× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e617158ff532d11865a4596d78809547cdbbdf5f0ecaf0ef331b2e9745ed258e
File name: Realterm_BETA_3.0.0.28_wrapper_setup.exe
Detection ratio: 27 / 60
Analysis date: 2017-04-12 18:32:12 UTC ( 1 year, 6 months ago )
Antivirus Result Update
Antiy-AVL Trojan/Win32.BTSGeneric 20170412
Avira (no cloud) APPL/Cmdow.88576 20170412
AVware Trojan.Win32.Generic!BT 20170410
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9981 20170411
Bkav W32.Clod3f6.Trojan.d639 20170412
CAT-QuickHeal Trojan.IGENERIC 20170411
Comodo Application.Win32.CMDOW.a 20170412
Cyren W32/Trojan.SYGE-6877 20170412
ESET-NOD32 a variant of Win32/CMDOW.A potentially unsafe 20170412
Fortinet Riskware/CMDOW 20170412
GData Win32.Trojan.Agent.WFXP24 20170412
Ikarus Trojan.Cmdow 20170412
K7AntiVirus Trojan ( 00470eed1 ) 20170412
K7GW Trojan ( 00470eed1 ) 20170412
McAfee Artemis!D70E1445B300 20170412
McAfee-GW-Edition Artemis 20170412
NANO-Antivirus Trojan.Win32.Cmdow.dmjuol 20170412
Panda Trj/CI.A 20170412
Sophos AV Generic PUA EF (PUA) 20170412
Symantec SecurityRisk.Cmdow 20170412
TrendMicro HKTL_HIDEWIN 20170412
TrendMicro-HouseCall HKTL_HIDEWIN 20170412
VIPRE Trojan.Win32.Generic!BT 20170412
ViRobot Trojan.Win32.Z.Cmdow.2322536[h] 20170412
Webroot W32.Malware.Gen 20170412
Yandex Riskware.Agent! 20170411
Zillya Adware.GenericCRTD.Win32.2447 20170411
Ad-Aware 20170412
AegisLab 20170412
AhnLab-V3 20170412
Alibaba 20170412
Arcabit 20170412
Avast 20170412
AVG 20170412
BitDefender 20170412
ClamAV 20170412
CMC 20170412
CrowdStrike Falcon (ML) 20170130
DrWeb 20170412
Emsisoft 20170412
Endgame 20170411
F-Prot 20170412
F-Secure 20170412
Sophos ML 20170203
Jiangmin 20170412
Kaspersky 20170412
Kingsoft 20170412
Malwarebytes 20170412
Microsoft 20170412
eScan 20170412
nProtect 20170412
Palo Alto Networks (Known Signatures) 20170412
Qihoo-360 20170412
Rising None
SentinelOne (Static ML) 20170330
SUPERAntiSpyware 20170412
Symantec Mobile Insight 20170412
Tencent 20170412
TheHacker 20170412
TotalDefense 20170410
Trustlook 20170412
VBA32 20170412
WhiteArmor 20170409
ZoneAlarm by Check Point 20170412
Zoner 20170412
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Certificate out of its validity period
Signers
[+] Broadcast Equipment Ltd
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer COMODO RSA Code Signing CA
Valid from 1:00 AM 4/1/2015
Valid to 12:59 AM 4/1/2017
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 4DC7CD3BF40DFE504AC543207C8E6704E063E877
Serial number 5D FF 00 DD EE FE 26 54 DF 56 94 4C B9 33 E4 91
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 5/9/2013
Valid to 12:59 AM 5/9/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE?
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 1/19/2010
Valid to 12:59 AM 1/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Packers identified
F-PROT NSIS, appended, UTF-8, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-12-05 22:50:41
Entry Point 0x000030CB
Number of sections 5
PE sections
Overlays
MD5 71ff31526de9d3ff48f972520e98fe96
File type data
Offset 49152
Size 2273384
Entropy 8.00
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
RegDeleteValueA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SetBkMode
CreateBrushIndirect
CreateFontIndirectA
SelectObject
SetBkColor
DeleteObject
SetTextColor
GetLastError
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
ExitProcess
SetFileTime
GlobalUnlock
LoadLibraryA
GetModuleFileNameA
GetShortPathNameA
GetCurrentProcess
LoadLibraryExA
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GlobalLock
SetFileAttributesA
SetFilePointer
GetTempPathA
CreateThread
lstrcmpiA
GetModuleHandleA
lstrcmpA
ReadFile
WriteFile
FindFirstFileA
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
RemoveDirectoryA
GetSystemDirectoryA
GetDiskFreeSpaceA
ExpandEnvironmentStringsA
GetFullPathNameA
FreeLibrary
MoveFileA
CreateProcessA
GlobalAlloc
SearchPathA
FindClose
Sleep
CreateFileA
GetTickCount
GetVersion
GetProcAddress
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
SHFileOperationA
EmptyClipboard
GetMessagePos
EndPaint
CharPrevA
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
SetWindowTextA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
ScreenToClient
SetDlgItemTextA
MessageBoxIndirectA
LoadImageA
GetDlgItemTextA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
FindWindowExA
SystemParametersInfoA
CreatePopupMenu
wsprintfA
DialogBoxParamA
SetClipboardData
IsWindowVisible
GetClassInfoA
SetForegroundWindow
GetClientRect
CreateWindowExA
GetDlgItem
CreateDialogParamA
DrawTextA
EnableMenuItem
RegisterClassA
InvalidateRect
GetWindowLongA
SendMessageTimeoutA
SetTimer
LoadCursorA
TrackPopupMenu
SendMessageA
FillRect
ShowWindow
OpenClipboard
CharNextA
CallWindowProcA
GetSystemMenu
EnableWindow
CloseClipboard
DestroyWindow
ExitWindowsEx
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_ICON 7
RT_DIALOG 5
RT_BITMAP 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 15
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2009:12:05 23:50:41+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
23040

