× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f6208f047b9e6f442174b7cc79879dec471f9b14bea7ae45b02ed9d8a23d0e21
File name: tryewdgh.exe
Detection ratio: 7 / 57
Analysis date: 2015-06-08 17:34:26 UTC ( 3 years, 11 months ago ) View latest
Antivirus Result Update
AVware Trojan.Compcert.51415 (fs) 20150608
ESET-NOD32 Win32/Dridex.P 20150608
Kaspersky UDS:DangerousObject.Multi.Generic 20150608
Panda Trj/Chgt.O 20150608
Qihoo-360 HEUR/QVM03.0.Malware.Gen 20150608
Tencent Trojan.Win32.YY.Gen.18 20150608
VIPRE Trojan.Compcert.51415 (fs) 20150608
Ad-Aware 20150608
AegisLab 20150608
Yandex 20150608
AhnLab-V3 20150608
Alibaba 20150608
ALYac 20150608
Antiy-AVL 20150608
Arcabit 20150608
Avast 20150608
AVG 20150608
Avira (no cloud) 20150608
Baidu-International 20150608
BitDefender 20150608
Bkav 20150608
ByteHero 20150608
CAT-QuickHeal 20150608
ClamAV 20150608
CMC 20150604
Comodo 20150608
Cyren 20150608
DrWeb 20150608
Emsisoft 20150608
F-Prot 20150608
F-Secure 20150608
Fortinet 20150608
GData 20150608
Ikarus 20150608
Jiangmin 20150607
K7AntiVirus 20150608
K7GW 20150608
Kingsoft 20150608
Malwarebytes 20150608
McAfee 20150608
McAfee-GW-Edition 20150607
Microsoft 20150608
eScan 20150608
NANO-Antivirus 20150608
nProtect 20150608
Rising 20150608
Sophos AV 20150608
SUPERAntiSpyware 20150608
Symantec 20150608
TheHacker 20150607
TotalDefense 20150608
TrendMicro 20150608
TrendMicro-HouseCall 20150608
VBA32 20150608
ViRobot 20150608
Zillya 20150608
Zoner 20150608
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Publisher 3 AM CHP
Signature verification A certificate was explicitly revoked by its issuer.
Signers
[+] 3 AM CHP
Status Valid
Issuer None
Valid from 1:00 AM 5/11/2015
Valid to 12:59 AM 5/11/2016
Valid usage Code Signing
Algorithm 1.2.840.113549.1.1.11
Thumbprint 3D8D283756A8F97A1313C3155CF330CEE5DFBC0B
Serial number 00 9E 9F 13 B0 85 D5 B6 14 8E CF EB C6 DF D1 EC F0
[+] COMODO RSA Code Signing CA
Status Valid
Issuer None
Valid from 1:00 AM 5/9/2013
Valid to 12:59 AM 5/9/2028
Valid usage Code Signing
Algorithm 1.2.840.113549.1.1.12
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO
Status Valid
Issuer None
Valid from 1:00 AM 1/19/2010
Valid to 12:59 AM 1/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm 1.2.840.113549.1.1.12
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] COMODO Time Stamping Signer
Status Valid
Issuer None
Valid from 1:00 AM 5/5/2015
Valid to 12:59 AM 1/1/2016
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint DF946A5E503015777FD22F46B5624ECD27BEE376
Serial number 00 9F EA C8 11 B0 F1 62 47 A5 FC 20 D8 05 23 AC E6
[+] USERTrust
Status Valid
Issuer None
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm SHA1
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-09-02 10:45:10
Entry Point 0x0003A7FE
Number of sections 3
.NET details
Module Version ID c6bebf67-7c3e-47eb-9e9b-a012cd03893f
PE sections
Overlays
MD5 012bf1d15e3bea3a1dff4759ee9c7e3a
File type data
Offset 234496
Size 3816
Entropy 7.39
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
2048

EntryPoint
0x3a7fe

OriginalFileName
SkimStiffenerRadiancy

MIMEType
application/octet-stream

TimeStamp
2004:09:02 11:45:10+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
SkimStiffenerRadiancy

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
231936

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 5c27ce841ea8afd218944bc4cac64c9f
SHA1 ba94af17e4f83aeabe8efc47f6701ca88cc9d969
SHA256 f6208f047b9e6f442174b7cc79879dec471f9b14bea7ae45b02ed9d8a23d0e21
ssdeep
6144:LYwWF3BzQrpv7Wz/TMncK9LkmrXsdL47w5936MXk06AU:FwsjWz/TqVnpw+9

authentihash 298167ce2cd71f0cce449e896d29a5ec6cc05790f704604fd2da42ede2bb7e6d
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 232.7 KB ( 238312 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe assembly signed overlay

VirusTotal metadata
First submission 2015-06-08 13:54:16 UTC ( 3 years, 11 months ago )
Last submission 2015-06-15 15:17:11 UTC ( 3 years, 11 months ago )
File names test.exe
crypted.120.exe
tryewdgh.exe
crypted.120[1].exe
spam.exe
f6208f047b9e6f442174b7cc79879dec471f9b14bea7ae45b02ed9d8a23d0e21.bin
crypted.120_VIRUS.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections