× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fd7fffd5c50b5a4e20bdee0e163f2aed2d7b85154ca5ada03c84d44ed38b3404
File name: file
Detection ratio: 8 / 56
Analysis date: 2016-05-05 15:34:18 UTC ( 10 hours, 6 minutes ago )
Antivirus Result Update
Antiy-AVL GrayWare[AdWare]/Win32.OpenCandy.a 20160505
Avast Win32:OpenCandy-D [PUP] 20160505
Avira (no cloud) PUA/OpenCandy.Gen 20160505
Cyren W32/OpenCandy.A.gen!Eldorado 20160505
DrWeb Adware.OpenCandy.169 20160505
ESET-NOD32 Win32/OpenCandy potentially unsafe 20160505
GData Win32.Application.OpenCandy.O 20160505
NANO-Antivirus Trojan.Win32.OpenCandy.dqxupj 20160505
ALYac 20160505
AVG 20160505
AVware 20160505
Ad-Aware 20160505
AegisLab 20160505
AhnLab-V3 20160505
Alibaba 20160505
Arcabit 20160505
Baidu 20160505
Baidu-International 20160505
BitDefender 20160505
CAT-QuickHeal 20160505
CMC 20160504
ClamAV 20160504
Comodo 20160505
Emsisoft 20160503
F-Prot 20160505
F-Secure 20160505
Fortinet 20160505
Ikarus 20160505
Jiangmin 20160505
K7AntiVirus 20160505
K7GW 20160505
Kaspersky 20160505
Kingsoft 20160505
Malwarebytes 20160505
McAfee 20160505
McAfee-GW-Edition 20160505
eScan 20160505
Microsoft 20160505
Panda 20160504
Qihoo-360 20160505
Rising 20160505
SUPERAntiSpyware 20160505
Sophos 20160505
Symantec 20160505
Tencent 20160505
TheHacker 20160505
TotalDefense 20160505
TrendMicro 20160505
TrendMicro-HouseCall 20160505
VBA32 20160505
VIPRE 20160505
ViRobot 20160505
Yandex 20160502
Zillya 20160504
Zoner 20160505
nProtect 20160504
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2013 KeyFinder LTD.

Product WiFi Password Revealer
File version 1.0.0.3
Description WiFi Password Revealer Setup
Comments This installation was built with Inno Setup.
Signature verification Signed file, verified signature
Signing date 1:18 PM 6/26/2013
Signers
[+] KeyFinder LTD
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Starfield Secure Certification Authority
Valid from 7:33 PM 2/25/2013
Valid to 4:14 PM 4/26/2016
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 25C3D3D39E7A0C6E7AB8D7009096102E363698B7
Serial number 4B 12 EA D0 A0 A9 F5
[+] Starfield Secure Certification Authority
Status Valid
Issuer Starfield Class 2 Certification Authority
Valid from 2:15 AM 11/16/2006
Valid to 2:15 AM 11/16/2026
Valid usage All
Algorithm sha1RSA
Thumbprint 7E1874A98FAA5D6D2F506A8920FF22FBD16652D9
Serial number 02 01
[+] Starfield Class 2 Certification Authority
Status Valid
Issuer Starfield Class 2 Certification Authority
Valid from 6:39 PM 6/29/2004
Valid to 6:39 PM 6/29/2034
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint AD7E1C28B064EF8F6003402014C3D0E3370EB58A
Serial number 00
Counter signers
[+] Starfield Services Timestamp Authority
Status Valid
Issuer Starfield Services Root Certificate Authority
Valid from 8:00 AM 4/11/2013
Valid to 8:00 AM 4/11/2018
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 1D8E3A688E81D1E75E89365933A833A1BB3332F1
Serial number 20 0D
[+] Starfield Technologies Inc.
Status Valid
Issuer Starfield Services Root Certificate Authority
Valid from 1:00 AM 6/2/2008
Valid to 12:59 AM 1/1/2030
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbrint 5D003860F002ED829DEAA41868F788186D62127F
Serial number 00
Packers identified
F-PROT INNO, appended
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-10-09 08:48:22
Entry Point 0x0000F3BC
Number of sections 8
PE sections
Overlays
MD5 73443731ccd5e63be2659cc1925bb7eb
File type data
Offset 397824
Size 1908488
Entropy 8.00
PE imports
RegCloseKey
OpenProcessToken
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
InitCommonControls
GetLastError
GetStdHandle
GetUserDefaultLangID
GetSystemInfo
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetThreadLocale
VirtualProtect
GetFileAttributesW
RtlUnwind
lstrlenW
GetExitCodeProcess
CreateProcessW
GetStartupInfoA
SizeofResource
GetWindowsDirectoryW
LocalAlloc
LockResource
GetDiskFreeSpaceW
GetCommandLineW
SetErrorMode
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
EnumCalendarInfoW
GetCPInfo
DeleteFileW
GetProcAddress
InterlockedCompareExchange
GetLocaleInfoW
lstrcpynW
RaiseException
WideCharToMultiByte
RemoveDirectoryW
SetFilePointer
GetFullPathNameW
ReadFile
GetEnvironmentVariableW
InterlockedExchange
CreateDirectoryW
WriteFile
GetCurrentProcess
CloseHandle
FindFirstFileW
GetACP
GetModuleHandleW
SignalObjectAndWait
SetEvent
FormatMessageW
LoadLibraryW
CreateEventW
GetVersion
LoadResource
FindResourceW
CreateFileW
VirtualQuery
VirtualFree
FindClose
TlsGetValue
Sleep
SetEndOfFile
TlsSetValue
ExitProcess
GetCurrentThreadId
VirtualAlloc
GetFileSize
SetLastError
ResetEvent
SysReAllocStringLen
SysFreeString
SysAllocStringLen
GetSystemMetrics
SetWindowLongW
MessageBoxW
PeekMessageW
LoadStringW
MessageBoxA
CreateWindowExW
MsgWaitForMultipleObjects
TranslateMessage
CharUpperBuffW
CallWindowProcW
CharNextW
GetKeyboardType
ExitWindowsEx
DispatchMessageW
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 5
RT_RCDATA 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 9
ENGLISH US 9
ExifTool file metadata
UninitializedDataSize
0

