× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: 76bfa1a44e8efa9b143e918c8780f301e5c8f33bdee1025a122fde5e26e02273
Nom du fichier : rtc.exe.bin
Ratio de détection : 26 / 69
Date d'analyse : 2019-03-27 09:25:25 UTC (il y a 3 semaines, 2 jours) Voir les derniers
Antivirus Résultat Mise à jour
Ad-Aware Gen:Variant.Ursu.410036 20190327
ALYac Gen:Variant.Ursu.410036 20190327
Antiy-AVL HackTool[Hoax]/MSIL.Optimizer 20190327
Arcabit Trojan.Ursu.D641B4 20190327
Avast Win32:Malware-gen 20190327
AVG Win32:Malware-gen 20190327
BitDefender Gen:Variant.Ursu.410036 20190327
CAT-QuickHeal Trojan.MSIL 20190326
Cybereason malicious.6ff917 20190325
DrWeb Program.Unwanted.3902 20190327
Emsisoft Application.PCFixer (A) 20190327
Endgame malicious (high confidence) 20190322
ESET-NOD32 a variant of MSIL/GT32SupportGeeks.R potentially unwanted 20190327
FireEye Generic.mg.0ec4cf56ff917b69 20190327
Fortinet Riskware/Optimizer 20190327
GData Gen:Variant.Ursu.410036 20190327
Ikarus PUA.AdvancedSystemProtector 20190326
K7AntiVirus Adware ( 00541f551 ) 20190327
K7GW Adware ( 00541f551 ) 20190327
Kaspersky HEUR:Hoax.MSIL.Optimizer.gen 20190327
Malwarebytes PUP.Optional.PCVARK 20190327
MAX malware (ai score=81) 20190327
eScan Gen:Variant.Ursu.410036 20190327
Rising Hoax.Optimizer!8.FB6E (TFE:dGZlOg1t1FNtLj5VyA) 20190327
SentinelOne (Static ML) DFI - Suspicious PE 20190317
ZoneAlarm by Check Point HEUR:Hoax.MSIL.Optimizer.gen 20190327
Acronis 20190327
AegisLab 20190327
AhnLab-V3 20190327
Alibaba 20190306
Avast-Mobile 20190327
Avira (no cloud) 20190327
Babable 20180918
Baidu 20190318
Bkav 20190326
ClamAV 20190327
CMC 20190321
Comodo 20190326
CrowdStrike Falcon (ML) 20190212
Cylance 20190327
Cyren 20190327
eGambit 20190327
F-Prot 20190327
F-Secure 20190326
Sophos ML 20190313
Jiangmin 20190327
Kingsoft 20190327
McAfee 20190327
McAfee-GW-Edition 20190326
Microsoft 20190327
NANO-Antivirus 20190327
Palo Alto Networks (Known Signatures) 20190327
Panda 20190326
Qihoo-360 20190327
Sophos AV 20190327
SUPERAntiSpyware 20190321
Symantec 20190327
Symantec Mobile Insight 20190325
TACHYON 20190327
Tencent 20190327
TheHacker 20190324
Trapmine 20190325
Trustlook 20190327
VBA32 20190327
VIPRE 20190327
ViRobot 20190327
Webroot 20190327
Yandex 20190327
Zillya 20190326
Zoner 20190327
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2019

Product Secure-PC-Tool
Original name rtc.exe
Internal name rtc.exe
File version 1.0.0.2
Description Secure-PC-Tool
Comments Secure-PC-Tool
Signature verification Signed file, verified signature
Signing date 12:23 PM 3/19/2019
Signers
[+] ADEQUATE SOFTWARES
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer COMODO RSA Code Signing CA
Valid from 01:00 AM 02/20/2019
Valid to 12:59 AM 03/20/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 074067B0C482D950E072960711723313080FD305
Serial number 64 A2 B9 03 6D F6 67 B9 A9 80 DF DE A6 7F FF F8
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 05/09/2013
Valid to 11:59 PM 05/08/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] Sectigo (formerly Comodo CA)
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 01:00 AM 01/19/2010
Valid to 12:59 AM 01/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] GlobalSign TSA for MS Authenticode - G2
Status Valid
Issuer GlobalSign Timestamping CA - G2
Valid from 12:00 AM 05/24/2016
Valid to 12:00 AM 06/24/2027
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 63B82FAB61F583909695050B00249C502933EC79
Serial number 11 21 D6 99 A7 64 97 3E F1 F8 42 7E E9 19 CC 53 41 14
[+] GlobalSign Timestamping CA - G2
Status Valid
Issuer GlobalSign Root CA
Valid from 10:00 AM 04/13/2011
Valid to 01:00 PM 01/28/2028
Valid usage All
Algorithm sha1RSA
Thumbrint C0E49D2D7D90A5CD427F02D9125694D5D6EC5B71
Serial number 04 00 00 00 00 01 2F 4E E1 52 D7
[+] GlobalSign Root CA - R1
Status Valid
Issuer GlobalSign Root CA
Valid from 12:00 PM 09/01/1998
Valid to 01:00 PM 01/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbrint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-19 10:17:32
Entry Point 0x00263BBE
Number of sections 4
.NET details
Module Version ID d7bff3c1-a992-4162-9d5f-31e4f2ff5ae3
TypeLib ID 4d9850e4-e992-4eba-b4b3-25d788e5955a
PE sections
Overlays
MD5 56b9f035523a50523bdfa815e761aa8c
File type data
Offset 2562560
Size 13880
Entropy 7.41
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 6
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 9
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
Secure-PC-Tool

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.2

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Secure-PC-Tool

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
64000

EntryPoint
0x263bbe

OriginalFileName
rtc.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2019

FileVersion
1.0.0.2

TimeStamp
2019:03:19 11:17:32+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
rtc.exe

ProductVersion
1.0.0.2

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
2497536

ProductName
Secure-PC-Tool

ProductVersionNumber
1.0.0.2

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.2

File identification
MD5 0ec4cf56ff917b6981657e3f93be9a7b
SHA1 63245df0a7d8f8858aeaf639ed34df3f2fb90c43
SHA256 76bfa1a44e8efa9b143e918c8780f301e5c8f33bdee1025a122fde5e26e02273
ssdeep
49152:rEB/DIYxHc4zWoLZlEBUqkpO0g3A+vCfFMQqW1ajF:gyYxHBSH

authentihash 1c2f4c2a631f8888c001eeb6c03bb31eb319a82a5b2980573bec839f5ffa4b87
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 2.5 MB ( 2576440 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win32 Executable MS Visual C++ (generic) (34.2%)
Win64 Executable (generic) (30.3%)
Windows screen saver (14.3%)
Win32 Dynamic Link Library (generic) (7.2%)
Win32 Executable (generic) (4.9%)
Tags
peexe assembly signed overlay

VirusTotal metadata
First submission 2019-03-27 09:25:25 UTC (il y a 3 semaines, 2 jours)
Last submission 2019-03-27 09:25:25 UTC (il y a 3 semaines, 2 jours)
Noms du fichier rtc.exe.bin
rtc.exe
Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections