× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ecc036f51373fa241d432de79b5e7d62f00a3c32ebe685c9c5b17094044b93cd
File name: gummy.exe
Detection ratio: 6 / 55
Analysis date: 2015-10-29 15:51:01 UTC ( 2 years, 9 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.DridexKD.2834464 20151029
Avast Win32:Malware-gen 20151029
ESET-NOD32 Win32/Dridex.P 20151029
Malwarebytes Trojan.Injector 20151029
TrendMicro TSPY_DRIDEX.YSO 20151029
TrendMicro-HouseCall TSPY_DRIDEX.YSO 20151029
AegisLab 20151029
Yandex 20151028
AhnLab-V3 20151029
Alibaba 20151029
ALYac 20151029
Antiy-AVL 20151029
Arcabit 20151029
AVG 20151029
Avira (no cloud) 20151029
AVware 20151029
Baidu-International 20151029
BitDefender 20151029
Bkav 20151029
ByteHero 20151029
CAT-QuickHeal 20151029
ClamAV 20151029
CMC 20151029
Comodo 20151029
Cyren 20151029
DrWeb 20151029
Emsisoft 20151029
F-Prot 20151029
F-Secure 20151029
Fortinet 20151029
GData 20151029
Ikarus 20151029
Jiangmin 20151028
K7AntiVirus 20151029
K7GW 20151029
Kaspersky 20151029
McAfee 20151029
McAfee-GW-Edition 20151029
Microsoft 20151029
eScan 20151029
NANO-Antivirus 20151029
nProtect 20151029
Panda 20151028
Qihoo-360 20151029
Rising 20151028
Sophos AV 20151029
SUPERAntiSpyware 20151028
Symantec 20151029
Tencent 20151029
TheHacker 20151028
VBA32 20151028
VIPRE 20151029
ViRobot 20151029
Zillya 20151029
Zoner 20151029
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification A certificate was explicitly revoked by its issuer.
Signing date 3:02 PM 10/28/2015
Signers
[+] LIDER
Status This certificate or one of the certificates in the certificate chain is not time valid., Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer COMODO RSA Code Signing CA
Valid from 1:00 AM 10/8/2015
Valid to 12:59 AM 10/8/2016
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 1A0A8D3954756BF348E7B61B5FBEC5A036FB2ED4
Serial number 00 81 50 07 48 04 29 D5 07 0C 80 65 1F 7A 6F A7 05
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 5/9/2013
Valid to 12:59 AM 5/9/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE?
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 1/19/2010
Valid to 12:59 AM 1/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] COMODO Time Stamping Signer
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 5/5/2015
Valid to 12:59 AM 1/1/2016
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint DF946A5E503015777FD22F46B5624ECD27BEE376
Serial number 00 9F EA C8 11 B0 F1 62 47 A5 FC 20 D8 05 23 AC E6
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-08-28 01:29:55
Entry Point 0x000431B6
Number of sections 4
PE sections
Overlays
MD5 ac8aa7db8a76e531720170580c0e7b23
File type data
Offset 323584
Size 6704
Entropy 7.51
PE imports
LsaFreeMemory
RegSaveKeyA
AreAllAccessesGranted
CreateServiceA
ObjectOpenAuditAlarmA
EncryptFileA
LsaRemoveAccountRights
RegisterServiceCtrlHandlerA
SetMetaRgn
GetCharABCWidthsFloatW
PolylineTo
GetGlyphOutlineW
PolyPolyline
RoundRect
GetPaletteEntries
SetDeviceGammaRamp
EndPath
GetEnhMetaFilePaletteEntries
UpdateColors
GetBitmapBits
Rectangle
CreateMetaFileW
GetDeviceCaps
EnumFontFamiliesExA
GetMetaFileW
PolyBezierTo
GetEnhMetaFileDescriptionA
GetMetaFileA
ChoosePixelFormat
SetPaletteEntries
CreateDCW
DPtoLP
GdiComment
GetTextExtentPointW
PlgBlt
SetAbortProc
DescribePixelFormat
GetArcDirection
SetMiterLimit
CreatePalette
CreateBrushIndirect
PlayEnhMetaFile
CreatePenIndirect
UnrealizeObject
CreateEnhMetaFileA
GetDIBColorTable
GetTextFaceA
GetDCOrgEx
CreateCompatibleDC
StrokeAndFillPath
DeleteObject
ResizePalette
Chord
ArcTo
SetViewportExtEx
Pie
RemoveFontResourceW
StrokePath
SetBitmapDimensionEx
DeleteMetaFile
SetPixelV
LineDDA
SetSystemPaletteUse
GetSystemTimeAdjustment
GetModuleHandleA
GetOverlappedResult
CreateFileW
EnumResourceTypesW
__p__fmode
_acmdln
_exit
_adjust_fdiv
exit
_XcptFilter
__getmainargs
_initterm
__setusermatherr
atof
_controlfp
__set_app_type
RasSetEntryPropertiesA
RasDeleteEntryW
RasGetEntryPropertiesA
RasDialA
RasValidateEntryNameA
DdeFreeDataHandle
DdeSetQualityOfService
IsClipboardFormatAvailable
GetClipboardFormatNameA
DdeUninitialize
GetKeyboardLayout
GetActiveWindow
ShowCursor
AttachThreadInput
OffsetRect
GetFocus
TranslateAcceleratorA
CharPrevExA
GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoA
VerQueryValueA
FindTextA
GetFileTitleW
ChooseColorW
ChooseFontW
GetSaveFileNameW
PageSetupDlgA
GetFileTitleA
ChooseColorA
CommDlgExtendedError
PageSetupDlgW
GetSaveFileNameA
Number of PE resources by type
RT_ACCELERATOR 1
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH ZIMBABWE 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileVersionNumber
0.195.108.217