Comments
This installation was built with Inno Setup.

LinkerVersion
2.25

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
1.0.0.3

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
336384

EntryPoint
0xf3bc

MIMEType
application/octet-stream

LegalCopyright
Copyright 2013 KeyFinder LTD.

FileVersion
1.0.0.3

TimeStamp
2012:10:09 09:48:22+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

ProductVersion
1.0.0.3

FileDescription
WiFi Password Revealer Setup

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Magical Jelly Bean

CodeSize
60416

ProductName
WiFi Password Revealer

ProductVersionNumber
1.0.0.3

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 c30ae656a0168588b53fce4fc15f23c7
SHA1 7d2b0643946285148782bee82b516b190aaed420
SHA256 fd7fffd5c50b5a4e20bdee0e163f2aed2d7b85154ca5ada03c84d44ed38b3404
ssdeep
49152:zLzbedyhlr8ceE4PZmH/rXVBfjD6CQ7uMLwX1MtN:XzbeUhlrnN8EfPj2a5FMT

authentihash f4be69b3f311042513410fecbedd37b23c493cf7a9d0119d46d284710ee73788
imphash 48aa5c8931746a9655524f67b25a47ef
File size 2.2 MB ( 2306312 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Delphi generic (57.2%)
Win32 Executable (generic) (18.2%)
Win16/32 Executable Delphi generic (8.3%)
Generic Win/DOS Executable (8.0%)
DOS Executable Generic (8.0%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2013-07-07 23:16:49 UTC ( 2 years, 10 months ago )
Last submission 2016-04-13 02:43:32 UTC ( 3 weeks, 1 day ago )
File names 559443421
_2d78c62994364aec8ac6851592df7888
WiFiPasswordRevealerInstaller [www.Expert2Program.com].exe
WiFi Password Revealer 1.0.0.4 (1).exe
wifipasswordrevealerinstaller.exe
WiFiPasswordRevealerI.exe
c30ae656a0168588b53fce4fc15f23c7.7d2b0643946285148782bee82b516b190aaed420
WiFiPasswordRevealerInstaller [www.RiazAliKhan.net].exe
WiFiPasswordRevealerInstaller_2.exe
file-5747609_exe
filename
WiFiPasswordRevealer.exe
WiFiPasswordRevealerInstaller.exe
WiFi Password Revealer 1.0.0.4.exe
WiFiPasswordRevealer104.exe
WiFi-Password-Revealer1004.exe
file
wifi-password-revealer-1-0-0-4-en-win.exe
file
WiFiPasswordRevealerInstaller (2).exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!