× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f75b9e8c592a11993d0e4faea36993522f1639844cbee52a9b4f479d27a51e55
File name: SecuExtenderHelper.exe
Detection ratio: 0 / 72
Analysis date: 2019-04-19 08:11:38 UTC ( 1 month ago )
Antivirus Result Update
Acronis 20190419
Ad-Aware 20190419
AegisLab 20190419
AhnLab-V3 20190419
Alibaba 20190401
ALYac 20190419
Antiy-AVL 20190419
Arcabit 20190419
Avast 20190419
Avast-Mobile 20190415
AVG 20190419
Avira (no cloud) 20190419
Babable 20180918
Baidu 20190318
BitDefender 20190419
Bkav 20190418
CAT-QuickHeal 20190418
ClamAV 20190418
CMC 20190321
Comodo 20190418
CrowdStrike Falcon (ML) 20190212
Cybereason 20190417
Cylance 20190419
Cyren 20190419
DrWeb 20190419
eGambit 20190419
Emsisoft 20190419
Endgame 20190403
ESET-NOD32 20190419
F-Prot 20190419
F-Secure 20190419
FireEye 20190419
Fortinet 20190419
GData 20190419
Ikarus 20190419
Sophos ML 20190313
Jiangmin 20190419
K7AntiVirus 20190419
K7GW 20190419
Kaspersky 20190419
Kingsoft 20190419
Malwarebytes 20190419
MAX 20190419
MaxSecure 20190418
McAfee 20190419
McAfee-GW-Edition 20190419
Microsoft 20190419
eScan 20190419
NANO-Antivirus 20190419
Palo Alto Networks (Known Signatures) 20190419
Panda 20190418
Qihoo-360 20190419
Rising 20190419
SentinelOne (Static ML) 20190418
Sophos AV 20190419
SUPERAntiSpyware 20190418
Symantec 20190419
Symantec Mobile Insight 20190418
TACHYON 20190419
Tencent 20190419
TheHacker 20190411
TotalDefense 20190416
Trapmine 20190325
TrendMicro 20190419
TrendMicro-HouseCall 20190419
Trustlook 20190419
VBA32 20190418
ViRobot 20190419
Webroot 20190419
Yandex 20190419
Zillya 20190418
ZoneAlarm by Check Point 20190419
Zoner 20190418
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 7:20 AM 1/19/2012
Signers
[+] ZyXEL Communications Corporation
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 12:00 AM 04/28/2011
Valid to 11:59 PM 04/27/2013
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 50679FE955B2EB7D98D1E80993965B7B726AEB55
Serial number 2F 9A 23 2A A8 22 AE 59 5C C2 92 8A D5 C4 3D 01
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 12:00 AM 02/08/2010
Valid to 11:59 PM 02/07/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 12:00 AM 11/08/2006
Valid to 11:59 PM 07/16/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 12:00 AM 06/15/2007
Valid to 11:59 PM 06/14/2012
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 12:00 AM 12/04/2003
Valid to 11:59 PM 12/03/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 01/01/1997
Valid to 11:59 PM 12/31/2020
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-01-19 07:14:46
Entry Point 0x00001120
Number of sections 6
PE sections
Overlays
MD5 460efd00319c302483080dbcddb49a78
File type data
Offset 25600
Size 4472
Entropy 7.27
PE imports
CloseServiceHandle
RegQueryValueExA
RegCloseKey
StartServiceW
SetServiceStatus
QueryServiceStatus
RegisterServiceCtrlHandlerW
OpenSCManagerW
RegOpenKeyExW
RegSetValueExA
OpenServiceW
QueryServiceConfigW
ControlService
StartServiceCtrlDispatcherW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ChangeServiceConfigW
CreateIpForwardEntry
GetIpForwardTable
GetBestRoute
DeleteIpForwardEntry
GetLastError
HeapFree
GetSystemInfo
GetOverlappedResult
GetVersionExW
SetEvent
IsDebuggerPresent
HeapAlloc
RtlUnwind
GetLocalTime
DisconnectNamedPipe
GetCurrentProcess
UnhandledExceptionFilter
GetProcAddress
CreateNamedPipeW
GetProcessHeap
ReadFile
SetUnhandledExceptionFilter
WriteFile
CloseHandle
WaitForMultipleObjects
GetModuleHandleW
TerminateProcess
ConnectNamedPipe
CreateEventW
OutputDebugStringW
CreateFileW
Sleep
CommandLineToArgvW
StrCmpNW
StrChrW
StrToIntW
wnsprintfA
wvsprintfW
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:01:19 07:14:46+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
12288

LinkerVersion
9.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x1120

InitializedDataSize
12288

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 0a54b53b66dcd92d812d7e8627c4248c
SHA1 d771a4798421678e71b3067c7440d7a17e2f7554
SHA256 f75b9e8c592a11993d0e4faea36993522f1639844cbee52a9b4f479d27a51e55
ssdeep
384:ViZPepq5oYvi2UnwVajygcXeDGKt+fDRRLLQIHeeX+UCn12EYYLsYJL3GoJr:ViZPeE5awVaWp6GxfDbd+bIEL1LN

authentihash a26280d21cfe3c4bbe45184667b02ce879c98457765c170704d68279ec30a6d0
imphash 5029c6602575512d6ccc835415038ad9
File size 29.4 KB ( 30072 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2012-11-01 00:02:44 UTC ( 6 years, 6 months ago )
Last submission 2018-05-18 14:16:21 UTC ( 1 year ago )
File names SecuExtenderHelper.exe
SecuExtenderHelper.exe
SecuExtenderHelper.exe
vt-upload-DPrK5E
SecuExtenderHelper.exe
secuextenderhelper.exe
SecuExtenderHelper.exe
SecuExtenderHelper.exe
SECUEXTENDERHELPER.EXE
SecuExtenderHelper.exe
vt-upload-w5FrLz
SecuExtenderHelper.exe
secuextenderhelper.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
UDP communications