× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e861deb0227dcf5b1961b652b011911f7dba0bbaa762f9d2b6b376940be75d24
File name: IISCrypto40.exe
Detection ratio: 0 / 55
Analysis date: 2014-11-16 22:43:16 UTC ( 3 years, 11 months ago )
Antivirus Result Update
Ad-Aware 20141116
AegisLab 20141116
Yandex 20141116
AhnLab-V3 20141116
Antiy-AVL 20141116
Avast 20141116
AVG 20141116
Avira (no cloud) 20141116
AVware 20141116
Baidu-International 20141107
BitDefender 20141116
Bkav 20141115
ByteHero 20141116
CAT-QuickHeal 20141114
ClamAV 20141116
CMC 20141114
Comodo 20141116
Cyren 20141116
DrWeb 20141116
Emsisoft 20141116
ESET-NOD32 20141116
F-Prot 20141116
F-Secure 20141116
Fortinet 20141116
GData 20141116
Ikarus 20141116
Jiangmin 20141116
K7AntiVirus 20141114
K7GW 20141115
Kaspersky 20141116
Kingsoft 20141116
Malwarebytes 20141116
McAfee 20141116
McAfee-GW-Edition 20141116
Microsoft 20141116
eScan 20141116
NANO-Antivirus 20141116
Norman 20141116
nProtect 20141114
Panda 20141116
Qihoo-360 20141116
Rising 20141116
Sophos AV 20141116
SUPERAntiSpyware 20141116
Symantec 20141116
Tencent 20141116
TheHacker 20141115
TotalDefense 20141116
TrendMicro 20141116
TrendMicro-HouseCall 20141116
VBA32 20141114
VIPRE 20141116
ViRobot 20141116
Zillya 20141115
Zoner 20141112
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2011-2014 Nartac Software Inc.

Publisher Nartac Software Inc.
Product IIS Crypto
Original name IISCrypto.Main.exe
Internal name IISCrypto.Main.exe
File version 1.5.6.0
Description IIS Crypto
Comments Secure IIS SSL/TLS
Signature verification Signed file, verified signature
Signing date 12:30 AM 11/7/2014
Signers
[+] Nartac Software Inc.
Status Valid
Issuer None
Valid from 4:22 AM 4/23/2013
Valid to 4:41 AM 4/24/2015
Valid usage Code Signing, 1.3.6.1.4.1.311.2.1.22, Lifetime Signing
Algorithm SHA1
Thumbprint 9C7324F84847589C1E6D9CAE66C2B9808201A618
Serial number 09 88
[+] StartCom Class 2 Primary Intermediate Object CA
Status Valid
Issuer None
Valid from 11:01 PM 10/24/2007
Valid to 11:01 PM 10/24/2017
Valid usage All
Algorithm SHA1
Thumbprint D893C4F678F891F2823CD078AA5E1C48FD1DA225
Serial number 24
[+] StartCom Certification Authority
Status Valid
Issuer None
Valid from 8:46 PM 9/17/2006
Valid to 8:46 PM 9/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm SHA1
Thumbprint 3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F
Serial number 01
Counter signers
[+] COMODO Time Stamping Signer
Status Valid
Issuer None
Valid from 1:00 AM 5/10/2010
Valid to 12:59 AM 5/11/2015
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 3DBB6DB5085C6DD5A1CA7F9CF84ECB1A3910CAC8
Serial number 47 8A 8E FB 59 E1 D8 3F 0C E1 42 D2 A2 87 07 BE
[+] UTN-USERFirst-Object
Status Valid
Issuer None
Valid from 9:09 AM 6/7/2005
Valid to 11:48 AM 5/30/2020
Valid usage All
Algorithm SHA1
Thumbrint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] USERTrust
Status Valid
Issuer None
Valid from 11:48 AM 5/30/2000
Valid to 11:48 AM 5/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm SHA1
Thumbrint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-11-06 23:30:29
Entry Point 0x000168EE
Number of sections 3
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 2
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 5
PE resources
ExifTool file metadata
FileDescription
IIS Crypto

Comments
Secure IIS SSL/TLS

InitializedDataSize
8704

ImageVersion
0.0

ProductName
IIS Crypto

FileVersionNumber
1.5.6.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
8.0

OriginalFilename
IISCrypto.Main.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.5.6.0

TimeStamp
2014:11:07 00:30:29+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
IISCrypto.Main.exe

SubsystemVersion
4.0

FileAccessDate
2014:11:16 23:43:18+01:00

ProductVersion
1.5.6.0

UninitializedDataSize
0

OSVersion
4.0

FileCreateDate
2014:11:16 23:43:18+01:00

FileOS
Win32

LegalCopyright
Copyright 2011-2014 Nartac Software Inc.

MachineType
Intel 386 or later, and compatibles

CompanyName
Nartac Software Inc.

CodeSize
84480

FileSubtype
0

ProductVersionNumber
1.5.6.0

EntryPoint
0x168ee

ObjectFileType
Executable application

AssemblyVersion
1.5.6.0

File identification
MD5 2e81f86f74331a26176e502c72c376ea
SHA1 cca7cf1c76a20638b33a137ebf1ff0326bff6c7c
SHA256 e861deb0227dcf5b1961b652b011911f7dba0bbaa762f9d2b6b376940be75d24
ssdeep
3072:iMfey8tYr0gj4du39cuknNsTPBPieIodmY5U1EIt5FC8Rjcpl:iMV9c5NjY5U1/I/l

authentihash 9f1731b3024dc02253a6b8eb0205cca18cd8aa443cec6c764874a04648c4531a
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 97.2 KB ( 99528 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win64 Executable (generic) (47.7%)
Windows Screen Saver (22.6%)
Win32 Dynamic Link Library (generic) (11.3%)
Win32 Executable (generic) (7.7%)
Win16/32 Executable Delphi generic (3.5%)
Tags
peexe assembly signed

VirusTotal metadata
First submission 2014-11-10 01:53:59 UTC ( 3 years, 11 months ago )
Last submission 2014-11-16 22:43:16 UTC ( 3 years, 11 months ago )
File names IISCrypto40.exe
IISCrypto.Main.exe
IISCrypto40.exe
IISCrypto40.exe
IISCrypto40.exe
IISCrypto40 (1).exe
e861deb0227dcf5b1961b652b011911f7dba0bbaa762f9d2b6b376940be75d24
IISCrypto40.exe
file-7682084_exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!