× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f18b9f6ff518581043e35627da3c2c4cb59fb3a380d7c53fb52ae026ae4db592
File name: 048d559df99a7fee82fe5fd4dfee900a
Detection ratio: 6 / 56
Analysis date: 2016-08-23 08:25:29 UTC ( 2 years, 6 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20160823
Avira (no cloud) TR/Crypt.Xpack.kruj 20160823
ESET-NOD32 Win32/PSW.Papras.EJ 20160823
Fortinet W32/Papras.EJ!tr.pws 20160823
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dh 20160822
Sophos AV Mal/Generic-S 20160823
Ad-Aware 20160823
AegisLab 20160823
AhnLab-V3 20160823
Alibaba 20160823
ALYac 20160823
Antiy-AVL 20160823
Arcabit 20160823
AVG 20160823
AVware 20160823
Baidu 20160823
BitDefender 20160823
Bkav 20160822
CAT-QuickHeal 20160823
ClamAV 20160823
CMC 20160822
Comodo 20160823
Cyren 20160823
DrWeb 20160823
Emsisoft 20160823
F-Prot 20160823
F-Secure 20160823
GData 20160823
Ikarus 20160823
Jiangmin 20160823
K7AntiVirus 20160823
K7GW 20160823
Kaspersky 20160823
Kingsoft 20160823
Malwarebytes 20160823
McAfee 20160823
Microsoft 20160823
eScan 20160823
NANO-Antivirus 20160823
nProtect 20160823
Panda 20160822
Qihoo-360 20160823
Rising 20160823
SUPERAntiSpyware 20160823
Symantec 20160823
Tencent 20160823
TheHacker 20160821
TotalDefense 20160823
TrendMicro 20160823
TrendMicro-HouseCall 20160823
VBA32 20160822
VIPRE 20160823
ViRobot 20160823
Yandex 20160821
Zillya 20160820
Zoner 20160823
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 7:16 AM 8/22/2016
Signers
[+] Selig Michael Irfan
Status Valid
Issuer Certum Code Signing CA SHA2
Valid from 1:15 PM 6/9/2016
Valid to 1:15 PM 6/9/2017
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint C565FBC0DCB922E57AB3A9EC5F45CFA53065CB53
Serial number 45 E2 7C 4D FA 5E 61 75 56 6A 13 B1 B6 DD F3 F5
[+] Certum Code Signing CA SHA2
Status Valid
Issuer Certum Trusted Network CA
Valid from 12:30 PM 10/29/2015
Valid to 12:30 PM 6/9/2027
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 905DE119F6A0118CFFBF8B69463EFE5BD0C1D322
Serial number 6B 32 6A 0F 03 28 D3 7A 1D 53 0B FD 23 BD 48 E2
[+] Certum Trusted Network CA
Status Valid
Issuer Certum Trusted Network CA
Valid from 1:07 PM 10/22/2008
Valid to 1:07 PM 12/31/2029
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbprint 07E032E020B72C3F192F0628A2593A19A70F069E
Serial number 04 44 C0
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-22 06:15:03
Entry Point 0x00002F20
Number of sections 4
PE sections
Overlays
MD5 25a6cad7549e48e1da178f4d16a43baa
File type data
Offset 240128
Size 6832
Entropy 7.41
PE imports
GetStdHandle
GetConsoleOutputCP
HeapDestroy
SystemTimeToTzSpecificLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
InitializeCriticalSection
InterlockedDecrement
MoveFileW
SetLastError
GetSystemTime
DeviceIoControl
RemoveDirectoryW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
SetUnhandledExceptionFilter
TzSpecificLocalTimeToSystemTime
TerminateProcess
WriteConsoleA
SetCurrentDirectoryW
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CompareStringW
CreateHardLinkW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
GetShortPathNameW
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
IsDBCSLeadByte
GetEnvironmentStrings
GetCurrentProcessId
SetFileTime
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
GetACP
GetLongPathNameW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
PathIsUNCW
PathAppendW
PathFindExtensionW
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
CHINESE MACAU 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:08:22 07:15:03+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
43520

LinkerVersion
9.0

EntryPoint
0x2f20

InitializedDataSize
276480

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 048d559df99a7fee82fe5fd4dfee900a
SHA1 34d143573890e68f2c6eac5a27983c240c706e75
SHA256 f18b9f6ff518581043e35627da3c2c4cb59fb3a380d7c53fb52ae026ae4db592
ssdeep
3072:FdWTCa10d2H+mfgjSZfr0Z0Ne3ixGVYHT7d12ts8UqByzylM7JMfzV+r:eTCSrYjmQ2mqJH/d0dyzWMlMr

authentihash 1514cb3a3dec87da5ae5f73d59bdc30519e39092546571037014bc9e56b65369
imphash a725a6da7122c50ea4365f0d17d5edc7
File size 241.2 KB ( 246960 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2016-08-23 08:25:29 UTC ( 2 years, 6 months ago )
Last submission 2016-08-23 08:25:29 UTC ( 2 years, 6 months ago )
File names 048d559df99a7fee82fe5fd4dfee900a
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Code injections in the following processes
Created mutexes
Runtime DLLs
UDP communications