× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: eb7c20bc3af3a84efa507a83b571007fa20d6e58d69ab56ba6c659d53165b8c5
File name: studies.php2
Detection ratio: 36 / 69
Analysis date: 2018-12-08 05:59:51 UTC ( 2 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Agent.DKYQ 20181208
AhnLab-V3 Trojan/Win32.Agent.C2882406 20181207
ALYac Spyware.Ursnif 20181208
Arcabit Trojan.Agent.DKYQ 20181208
Avast Win32:BankerX-gen [Trj] 20181208
AVG Win32:BankerX-gen [Trj] 20181208
BitDefender Trojan.Agent.DKYQ 20181208
Comodo Malware@#3iu4hib93bp7u 20181207
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20181022
Cylance Unsafe 20181208
Cyren W32/Trojan.GUJZ-5423 20181208
DrWeb Trojan.Gozi.382 20181208
Emsisoft Trojan-Spy.Ursnif (A) 20181208
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GNOD 20181208
F-Secure Trojan.Agent.DKYQ 20181208
Fortinet W32/Agent.1560!tr 20181208
GData Win32.Trojan.Agent.44ETUY 20181208
Ikarus Trojan.Win32.Crypt 20181208
Sophos ML heuristic 20181128
Kaspersky Trojan-Spy.Win32.Ursnif.afkx 20181208
Malwarebytes Trojan.Ursnif 20181208
McAfee Emotet-FKX!1AD358E235F9 20181208
Microsoft Trojan:Win32/Occamy.C 20181208
eScan Trojan.Agent.DKYQ 20181208
NANO-Antivirus Trojan.Win32.Ursnif.fkxlsi 20181208
Panda Trj/RnkBend.A 20181207
Qihoo-360 Win32/Trojan.Spy.568 20181208
Rising Spyware.Ursnif!8.1DEF (CLOUD) 20181208
Sophos AV Troj/Ursnif-BK 20181208
Symantec Trojan.Gen.2 20181208
TrendMicro TrojanSpy.Win32.EMOTET.THABOGAH 20181208
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.THABOGAH 20181208
ViRobot Trojan.Win32.S.Agent.153968 20181207
Webroot W32.Trojan.Gen 20181208
ZoneAlarm by Check Point Trojan-Spy.Win32.Ursnif.afkx 20181208
AegisLab 20181208
Alibaba 20180921
Antiy-AVL 20181207
Avast-Mobile 20181207
Avira (no cloud) 20181208
Babable 20180918
Baidu 20181207
Bkav 20181206
CAT-QuickHeal 20181207
ClamAV 20181208
CMC 20181207
Cybereason 20180225
eGambit 20181208
F-Prot 20181208
Jiangmin 20181208
K7AntiVirus 20181207
K7GW 20181208
Kingsoft 20181208
MAX 20181208
McAfee-GW-Edition 20181208
Palo Alto Networks (Known Signatures) 20181208
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181205
Symantec Mobile Insight 20181207
TACHYON 20181208
Tencent 20181208
TheHacker 20181202
TotalDefense 20181207
Trapmine 20181205
Trustlook 20181208
VBA32 20181207
Yandex 20181207
Zillya 20181206
Zoner 20181207
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© 1984-2002 Adobe Systems Incorporated

