× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fee4cd384c522afec9854a12c52b5ace6865c3c54963aa4414c084ef99ae4fee
File name: mobile.php2
Detection ratio: 7 / 68
Analysis date: 2018-11-15 06:17:43 UTC ( 4 months ago ) View latest
Antivirus Result Update
Acronis malware 20180726
AVG FileRepMalware 20181115
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20181022
Cylance Unsafe 20181115
Kaspersky UDS:DangerousObject.Multi.Generic 20181115
Rising Malware.Heuristic!ET#95% (RDM+:cmRtazo01Mn7WFzZAx423KXN/0+P) 20181115
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181115
Ad-Aware 20181115
AegisLab 20181115
AhnLab-V3 20181114
Alibaba 20180921
ALYac 20181115
Antiy-AVL 20181115
Arcabit 20181115
Avast 20181115
Avast-Mobile 20181114
Avira (no cloud) 20181115
AVware 20180925
Babable 20180918
Baidu 20181115
BitDefender 20181115
Bkav 20181114
CAT-QuickHeal 20181114
ClamAV 20181115
CMC 20181115
Cybereason 20180225
Cyren 20181115
DrWeb 20181115
eGambit 20181115
Emsisoft 20181115
Endgame 20181108
ESET-NOD32 20181115
F-Prot 20181115
F-Secure 20181115
Fortinet 20181115
GData 20181115
Ikarus 20181114
Sophos ML 20181108
Jiangmin 20181115
K7AntiVirus 20181113
K7GW 20181115
Kingsoft 20181115
Malwarebytes 20181115
MAX 20181115
McAfee 20181115
McAfee-GW-Edition 20181115
Microsoft 20181115
eScan 20181115
NANO-Antivirus 20181115
Palo Alto Networks (Known Signatures) 20181115
Panda 20181114
Qihoo-360 20181115
SentinelOne (Static ML) 20181011
Sophos AV 20181115
SUPERAntiSpyware 20181114
Symantec 20181115
Symantec Mobile Insight 20181108
TACHYON 20181115
Tencent 20181115
TheHacker 20181113
TrendMicro 20181115
TrendMicro-HouseCall 20181115
Trustlook 20181115
VBA32 20181114
VIPRE 20181114
ViRobot 20181115
Webroot 20181115
Yandex 20181113
Zillya 20181114
Zoner 20181115
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright 2016 The Apache Software Foundation.

Product Apache HTTP Server
Original name httpd.exe
Internal name httpd.exe
File version 2.4.25
Description Apache HTTP Server
Comments Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Signature verification A certificate was explicitly revoked by its issuer.
Signing date 7:31 AM 11/14/2018
Signers
[+] Victino Limited
Status Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer COMODO RSA Code Signing CA
Valid from 11:00 PM 10/11/2018
Valid to 10:59 PM 10/12/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 91EF650EC8CB480635B49C4D23506340406A242F
Serial number 00 96 75 F5 27 A4 98 31 DF 36 0C B4 CB 13 6F CF 98
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 11:00 PM 05/08/2013
Valid to 10:59 PM 05/08/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 01/19/2010
Valid to 11:59 PM 01/18/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] Starfield Timestamp Authority - G2
Status Valid
Issuer Starfield Secure Certificate Authority - G2
Valid from 06:00 AM 10/16/2018
Valid to 06:00 AM 10/16/2023
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint C5B27CA5A9E68AC3D6A06F1A632175259ACD9032
Serial number 1F DC 58 E9 66 08 4C 0E
[+] Starfield Secure Certificate Authority - G2
Status Valid
Issuer Starfield Root Certificate Authority - G2
Valid from 06:00 AM 05/03/2011
Valid to 06:00 AM 05/03/2031
Valid usage All
Algorithm sha256RSA
Thumbrint 7EDC376DCFD45E6DDF082C160DF6AC21835B95D4
Serial number 07
[+] Starfield Root Certificate Authority – G2
Status Valid
Issuer Starfield Root Certificate Authority - G2
Valid from 11:00 PM 08/31/2009
Valid to 11:59 PM 12/31/2037
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha256RSA
Thumbrint B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2074-08-02 17:36:38
Entry Point 0x00001E80
Number of sections 6
PE sections
Overlays
MD5 c52c8629b606d8c53089a012b96621a2
File type data
Offset 311296
Size 6944
Entropy 7.36
PE imports
SetTextJustification
GetCurrentPositionEx
FindResourceExA
FlsFree
GetModuleHandleW
GetTimeZoneInformation
DeleteSecurityContext
GetUpdateRect
GetClipboardData
Number of PE resources by type
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
4294905856

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.4.25.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Apache HTTP Server

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
290816

EntryPoint
0x1e80

OriginalFileName
httpd.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2016 The Apache Software Foundation.

FileVersion
2.4.25

TimeStamp
2074:08:02 10:36:38-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
httpd.exe

ProductVersion
2.4.25

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Apache Software Foundation

CodeSize
20480

ProductName
Apache HTTP Server

ProductVersionNumber
2.4.25.0

DistributedBy
The Apache Haus

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 842fe65bd1063b005809b5cd0c5413ff
SHA1 d1be696658192ede0fa3fad0e149deff5b668ed9
SHA256 fee4cd384c522afec9854a12c52b5ace6865c3c54963aa4414c084ef99ae4fee
ssdeep
1536:GqNVWOFkxCSZmI92xRHnpnChdkIvhECWBUknrbh7p3ST1Ru5oqqIJeBC55URiZ:G+zWxCgmYKJkhdkIpEFX1pMeoIJeBCv9

authentihash f407bf41c95f8bdcf80eb0ecb0655ede01e087fb8a21aa0441fdde74bf43dc5a
imphash 18453d25c56236680736ee3211c2da53
File size 310.8 KB ( 318240 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
revoked-cert peexe signed overlay

VirusTotal metadata
First submission 2018-11-15 03:52:10 UTC ( 4 months ago )
Last submission 2018-11-22 10:47:50 UTC ( 3 months, 4 weeks ago )
File names 842fe65bd1063b005809b5cd0c5413ff
mobile.php2
httpd.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!