× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f7b67b5d5ac80f917cae082ae2cf86b50c922ff4f7a9934333e3cf0dce63df3c
File name: Aegis.exe
Detection ratio: 3 / 61
Analysis date: 2017-04-17 08:09:26 UTC ( 1 year, 11 months ago ) View latest
Antivirus Result Update
Endgame malicious (high confidence) 20170413
Rising Malware.XPACK-HIE/Heur!1.9C48 (cloud:Pek7uCj0BKG) 20170417
TheHacker Trojan/Downloader.FakeAlert.ff 20170416
Ad-Aware 20170417
AegisLab 20170417
AhnLab-V3 20170417
Alibaba 20170417
ALYac 20170417
Antiy-AVL 20170417
Arcabit 20170417
Avast 20170417
AVG 20170417
Avira (no cloud) 20170416
AVware 20170410
Baidu 20170417
BitDefender 20170417
Bkav 20170415
CAT-QuickHeal 20170417
ClamAV 20170417
CMC 20170417
Comodo 20170417
CrowdStrike Falcon (ML) 20170130
Cyren 20170417
DrWeb 20170417
Emsisoft 20170417
ESET-NOD32 20170417
F-Prot 20170417
F-Secure 20170417
Fortinet 20170417
GData 20170417
Ikarus 20170417
Sophos ML 20170413
Jiangmin 20170416
K7AntiVirus 20170417
K7GW 20170417
Kaspersky 20170417
Kingsoft 20170417
Malwarebytes 20170417
McAfee 20170417
McAfee-GW-Edition 20170417
Microsoft 20170417
eScan 20170417
NANO-Antivirus 20170416
nProtect 20170417
Palo Alto Networks (Known Signatures) 20170417
Panda 20170417
Qihoo-360 20170417
SentinelOne (Static ML) 20170330
Sophos AV 20170417
SUPERAntiSpyware 20170417
Symantec 20170416
Symantec Mobile Insight 20170414
Tencent 20170417
TrendMicro 20170417
TrendMicro-HouseCall 20170417
Trustlook 20170417
VBA32 20170414
VIPRE 20170417
ViRobot 20170417
Webroot 20170417
WhiteArmor 20170409
Yandex 20170414
Zillya 20170414
ZoneAlarm by Check Point 20170417
Zoner 20170417
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 6:51 AM 10/27/2010
Signers
[+] Neowiz CORPORATION
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 12:00 AM 10/21/2010
Valid to 11:59 PM 11/20/2011
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 64C58FF12A5C8B17D243E6CE6182265BF2CA3F4A
Serial number 75 CB 09 CA 78 6F 6E 86 DD A3 50 3B 31 2D 58 E2
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 12:00 AM 02/08/2010
Valid to 11:59 PM 02/07/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 12:00 AM 11/08/2006
Valid to 11:59 PM 07/16/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 12:00 AM 06/15/2007
Valid to 11:59 PM 06/14/2012
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 12:00 AM 12/04/2003
Valid to 11:59 PM 12/03/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 01/01/1997
Valid to 11:59 PM 12/31/2020
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-10-27 05:42:59
Entry Point 0x0000AFD3
Number of sections 6
PE sections
Overlays
MD5 b17bfa326166874ed7c28821c3afeea1
File type data
Offset 671744
Size 5960
Entropy 7.29
PE imports
DllGetClassObject
ExitProcess
lstrcpy
Number of PE resources by type
RT_ICON 9
RT_GROUP_ICON 2
RT_DIALOG 1
RT_MANIFEST 1
RT_STRING 1
RT_MENU 1
RT_ACCELERATOR 1
Number of PE resources by language
KOREAN 15
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2010:10:27 06:42:59+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
57344

LinkerVersion
8.0

FileTypeExtension
exe

InitializedDataSize
53248

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0xafd3

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

Execution parents
Compressed bundles
File identification
MD5 febc69aefe1042a568f25cb05abffd09
SHA1 33092eb3bd1e1e906ba7c74f0a52bac18dfe129b
SHA256 f7b67b5d5ac80f917cae082ae2cf86b50c922ff4f7a9934333e3cf0dce63df3c
ssdeep
12288:/MF9eQPHBktEz7U6aRPPReHm37TTdxJbMBeN3/zW85iVxxb+9d:c9ecqaz7V2ZUAN/bVPzd5iPxId

authentihash 8f4a3a83c201d83df0c99e807c2ee2b351739be1bc7372266396cb91f5e365be
imphash 27c70d9664257c3f87ffcb37c3dd0784
File size 661.8 KB ( 677704 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2010-11-04 13:12:38 UTC ( 8 years, 4 months ago )
Last submission 2019-02-06 15:56:30 UTC ( 1 month, 1 week ago )
File names febc69aefe1042a568f25cb05abffd09
Aegis.exe
smona131651258316155475901
C_Documents and Settings_HieuNC_Local Settings_Temp_AEGIS.EXE
gAegis.exe
Aegis.exe
КРД_CF.exe
smona131797815745831397561
smona131525125043938470142
file-2978431_exe
smona132418155188965622053
Aegis (1).exe
Aegis (2).exe
smona_f7b67b5d5ac80f917cae082ae2cf86b50c922ff4f7a9934333e3cf0dce63df3c.bin
F-CF MOD 4.0.exe
aegis.exe
smona132113565135892059397
filename
smona131237844867211414027
smona132776311630851609482
Legend Online Hack v2.2.exe
smona132490137416734265828
smona131928806536829213008
smona131145125553166714595
smona131610795710473036906
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!