Product BIB
Original name BIB.dll
Internal name BIB
File version 1.1.8
Description Bravo Interface Binder
Signature verification A certificate was explicitly revoked by its issuer.
Signing date 10:11 PM 12/5/2018
Signers
[+] Mashud QA Solutions Ltd
Status Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer COMODO RSA Code Signing CA
Valid from 12:00 AM 11/26/2018
Valid to 11:59 PM 11/26/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 776E562B3211BDC2A4D12A5E6D014B7C0AE29C56
Serial number 00 97 30 EE 78 C1 BD 95 52 8C 3C 7F 2C F4 FD 39 BA
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 11:00 PM 05/08/2013
Valid to 10:59 PM 05/08/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 01/19/2010
Valid to 11:59 PM 01/18/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] GlobalSign TSA for MS Authenticode - G2
Status Valid
Issuer GlobalSign Timestamping CA - G2
Valid from 11:00 PM 05/23/2016
Valid to 11:00 PM 06/23/2027
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 63B82FAB61F583909695050B00249C502933EC79
Serial number 11 21 D6 99 A7 64 97 3E F1 F8 42 7E E9 19 CC 53 41 14
[+] GlobalSign Timestamping CA - G2
Status Valid
Issuer GlobalSign Root CA
Valid from 09:00 AM 04/13/2011
Valid to 12:00 PM 01/28/2028
Valid usage All
Algorithm sha1RSA
Thumbrint C0E49D2D7D90A5CD427F02D9125694D5D6EC5B71
Serial number 04 00 00 00 00 01 2F 4E E1 52 D7
[+] GlobalSign Root CA - R1
Status Valid
Issuer GlobalSign Root CA
Valid from 11:00 AM 09/01/1998
Valid to 12:00 PM 01/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbrint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1993-03-25 23:01:31
Entry Point 0x00002D20
Number of sections 7
PE sections
Overlays
MD5 0f4a864c8ca73136111c97bed56f5d01
File type data
Offset 147456
Size 6512
Entropy 7.45
PE imports
LookupPrivilegeDisplayNameW
GetTextCharsetInfo
GetCurrentObject
GetOutlineTextMetricsA
GetBkMode
GetCurrentPositionEx
GetCharWidthA
GdiFlush
GetBitmapBits
InterlockedExchange
GetPrivateProfileSectionNamesA
GetVolumePathNameW
GetLastError
GetProcessAffinityMask
GetModuleFileNameA
LocalAlloc
GetProcessWorkingSetSize
LocalFree
FreeLibrary
GetFileInformationByHandle
GetStartupInfoA
Sleep
GetCommandLineA
DefineDosDeviceA
GetProcAddress
GetStringTypeW
LoadLibraryA
GetPrivateProfileStringW
RaiseException
GetMessageA
GetForegroundWindow
DeleteMenu
ShowOwnedPopups
InsertMenuItemW
EnumWindows
GetMenuStringA
GetCursor
GetDC
DrawTextW
GetShellWindow
DrawTextExA
GetMenuItemCount
DeletePrinter
GetColorProfileHeader
strcoll
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.1.8.1

LanguageCode
Neutral 2

FileFlagsMask
0x003f

BuildDate
Wed Feb 27 2002 00:03:05

FileDescription
Bravo Interface Binder

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
106496

EntryPoint
0x2d20

OriginalFileName
BIB.dll

MIMEType
application/octet-stream

LegalCopyright
1984-2002 Adobe Systems Incorporated

FileVersion
1.1.8

TimeStamp
1993:03:25 16:01:31-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
BIB

ProductVersion
1.1

SubsystemVersion
5.0

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Adobe Systems Incorporated

BuildVersion
24.66485

CodeSize
40960

ProductName
BIB

ProductVersionNumber
1.1.0.1

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 1ad358e235f9a49684b7c7118e6b1560
SHA1 b418d5e8f3c1715f25f22427029c62fd2f093a81
SHA256 eb7c20bc3af3a84efa507a83b571007fa20d6e58d69ab56ba6c659d53165b8c5
ssdeep
3072:/uu2Go+umCI3ae3wA4eMyHkxVGBkKSVHuE0:2uVo8oeRkxfm

authentihash 5b40a8fe663fb9a367098ceb171cae24d193fcc1ec7a09ef99cfb3d86c6eef2c
imphash c0da68619b11e3c8ff8528d3a0434d72
File size 150.4 KB ( 153968 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
revoked-cert peexe signed overlay

VirusTotal metadata
First submission 2018-12-06 14:25:26 UTC ( 2 months, 2 weeks ago )
Last submission 2018-12-21 04:27:01 UTC ( 2 months ago )
File names 1ad358e235f9a49684b7c7118e6b1560.virobj
BIB.dll
1ad358e235f9a49684b7c7118e6b1560
BIB
studies.php2
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs