× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ea10016cb950d605d4fdd735dfd9d9c55d67dedf056cb83579d65668aa9d6c46
File name: 46363
Detection ratio: 0 / 54
Analysis date: 2016-01-31 05:54:14 UTC ( 3 years ago ) View latest
Antivirus Result Update
Ad-Aware 20160130
AegisLab 20160130
Yandex 20160129
AhnLab-V3 20160129
Alibaba 20160129
ALYac 20160130
Antiy-AVL 20160130
Arcabit 20160130
Avast 20160130
AVG 20160130
Avira (no cloud) 20160130
Baidu-International 20160129
BitDefender 20160130
Bkav 20160129
ByteHero 20160131
CAT-QuickHeal 20160129
ClamAV 20160130
CMC 20160130
Comodo 20160130
Cyren 20160129
DrWeb 20160130
Emsisoft 20160130
ESET-NOD32 20160130
F-Prot 20160129
F-Secure 20160129
Fortinet 20160130
GData 20160130
Ikarus 20160129
Jiangmin 20160129
K7AntiVirus 20160129
K7GW 20160129
Kaspersky 20160129
Malwarebytes 20160130
McAfee 20160130
McAfee-GW-Edition 20160130
Microsoft 20160130
eScan 20160130
NANO-Antivirus 20160130
nProtect 20160129
Panda 20160129
Qihoo-360 20160131
Rising 20160129
Sophos AV 20160130
SUPERAntiSpyware 20160130
Symantec 20160129
TheHacker 20160130
TotalDefense 20160129
TrendMicro 20160130
TrendMicro-HouseCall 20160130
VBA32 20160128
VIPRE 20160130
ViRobot 20160129
Zillya 20160130
Zoner 20160130
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 1:37 PM 8/4/2009
Signers
[+] MochaSoft Aps
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2009 CA
Valid from 1:00 AM 5/19/2009
Valid to 12:59 AM 8/17/2011
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint F54148AB2E9FD3266F31935688A5B6B53290227D
Serial number 6B 43 95 97 9E 13 97 B4 5C 1C 7F 4B 42 8E 47 89
[+] VeriSign Class 3 Code Signing 2009 CA
Status Valid
Issuer VeriSign Trust Network
Valid from 1:00 AM 4/1/2009
Valid to 12:59 AM 4/1/2019
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint B2DE1A5BF1F5CAEB6F725B74C3C690708FE90CC7
Serial number 2E AE B6 82 86 63 FE D9 75 55 F8 FE 24 F3 3B 1A
[+] VeriSign
Status Valid
Issuer VeriSign Trust Network
Valid from 1:00 AM 5/18/1998
Valid to 12:59 AM 8/2/2028
Valid usage Email Protection, Client Auth, Code Signing, Server Auth
Algorithm sha1RSA
Thumbprint 85371CA6E550143DCE2803471BDE3A09E8F8770F
Serial number 7D D9 FE 07 CF A8 1E B7 10 79 67 FB A7 89 34 C6
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 1:00 AM 6/15/2007
Valid to 12:59 AM 6/15/2012
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT NSIS
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-04-07 17:59:42
Entry Point 0x00003166
Number of sections 5
PE sections
Overlays
MD5 8a27c5e3771f1646baa9b717237ed1c4
File type data
Offset 58880
Size 705088
Entropy 8.00
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
RegDeleteValueA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SetBkMode
CreateBrushIndirect
CreateFontIndirectA
SelectObject
SetBkColor
DeleteObject
SetTextColor
GetLastError
LoadLibraryA
lstrlenA
lstrcmpiA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
ExitProcess
SetFileTime
GlobalUnlock
GetModuleFileNameA
RemoveDirectoryA
GetShortPathNameA
GetCurrentProcess
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GlobalLock
SetFileAttributesA
SetFilePointer
GetTempPathA
CreateThread
GetFileAttributesA
GetModuleHandleA
lstrcmpA
ReadFile
WriteFile
FindFirstFileA
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
GetSystemDirectoryA
GetDiskFreeSpaceA
ExpandEnvironmentStringsA
GetFullPathNameA
FreeLibrary
MoveFileA
CreateProcessA
GetEnvironmentVariableA
GlobalAlloc
SearchPathA
FindClose
Sleep
CreateFileA
GetTickCount
GetProcAddress
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
SHFileOperationA
EmptyClipboard
GetMessagePos
EndPaint
CharPrevA
EndDialog
DestroyWindow
PostQuitMessage
DefWindowProcA
SetWindowTextA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
RegisterClassA
SetDlgItemTextA
LoadImageA
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
FindWindowExA
SystemParametersInfoA
BeginPaint
CreatePopupMenu
wsprintfA
DialogBoxParamA
SetClipboardData
IsWindowVisible
GetClassInfoA
SetForegroundWindow
GetClientRect
CreateWindowExA
GetDlgItem
CreateDialogParamA
DrawTextA
ScreenToClient
InvalidateRect
GetWindowLongA
SendMessageTimeoutA
SetTimer
LoadCursorA
TrackPopupMenu
SendMessageA
FillRect
ShowWindow
CharNextA
CallWindowProcA
EnableWindow
CloseClipboard
SetCursor
ExitWindowsEx
OpenClipboard
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
OleUninitialize
CoCreateInstance
OleInitialize
Number of PE resources by type
RT_ICON 9
RT_DIALOG 6
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 17
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2006:04:07 18:59:42+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
23552

LinkerVersion
6.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x3166

InitializedDataSize
165376

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
1024

File identification
MD5 4512d27d7a0efd9707c0e3f1572a46e7
SHA1 8356160498eebe75e826f0330f9b9474bbb42852
SHA256 ea10016cb950d605d4fdd735dfd9d9c55d67dedf056cb83579d65668aa9d6c46
ssdeep
12288:SEPbsCSH6V5qHHUjSplSrzVj5xTj6ZUm7sRh63ZmAcfZRS+vYQUCk:SEPIC3VQH0btsb7HJmAcRRSq5UCk

authentihash baf8654491e7dd754ac3cd2d5ba14d3b38b7bd7c1bf52557c1b82939e15d0224
imphash 18bc6fa81e19f21156316b1ae696ed6b
File size 746.1 KB ( 763968 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID NSIS - Nullsoft Scriptable Install System (94.6%)
Win32 Executable MS Visual C++ (generic) (3.4%)
Win32 Dynamic Link Library (generic) (0.7%)
Win32 Executable (generic) (0.5%)
OS/2 Executable (generic) (0.2%)
Tags
nsis peexe signed overlay

VirusTotal metadata
First submission 2009-09-01 23:44:36 UTC ( 9 years, 5 months ago )
Last submission 2018-08-18 15:45:56 UTC ( 6 months ago )
File names 1283498942-mw3270.exe
mw3270.exe
46363
9D73734240BD45F2A8ED0BD9B9B24E006C198A91.exe
filename
mw3270.exe
octet-stream
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!