× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e2e31c719f4f9e044d043a518793a916e5821de80a9ed6a42e6ddd87930d459f
File name: index.php2
Detection ratio: 7 / 67
Analysis date: 2018-11-13 20:47:29 UTC ( 4 months, 1 week ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20181022
Cylance Unsafe 20181113
Endgame malicious (high confidence) 20181108
McAfee Emotet-FHX!D6281C3C157A 20181113
McAfee-GW-Edition Emotet-FHX!D6281C3C157A 20181113
Qihoo-360 HEUR/QVM20.1.2F5A.Malware.Gen 20181113
Rising Malware.Heuristic!ET#97% (RDM+:cmRtazo3ajo5XYyzkqp4ls+LRcaT) 20181113
Ad-Aware 20181112
AegisLab 20181113
AhnLab-V3 20181113
Alibaba 20180921
ALYac 20181113
Antiy-AVL 20181113
Arcabit 20181113
Avast 20181113
Avast-Mobile 20181113
AVG 20181113
Avira (no cloud) 20181113
Babable 20180918
Baidu 20181112
BitDefender 20181113
Bkav 20181113
CAT-QuickHeal 20181113
ClamAV 20181113
CMC 20181113
Cyren 20181113
DrWeb 20181113
eGambit 20181113
Emsisoft 20181113
ESET-NOD32 20181113
F-Prot 20181113
F-Secure 20181113
Fortinet 20181113
GData 20181113
Ikarus 20181113
Sophos ML 20181108
Jiangmin 20181113
K7AntiVirus 20181113
K7GW 20181113
Kaspersky 20181113
Kingsoft 20181113
Malwarebytes 20181113
MAX 20181113
Microsoft 20181113
eScan 20181113
NANO-Antivirus 20181113
Palo Alto Networks (Known Signatures) 20181113
Panda 20181113
SentinelOne (Static ML) 20181011
Sophos AV 20181113
SUPERAntiSpyware 20181107
Symantec 20181113
Symantec Mobile Insight 20181108
TACHYON 20181113
Tencent 20181113
TheHacker 20181108
TotalDefense 20181113
TrendMicro 20181113
TrendMicro-HouseCall 20181113
Trustlook 20181113
VBA32 20181113
VIPRE 20181113
ViRobot 20181113
Webroot 20181113
Yandex 20181113
Zillya 20181113
ZoneAlarm by Check Point 20181113
Zoner 20181113
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright 2016 The Apache Software Foundation.

Product Apache HTTP Server
Original name httpd.exe
Internal name httpd.exe
File version 2.4.25
Description Apache HTTP Server
Comments Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Signature verification A certificate was explicitly revoked by its issuer.
Signing date 4:15 PM 11/13/2018
Signers
[+] Victino Limited
Status Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer COMODO RSA Code Signing CA
Valid from 11:00 PM 10/11/2018
Valid to 10:59 PM 10/12/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 91EF650EC8CB480635B49C4D23506340406A242F
Serial number 00 96 75 F5 27 A4 98 31 DF 36 0C B4 CB 13 6F CF 98
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 11:00 PM 05/08/2013
Valid to 10:59 PM 05/08/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 01/19/2010
Valid to 11:59 PM 01/18/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] Starfield Timestamp Authority - G2
Status Valid
Issuer Starfield Secure Certificate Authority - G2
Valid from 06:00 AM 10/16/2018
Valid to 06:00 AM 10/16/2023
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint C5B27CA5A9E68AC3D6A06F1A632175259ACD9032
Serial number 1F DC 58 E9 66 08 4C 0E
[+] Starfield Secure Certificate Authority - G2
Status Valid
Issuer Starfield Root Certificate Authority - G2
Valid from 06:00 AM 05/03/2011
Valid to 06:00 AM 05/03/2031
Valid usage All
Algorithm sha256RSA
Thumbrint 7EDC376DCFD45E6DDF082C160DF6AC21835B95D4
Serial number 07
[+] Starfield Root Certificate Authority – G2
Status Valid
Issuer Starfield Root Certificate Authority - G2
Valid from 11:00 PM 08/31/2009
Valid to 11:59 PM 12/31/2037
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha256RSA
Thumbrint B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2074-08-02 17:36:38
Entry Point 0x00001BB0
Number of sections 6
PE sections
Overlays
MD5 6ea8a9d14a37037267cd2fd2667442eb
File type data
Offset 311296
Size 6944
Entropy 7.36
PE imports
SetTextJustification
FindResourceExA
FlsFree
GetModuleHandleW
GetTimeZoneInformation
DeleteSecurityContext
GetUpdateRect
Number of PE resources by type
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
4294905856

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.4.25.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Apache HTTP Server

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
290816

EntryPoint
0x1bb0

OriginalFileName
httpd.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2016 The Apache Software Foundation.

FileVersion
2.4.25

TimeStamp
2074:08:02 19:36:38+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
httpd.exe

ProductVersion
2.4.25

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Apache Software Foundation

CodeSize
20480

ProductName
Apache HTTP Server

ProductVersionNumber
2.4.25.0

DistributedBy
The Apache Haus

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 d6281c3c157a6ffe3f38968b088f462e
SHA1 55595b91b279eedd63a0940dee43c9d51f18c553
SHA256 e2e31c719f4f9e044d043a518793a916e5821de80a9ed6a42e6ddd87930d459f
ssdeep
1536:9wyl9d5uyKCCuCZEIlu89f+UQENfP6VMFrXKq3MPzeFRzzjDlvqrqIaetC55URih:9/IVCIZHmENfP6VMFXK6LDlveaetCvV

authentihash 718f4cd9f78ccd2f957418d5791243f06e9e031b80fcdd3b7c818aa30afff86b
imphash af30319796b42473463a01f9c6c3f3cb
File size 310.8 KB ( 318240 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
revoked-cert peexe signed overlay

VirusTotal metadata
First submission 2018-11-13 20:47:29 UTC ( 4 months, 1 week ago )
Last submission 2018-11-13 20:47:29 UTC ( 4 months, 1 week ago )
File names index.php2
httpd.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!