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
119808

SubsystemVersion
4.0

EntryPoint
0x30cb

OSVersion
4.0

ImageVersion
6.0

UninitializedDataSize
1024

File identification
MD5 d70e1445b30069a709d775bc728c9abc
SHA1 4590aa33711e2f9436de787c08cd17fa1a709957
SHA256 e617158ff532d11865a4596d78809547cdbbdf5f0ecaf0ef331b2e9745ed258e
ssdeep
49152:NNH/Ul8FIxKp1FAeEqJ/qPOr3lZWqU+73br80mUprP3qMGK:XMGFIQFAXqJeOjlAqUKbj/j

authentihash 05f205bb7cc1634ffcbd047528caed504b43a1873d0b6435e1a41d830945c642
imphash 7fa974366048f9c551ef45714595665e
File size 2.2 MB ( 2322536 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID NSIS - Nullsoft Scriptable Install System (94.8%)
Win32 Executable MS Visual C++ (generic) (3.4%)
Win32 Dynamic Link Library (generic) (0.7%)
Win32 Executable (generic) (0.5%)
Generic Win/DOS Executable (0.2%)
Tags
nsis peexe signed overlay

VirusTotal metadata
First submission 2015-07-23 11:45:47 UTC ( 3 years, 3 months ago )
Last submission 2015-10-22 12:13:07 UTC ( 3 years ago )
File names rvhOA5.tmp
Realterm_BETA_3.0.0.28_wrapper_setup.exe
Realterm_BETA_3.0.0.28_wrapper_setup.exe
realterm_beta_3.0.0.28_wrapper_setup.exe
Realterm_BETA_3.0.0.28_wrapper_setup.exe
Advanced heuristic and reputation engines
Sophos
Possibly Unwanted Application labelled as Generic PUA IP. This is a term used to describe applications that, while not malicious, are generally considered unsuitable for business networks. More details about Sophos PUA classifications can be found at: https://www.sophos.com/en-us/support/knowledgebase/14887.aspx .

TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R047C0EHR15.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Runtime DLLs