× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: a8c072743d70dd65d4f95e425a8b5c1bb86bfb87d01bc055993644e1069def32
Nom du fichier : rtc.exe.bin
Ratio de détection : 10 / 70
Date d'analyse : 2019-03-05 12:41:29 UTC (il y a 2 semaines, 6 jours)
Antivirus Résultat Mise à jour
Avira (no cloud) HEUR/AGEN.1038794 20190305
Emsisoft Application.PCFixer (A) 20190305
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of MSIL/AdvancedPcCare.B potentially unwanted 20190305
F-Secure Heuristic.HEUR/AGEN.1038794 20190305
Ikarus PUA.MSIL.Advancedpccare 20190305
Kaspersky HEUR:Hoax.MSIL.Optimizer.gen 20190305
Malwarebytes PUP.Optional.PCVARK 20190305
VBA32 CIL.StupidCryptor.Heur 20190305
ZoneAlarm by Check Point HEUR:Hoax.MSIL.Optimizer.gen 20190305
Acronis 20190222
Ad-Aware 20190305
AegisLab 20190305
AhnLab-V3 20190305
Alibaba 20180921
ALYac 20190305
Antiy-AVL 20190305
Arcabit 20190305
Avast 20190305
Avast-Mobile 20190305
AVG 20190305
Babable 20180918
Baidu 20190215
BitDefender 20190305
Bkav 20190304
CAT-QuickHeal 20190304
ClamAV 20190305
CMC 20190305
Comodo 20190305
CrowdStrike Falcon (ML) 20190212
Cybereason 20190109
Cylance 20190305
Cyren 20190305
DrWeb 20190305
eGambit 20190305
F-Prot 20190305
Fortinet 20190305
GData 20190305
Sophos ML 20181128
Jiangmin 20190305
K7AntiVirus 20190304
K7GW 20190305
Kingsoft 20190305
MAX 20190305
McAfee 20190305
McAfee-GW-Edition 20190304
Microsoft 20190305
eScan 20190305
NANO-Antivirus 20190305
Palo Alto Networks (Known Signatures) 20190305
Panda 20190303
Qihoo-360 20190305
Rising 20190305
SentinelOne (Static ML) 20190203
Sophos AV 20190305
SUPERAntiSpyware 20190227
Symantec 20190305
Symantec Mobile Insight 20190220
TACHYON 20190305
Tencent 20190305
TheHacker 20190304
TotalDefense 20190305
Trapmine 20190301
TrendMicro 20190305
TrendMicro-HouseCall 20190305
Trustlook 20190305
ViRobot 20190305
Webroot 20190305
Yandex 20190301
Zillya 20190304
Zoner 20190305
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2019

Product PC Secure Tool
Original name rtc.exe
Internal name rtc.exe
File version 3.0.2.46
Description PC Secure Tool
Comments PC Secure Tool
Signature verification Signed file, verified signature
Signing date 2:31 PM 2/19/2019
Signers
[+] ADVANCED PC UTILITIES
Status Valid
Issuer COMODO RSA Code Signing CA
Valid from 12:00 AM 01/11/2019
Valid to 11:59 PM 01/11/2020
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint C0D0512B66372F40B28A9134C5720EFA36CD0055
Serial number 6B D4 E4 91 DB 35 D3 C6 F9 B2 10 E6 F2 B1 5D DB
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 05/09/2013
Valid to 11:59 PM 05/08/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 01/19/2010
Valid to 11:59 PM 01/18/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] GlobalSign TSA for MS Authenticode - G2
Status Valid
Issuer GlobalSign Timestamping CA - G2
Valid from 12:00 AM 05/24/2016
Valid to 12:00 AM 06/24/2027
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 63B82FAB61F583909695050B00249C502933EC79
Serial number 11 21 D6 99 A7 64 97 3E F1 F8 42 7E E9 19 CC 53 41 14
[+] GlobalSign Timestamping CA - G2
Status Valid
Issuer GlobalSign Root CA
Valid from 10:00 AM 04/13/2011
Valid to 12:00 PM 01/28/2028
Valid usage All
Algorithm sha1RSA
Thumbrint C0E49D2D7D90A5CD427F02D9125694D5D6EC5B71
Serial number 04 00 00 00 00 01 2F 4E E1 52 D7
[+] GlobalSign Root CA - R1
Status Valid
Issuer GlobalSign Root CA
Valid from 12:00 PM 09/01/1998
Valid to 12:00 PM 01/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbrint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-02-19 13:30:57
Entry Point 0x0024335E
Number of sections 3
.NET details
Module Version ID 3a39e269-ee8c-42e8-95cf-0789cb0cbd73
TypeLib ID 528f516b-1c2b-4c53-a497-b0293a7e0b9f
PE sections
Overlays
MD5 93f6e6f52142450ef6271eeb9c39c56a
File type data
Offset 2425856
Size 14024
Entropy 7.40
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 6
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 9
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
PC Secure Tool

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.0.2.46

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
PC Secure Tool

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
60928

EntryPoint
0x24335e

OriginalFileName
rtc.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2019

FileVersion
3.0.2.46

TimeStamp
2019:02:19 14:30:57+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
rtc.exe

ProductVersion
3.0.2.46

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
2364416

ProductName
PC Secure Tool

ProductVersionNumber
3.0.2.46

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
3.0.2.46

File identification
MD5 5f198620f89110651f13c0dc71c14fc8
SHA1 a33f36ae34a48133a2b0d5187dd6378af8d4d0a6
SHA256 a8c072743d70dd65d4f95e425a8b5c1bb86bfb87d01bc055993644e1069def32
ssdeep
49152:/w865YRI4Dc2zYA0ZBZaeqJqk4QMbm+md+F1:/w8d+4DHQZaeqJqk4QM6jdK

authentihash 96ff9b3006a053ed42622886148077e89e4123288416c30138edd1ec15ac884c
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 2.3 MB ( 2439880 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win64 Executable (generic) (47.7%)
Windows screen saver (22.6%)
Win32 Dynamic Link Library (generic) (11.3%)
Win32 Executable (generic) (7.7%)
OS/2 Executable (generic) (3.5%)
Tags
peexe assembly signed overlay

VirusTotal metadata
First submission 2019-03-05 12:41:29 UTC (il y a 2 semaines, 6 jours)
Last submission 2019-03-05 12:41:29 UTC (il y a 2 semaines, 6 jours)
Noms du fichier rtc.exe.bin
rtc.exe
Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections