trojan ( 0053d2891 ) 20180925
K7GW Trojan ( 0053d2891 ) 20180925
Kaspersky Trojan-Spy.Win32.Ursnif.zwj 20180925
McAfee Artemis!2D64DB7BF255 20180925
McAfee-GW-Edition Artemis!Trojan 20180925
Microsoft Trojan:Win32/Tiggre!plock 20180925
NANO-Antivirus Trojan.Win32.Ursnif.fifauc 20180925
Panda Trj/CI.A 20180924
Qihoo-360 Win32/Trojan.Spy.fd1 20180925
Rising Spyware.Ursnif!8.1DEF (CLOUD) 20180925
Sophos AV Mal/Generic-S 20180925
Symantec Trojan Horse 20180925
TrendMicro TROJ_GEN.R011C0OIL18 20180925
TrendMicro-HouseCall TROJ_GEN.R011C0OIL18 20180925
Webroot W32.Trojan.Gen 20180925
ZoneAlarm by Check Point Trojan-Spy.Win32.Ursnif.zwj 20180925
Ad-Aware 20180925
AegisLab 20180925
AhnLab-V3 20180924
Alibaba 20180921
ALYac 20180925
Antiy-AVL 20180925
Arcabit 20180925
Avast-Mobile 20180925
Avira (no cloud) 20180925
AVware 20180925
Babable 20180918
Baidu 20180925
BitDefender 20180925
Bkav 20180924
CAT-QuickHeal 20180923
ClamAV 20180924
CMC 20180924
Comodo 20180925
Cybereason 20180225
DrWeb 20180925
eGambit 20180925
F-Prot 20180925
F-Secure 20180925
Jiangmin 20180925
Kingsoft 20180925
Malwarebytes 20180925
MAX 20180925
eScan 20180925
Palo Alto Networks (Known Signatures) 20180925
SentinelOne (Static ML) 20180830
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180924
TACHYON 20180925
Tencent 20180925
TheHacker 20180924
TotalDefense 20180925
Trustlook 20180925
VBA32 20180924
VIPRE 20180925
ViRobot 20180924
Yandex 20180924
Zillya 20180924
Zoner 20180924
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright 2002

Product ERDControl Module
Original name ERDControl.DLL
Internal name ERDControl
File version 1, 0, 0, 2
Description ERDControl Module
Signature verification A certificate was explicitly revoked by its issuer.
Signing date 6:32 PM 9/19/2018
Signers
[+] ZK9 LTD
Status Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer COMODO RSA Code Signing CA
Valid from 1:00 AM 8/14/2018
Valid to 12:59 AM 8/15/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 204761E11DD042023B406AB6F3DA910F8F17FCE0
Serial number 00 AE B6 01 EF C3 F0 4A 41 D6 1F 0F 92 73 27 2D 7D
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 5/9/2013
Valid to 12:59 AM 5/9/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 1/19/2010
Valid to 12:59 AM 1/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] Certum EV TSA SHA2
Status Valid
Issuer Certum Trusted Network CA
Valid from 2:10 PM 3/8/2016
Valid to 2:10 PM 5/30/2027
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 4F8D4C480649426AEF8B86D4D5FC7932E7142D85
Serial number 00 FE 67 E4 F1 5A 24 E3 C6 0D 54 7C A0 20 C2 76 70
[+] Certum Trusted Network CA
Status Valid
Issuer Certum Trusted Network CA
Valid from 1:07 PM 10/22/2008
Valid to 1:07 PM 12/31/2029
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbrint 07E032E020B72C3F192F0628A2593A19A70F069E
Serial number 04 44 C0
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-20 00:31:58
Entry Point 0x00001B40
Number of sections 5
PE sections
Overlays
MD5 3f28c9a757eafddfec7b01fd66857d1d
File type data
Offset 303104
Size 5568
Entropy 7.41
PE imports
SetUserFileEncryptionKey
SetTextAlign
GetProcessId
QueryThreadCycleTime
GetFileSizeEx
GetCPInfo
GetModuleHandleA
SetConsoleTextAttribute
GetUserDefaultLCID
GetSystemPowerStatus
CanUserWritePwrScheme
GetForegroundWindow
LoadStringA
PaintDesktop
AnyPopup
GetDesktopWindow
DestroyCaret
InSendMessage
Number of PE resources by type
RT_STRING 3
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
SPANISH 4
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:09:20 01:31:58+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
20480

LinkerVersion
6.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x1b40

InitializedDataSize
286720

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 2d64db7bf25570aa4a8ddbc51b2029ba
SHA1 78a7895ecc9f3d756b4b2fe9c95fbb5e42a2a590
SHA256 e2b6164cb984dd4e15b4882ea5eb382fd4fa1677de3d75c5f599dc006950f4d8
ssdeep
1536:XbcVGlb7wS6+ly20mGmhn/qeVi5pWi1zwfL47o/WnPg1kKybESOkiq:XQVGJ7d6+70WHi5pr1sDqo/eGkKybtOS

authentihash 5889aa1a20304b03ba8e4d2c3b9669167780b0224fe06d205177b0cb5cc51094
imphash 04a2f70c945336d01319e13c3ed5bb6e
File size 301.4 KB ( 308672 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
revoked-cert peexe signed overlay

VirusTotal metadata
First submission 2018-09-19 22:28:25 UTC ( 7 months ago )
Last submission 2018-09-19 22:28:25 UTC ( 7 months ago )
File names detailed.php2
ERDControl
ERDControl.DLL
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!