× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: 81aa83644643fb63393cba11ac616baba3d5e40ac8d50d17d1a36f8c9dd66420
Nom du fichier : rufus_v1.4.1.exe
Ratio de détection : 1 / 48
Date d'analyse : 2014-01-11 10:28:11 UTC (il y a 3 ans, 10 mois) Voir les derniers
Antivirus Résultat Mise à jour
TrendMicro-HouseCall TROJ_GEN.F47V0110 20140111
Ad-Aware 20140111
Yandex 20140110
AhnLab-V3 20140110
AntiVir 20140111
Antiy-AVL 20140111
Avast 20140111
AVG 20140110
Baidu-International 20131213
BitDefender 20140111
Bkav 20140111
ByteHero 20131226
CAT-QuickHeal 20140111
ClamAV 20140111
Commtouch 20140111
Comodo 20140111
DrWeb 20140111
Emsisoft 20140111
ESET-NOD32 20140111
F-Prot 20140111
F-Secure 20140111
Fortinet 20140111
GData 20140111
Ikarus 20140111
Jiangmin 20140110
K7AntiVirus 20140110
K7GW 20140110
Kaspersky 20140111
Kingsoft 20130829
Malwarebytes 20140111
McAfee 20140111
McAfee-GW-Edition 20140110
Microsoft 20140111
eScan 20140111
NANO-Antivirus 20140111
Norman 20140111
nProtect 20140110
Panda 20140110
Rising 20140110
Sophos AV 20140111
SUPERAntiSpyware 20140111
Symantec 20140111
TheHacker 20140110
TotalDefense 20140111
TrendMicro 20140111
VBA32 20140110
VIPRE 20140111
ViRobot 20140111
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© 2011-2013 Pete Batard (GPL v3)

Product Rufus
Original name rufus.exe
Internal name Rufus
File version 1.4.1.348
Description Rufus
Signature verification Signed file, verified signature
Signing date 1:28 PM 12/5/2013
Signers
[+] Akeo Consulting
Status Valid
Issuer COMODO Code Signing CA 2
Valid from 1:00 AM 11/12/2012
Valid to 12:59 AM 11/13/2017
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 655F6413A8F721E3286ACE95025C9E0EA132A984
Serial number 47 D7 3D 14 66 14 77 0C B3 DA AF 55 02 C4 8D 9C
[+] COMODO Code Signing CA 2
Status Valid
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 8/24/2011
Valid to 11:48 AM 5/30/2020
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint B64771392538D1EB7A9281998791C14AFD0C5035
Serial number 10 70 9D 4F F5 54 08 D7 30 60 01 D8 EA 91 75 BB
[+] UTN-USERFirst-Object
Status Valid
Issuer AddTrust External CA Root
Valid from 9:09 AM 6/7/2005
Valid to 11:48 AM 5/30/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] The USERTrust Network™
Status Valid
Issuer AddTrust External CA Root
Valid from 11:48 AM 5/30/2000
Valid to 11:48 AM 5/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbprint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
Counter signers
[+] COMODO Time Stamping Signer
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 5/10/2010
Valid to 12:59 AM 5/11/2015
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 3DBB6DB5085C6DD5A1CA7F9CF84ECB1A3910CAC8
Serial number 47 8A 8E FB 59 E1 D8 3F 0C E1 42 D2 A2 87 07 BE
[+] UTN-USERFirst-Object
Status Valid
Issuer AddTrust External CA Root
Valid from 9:09 AM 6/7/2005
Valid to 11:48 AM 5/30/2020
Valid usage All
Algorithm sha1RSA
Thumbrint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] The USERTrust Network™
Status Valid
Issuer AddTrust External CA Root
Valid from 11:48 AM 5/30/2000
Valid to 11:48 AM 5/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbrint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
Packers identified
F-PROT UPX_LZMA
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-12-05 12:28:03
Entry Point 0x0012E610
Number of sections 3
PE sections
Overlays
MD5 273bba9b857f192909547937086ec98d
File type data
Offset 540672
Size 6584
Entropy 7.38
PE imports
RegCloseKey
GetOpenFileNameW
SetBkMode
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
CoCreateGuid
ShellExecuteA
InternetOpenA
CM_Get_Child
Number of PE resources by type
RT_RCDATA 33
RT_DIALOG 8
RT_ICON 6
RT_GROUP_ICON 3
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 52
PE resources
ExifTool file metadata
LegalTrademarks
http://www.gnu.org/copyleft/gpl.html

SubsystemVersion
4.0

LinkerVersion
2.23

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.4.1.348

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Rufus

CharacterSet
Unicode

InitializedDataSize
24576

EntryPoint
0x12e610

OriginalFileName
rufus.exe

MIMEType
application/octet-stream

LegalCopyright
2011-2013 Pete Batard (GPL v3)

FileVersion
1.4.1.348

TimeStamp
2013:12:05 13:28:03+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Rufus

ProductVersion
1.4.1.348

UninitializedDataSize
720896

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Akeo Consulting (http://akeo.ie)

CodeSize
520192

ProductName
Rufus

ProductVersionNumber
1.4.1.348

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
Compressed bundles
File identification
MD5 e03c694b165b7411d1aec7197c4323df
SHA1 7e95d506667424bc4e0211e63266dbc439af216d
SHA256 81aa83644643fb63393cba11ac616baba3d5e40ac8d50d17d1a36f8c9dd66420
ssdeep
12288:IieJCLZ+4bXIsEPFJKNkYumw+84ZNIq79FJoe83TIi0gNwfRoS:eJ2tuEBjI6HJoNIipNw

authentihash ab39b584c200c3e124b76167553eb323377c55b32d218c5d040b6faeb6259eb8
imphash fbfa8e077b2191c125c10d734e386bbb
File size 534.4 KB ( 547256 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (39.3%)
Win32 EXE Yoda's Crypter (38.6%)
Win32 Dynamic Link Library (generic) (9.5%)
Win32 Executable (generic) (6.5%)
Generic Win/DOS Executable (2.9%)
Tags
peexe overlay signed upx via-tor

VirusTotal metadata
First submission 2013-12-05 12:46:49 UTC (il y a 3 ans, 11 mois)
Last submission 2017-11-09 18:29:22 UTC (il y a 1 semaine, 4 jours)
Noms du fichier rufus v1.4.1._5fantastic.pl_.exe
Rufus 1.4.1 (Build 348) Final Portable.exe
p2k5kbtgoqslytqcchtdezw3yq426iln.exe
rufus_v1.4.1.exe
Rufus(Bootable USB Drive Creator)_1.4.1.exe
Boziak2k17Studio.exe
rufus_v1.4.1 (1).exe
rufus_v1.4.1.exe
BootUSB-rufus.exe
rufus_v1.4.1.exe
rufus_v1.4.1.exe
rufus_v1.4.1.exe
filename
7e95d506667424bc4e0211e63266dbc439af216d
Rufus
file-6300501_exe
rufus_v1.4.1.exe
Rufus.exe
rufus_v1.4.1-загр флеш.exe
rufus_v1.4.1 (L).exe
rufus_v1.4.1[1].exe
81aa83644643fb63393cba11ac616baba3d5e40ac8d50d17d1a36f8c9dd66420.exe
Rufus v1.4.1.exe
test
rufus_v1.4.1 (booteable usb).exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Deleted keys
Created mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.