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
159744

EntryPoint
0x431b6

OriginalFileName
Drunker.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2010

FileVersion
226, 239, 230, 47

TimeStamp
2006:08:28 02:29:55+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Iron

FileDescription
Intruded

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
VyPRESS Research, LLC

CodeSize
274432

FileSubtype
0

ProductVersionNumber
0.129.53.223

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 a74c6dc81ef24ed55d287f3f45ec5716
SHA1 5bc6ae49f40a17a102522db8c23ecc27f695aeec
SHA256 ecc036f51373fa241d432de79b5e7d62f00a3c32ebe685c9c5b17094044b93cd
ssdeep
6144:F1OBcqgc4lpWK9rN9ww8H2ADhW6eMf6b93gGof/4dQ:Qcqf4bbyw8H2sWfMfs93EQu

authentihash 6b4652e4562c28d82d359d825abce8640bf3e169789c44866f5fc365395ede84
imphash 9b5220e889ea9aab2c01c72e488ad765
File size 322.5 KB ( 330288 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win64 Executable (generic) (49.4%)
Windows screen saver (23.4%)
Win32 Dynamic Link Library (generic) (11.7%)
Win32 Executable (generic) (8.0%)
Generic Win/DOS Executable (3.5%)
Tags
revoked-cert peexe signed overlay

VirusTotal metadata
First submission 2015-10-29 08:04:48 UTC ( 2 years, 9 months ago )
Last submission 2016-12-16 14:10:21 UTC ( 1 year, 8 months ago )
File names gummy.exe
axae.exe
5bc6ae49f40a17a102522db8c23ecc27f695aeec
gummy (1).exe
a74c6dc81ef24ed55d287f3f45ec5716
1.exe
a74c6dc81ef24ed55d287f3f45ec5716.exe
svchost(5).exe
gummy_8.exe
a.exe
ecc036f51373fa241d432de79b5e7d62f00a3c32ebe685c9c5b17094044b93cd.bin
gummy.ex_
gummy.exe
getimg.php
q.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections