× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ece0297f75938ce830516a3d978cdf6e24486a93f1e1ececf203f73380ad0112
File name: poet.installer.exe
Detection ratio: 1 / 48
Analysis date: 2014-01-14 08:50:48 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
Antiy-AVL Monitor/Win32.Ardamax 20140113
AVG 20140114
Ad-Aware 20140114
Agnitum 20140114
AhnLab-V3 20140113
AntiVir 20140114
Avast 20140114
Baidu-International 20131213
BitDefender 20140114
Bkav 20140114
ByteHero 20131226
CAT-QuickHeal 20140114
ClamAV 20140114
Commtouch 20140114
Comodo 20140114
DrWeb 20140114
ESET-NOD32 20140114
Emsisoft 20140114
F-Prot 20140114
F-Secure 20140114
Fortinet 20140113
GData 20140114
Ikarus 20140114
Jiangmin 20140114
K7AntiVirus 20140113
K7GW 20140113
Kaspersky 20140114
Kingsoft 20130829
Malwarebytes 20140114
McAfee 20140114
McAfee-GW-Edition 20140114
MicroWorld-eScan 20140114
Microsoft 20140113
NANO-Antivirus 20140113
Norman 20140114
Panda 20140113
Rising 20140113
SUPERAntiSpyware 20140114
Sophos 20140114
Symantec 20140114
TheHacker 20140112
TotalDefense 20140114
TrendMicro 20140114
TrendMicro-HouseCall 20140114
VBA32 20140113
VIPRE 20140114
ViRobot 20140114
nProtect 20140114
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Publisher X2Net DEMO Certificate Only
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signers
[+] X2Net DEMO Certificate Only
Status A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Valid from 3:43 PM 10/19/2006
Valid to 12:59 AM 1/1/2040
Valid usage Code Signing, Timestamp Signing
Algorithm MD5
Thumbprint EEF8A4C30C25F0206D0B84BD7C61CFCCDCC20C83
Serial number 61 E9 59 FD E0 03 23 BA 43 2C ED A6 EA 0D D1 6B
[+] X2Net TESTING ROOT ONLY
Status A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Valid from 3:37 PM 10/19/2006
Valid to 12:59 AM 1/1/2040
Valid usage All
Algorithm MD5
Thumbprint 6C2711B5F2473B087690B858DAEB8429CDCDFEBF
Serial number E3 93 F4 B0 FB 85 73 BD 48 AE 1E 0D 7A 41 95 E0
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm MD5
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT RAR, UTF-8
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-11 14:33:58
Link date 3:33 PM 8/11/2013
Entry Point 0x0001D338
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
InitCommonControlsEx
GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError
GetDeviceCaps
DeleteDC
SelectObject
StretchBlt
GetObjectW
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
WaitForSingleObject
GetFileAttributesW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
InitializeCriticalSection
FindClose
InterlockedDecrement
MoveFileW
GetFullPathNameW
SetLastError
GetSystemTime
DeviceIoControl
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
SetThreadPriority
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFileAttributesW
CreateThread
SetEnvironmentVariableW
MoveFileExW
SetUnhandledExceptionFilter
TerminateProcess
CreateSemaphoreW
WriteConsoleA
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
GetNumberFormatW
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoA
SystemTimeToFileTime
GetDateFormatW
SetEvent
DeleteFileW
GetProcAddress
CreateFileMappingW
CompareStringW
WriteFile
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
CreateDirectoryW
ResetEvent
FindFirstFileW
GetProcessAffinityMask
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
DosDateTimeToFileTime
LCMapStringW
GetShortPathNameW
UnmapViewOfFile
GetConsoleCP
LCMapStringA
GetTimeFormatW
GetEnvironmentStringsW
IsDBCSLeadByte
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
ReleaseSemaphore
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetLongPathNameW
IsValidCodePage
HeapCreate
FindResourceW
VirtualFree
Sleep
VirtualAlloc
CreateHardLinkW
VariantInit
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
SHGetMalloc
SHAutoComplete
MapWindowPoints
SetFocus
GetParent
UpdateWindow
EndDialog
LoadBitmapW
SetWindowTextW
DefWindowProcW
IsWindow
GetWindowTextW
GetMessageW
ShowWindow
SetWindowPos
wvsprintfW
GetSystemMetrics
SetWindowLongW
MessageBoxW
SendMessageW
GetWindowRect
RegisterClassExW
CharUpperW
DialogBoxParamW
SendDlgItemMessageW
GetDlgItemTextW
PostMessageW
GetSysColor
SetDlgItemTextW
GetDC
GetWindowLongW
ReleaseDC
DestroyIcon
TranslateMessage
IsWindowVisible
LoadStringW
GetClientRect
GetDlgItem
GetWindow
OemToCharBuffA
DispatchMessageW
PeekMessageW
GetClassNameW
CopyRect
WaitForInputIdle
LoadCursorW
LoadIconW
FindWindowExW
CreateWindowExW
EnableWindow
SetForegroundWindow
DestroyWindow
CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromString
OleInitialize
OleUninitialize
Number of PE resources by type
RT_STRING 9
RT_DIALOG 6
RT_ICON 4
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 22
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:08:11 15:33:58+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
152064

LinkerVersion
9.0

FileAccessDate
2014:11:02 01:17:35+01:00

EntryPoint
0x1d338

InitializedDataSize
175104

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

FileCreateDate
2014:11:02 01:17:35+01:00

UninitializedDataSize
0

File identification
MD5 128cfb6d1100b1ea7527d5af232f4c4c
SHA1 dff2f3dc91e21f09c191a7bbf2e9e1c15873bd5c
SHA256 ece0297f75938ce830516a3d978cdf6e24486a93f1e1ececf203f73380ad0112
ssdeep
49152:xULDFMmCQQqeMkGDSp9sgTaAnCP/C2rSgTd:WvF80KdJnUqHgTd

authentihash 4ad977a3f18c7d651f5af6476b67a81dab4e61ad0372cf5dd2f2040a44fb182c
imphash 3eaa732d4dae53340f9646bdd85dac41
File size 1.6 MB ( 1641264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe signed

VirusTotal metadata
First submission 2014-01-09 23:15:39 UTC ( 1 year, 4 months ago )
Last submission 2014-01-22 15:44:32 UTC ( 1 year, 4 months ago )
File names poet.installer.exe
dff2f3dc91e21f09c191a7bbf2e9e1c15873bd5c
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.