× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: adce267b9e0e470bb90700f4650c4881c4ae2264ad3de1f9267a62082ba82332
Nom du fichier : rtc.exe
Ratio de détection : 37 / 71
Date d'analyse : 2019-03-29 23:31:50 UTC (il y a 2 semaines, 6 jours) Voir les derniers
Antivirus Résultat Mise à jour
Ad-Aware Gen:Variant.Ursu.410036 20190329
Alibaba Hoax:MSIL/AdvancedPcCare.068fcc16 20190306
ALYac Gen:Variant.Ursu.410036 20190329
Antiy-AVL HackTool[Hoax]/MSIL.Optimizer 20190329
Arcabit Trojan.Ursu.D641B4 20190329
Avast Win32:Malware-gen 20190329
AVG Win32:Malware-gen 20190329
Avira (no cloud) HEUR/AGEN.1038794 20190329
BitDefender Gen:Variant.Ursu.410036 20190329
Cylance Unsafe 20190329
DrWeb Program.Unwanted.3902 20190329
Emsisoft Application.PCFixer (A) 20190329
ESET-NOD32 a variant of MSIL/AdvancedPcCare.B potentially unwanted 20190329
F-Secure Heuristic.HEUR/AGEN.1038794 20190329
FireEye Generic.mg.e837d8067a862b41 20190329
Fortinet Riskware/Optimizer 20190329
GData Gen:Variant.Ursu.410036 20190329
Ikarus PUA.MSIL.Advancedpccare 20190329
K7AntiVirus Adware ( 004f76781 ) 20190329
K7GW Adware ( 004f76781 ) 20190329
Kaspersky HEUR:Hoax.MSIL.Optimizer.gen 20190329
Malwarebytes PUP.Optional.PCVARK 20190329
MAX malware (ai score=80) 20190329
McAfee Artemis!E837D8067A86 20190329
McAfee-GW-Edition Artemis!Trojan 20190329
Microsoft Misleading:Win32/Lodi 20190329
eScan Gen:Variant.Ursu.410036 20190329
NANO-Antivirus Riskware.Win32.Optimizer.fokhqy 20190329
Palo Alto Networks (Known Signatures) generic.ml 20190329
Panda Trj/CI.A 20190329
Qihoo-360 Win32/Trojan.Hoax.311 20190329
Rising Hoax.Optimizer!8.FB6E (CLOUD) 20190329
SentinelOne (Static ML) DFI - Suspicious PE 20190317
Sophos AV Mal/Generic-S 20190329
TrendMicro-HouseCall TROJ_GEN.R002H07CO19 20190329
VBA32 CIL.StupidCryptor.Heur 20190329
ZoneAlarm by Check Point HEUR:Hoax.MSIL.Optimizer.gen 20190329
Acronis 20190327
AegisLab 20190329
AhnLab-V3 20190329
Avast-Mobile 20190329
Babable 20180918
Baidu 20190318
Bkav 20190329
CAT-QuickHeal 20190329
ClamAV 20190329
CMC 20190321
Comodo 20190329
CrowdStrike Falcon (ML) 20190212
Cybereason 20190327
Cyren 20190329
eGambit 20190329
Endgame 20190322
F-Prot 20190329
Sophos ML 20190313
Jiangmin 20190329
Kingsoft 20190329
SUPERAntiSpyware 20190327
Symantec 20190329
Symantec Mobile Insight 20190325
TACHYON 20190329
Tencent 20190329
TheHacker 20190327
TotalDefense 20190327
Trapmine 20190325
TrendMicro 20190329
Trustlook 20190329
ViRobot 20190329
Webroot 20190329
Yandex 20190329
Zillya 20190329
Zoner 20190329
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2019

Product PC Secure Tool
Original name rtc.exe
Internal name rtc.exe
File version 1.0.0.0
Description PC Secure Tool
Comments PC Secure Tool
Signature verification Signed file, verified signature
Signing date 1:43 PM 3/15/2019
Signers
[+] ADEQUATE SOFTWARES
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer COMODO RSA Code Signing CA
Valid from 01:00 AM 02/20/2019
Valid to 12:59 AM 03/20/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 074067B0C482D950E072960711723313080FD305
Serial number 64 A2 B9 03 6D F6 67 B9 A9 80 DF DE A6 7F FF F8
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 05/09/2013
Valid to 11:59 PM 05/08/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] Sectigo (formerly Comodo CA)
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 01:00 AM 01/19/2010
Valid to 12:59 AM 01/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] GlobalSign TSA for MS Authenticode - G2
Status Valid
Issuer GlobalSign Timestamping CA - G2
Valid from 12:00 AM 05/24/2016
Valid to 12:00 AM 06/24/2027
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 63B82FAB61F583909695050B00249C502933EC79
Serial number 11 21 D6 99 A7 64 97 3E F1 F8 42 7E E9 19 CC 53 41 14
[+] GlobalSign Timestamping CA - G2
Status Valid
Issuer GlobalSign Root CA
Valid from 10:00 AM 04/13/2011
Valid to 01:00 PM 01/28/2028
Valid usage All
Algorithm sha1RSA
Thumbrint C0E49D2D7D90A5CD427F02D9125694D5D6EC5B71
Serial number 04 00 00 00 00 01 2F 4E E1 52 D7
[+] GlobalSign Root CA - R1
Status Valid
Issuer GlobalSign Root CA
Valid from 12:00 PM 09/01/1998
Valid to 01:00 PM 01/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbrint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-15 11:41:44
Entry Point 0x00241D32
Number of sections 3
.NET details
Module Version ID f179ac98-4968-4b7a-eefb-1ebc76f7c3e1
TypeLib ID b937e15e-ffab-46d9-b346-4409faac98d4
PE sections
Overlays
MD5 a0868b82ce74928d401c534b65b3d276
File type data
Offset 2420224
Size 13880
Entropy 7.40
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 6
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 9
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
PC Secure Tool

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
PC Secure Tool

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
60928

EntryPoint
0x241d32

OriginalFileName
rtc.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2019

FileVersion
1.0.0.0

TimeStamp
2019:03:15 12:41:44+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
rtc.exe

ProductVersion
1.0.0.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
2358784

ProductName
PC Secure Tool

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

File identification
MD5 e837d8067a862b419255497332f8490d
SHA1 13b0407c172cb778f8844c7469d4ba29b7861eb9
SHA256 adce267b9e0e470bb90700f4650c4881c4ae2264ad3de1f9267a62082ba82332
ssdeep
24576:AwgaWsN6nkCPB/gBGf722mr6Y7ghLC51KS4I9jYWw+/o68l6hoRbzrnUxALAjSes:4joSWwxTkoRb/QBjJAaWYERoiKMVFsVQ

authentihash 7e78587e6b7f90326bd1ece4133ab439854e15879aee96a16e4b4b7a9d10f412
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 2.3 MB ( 2434104 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win64 Executable (generic) (47.7%)
Windows screen saver (22.6%)
Win32 Dynamic Link Library (generic) (11.3%)
Win32 Executable (generic) (7.7%)
OS/2 Executable (generic) (3.5%)
Tags
peexe assembly signed overlay

VirusTotal metadata
First submission 2019-03-24 16:08:45 UTC (il y a 3 semaines, 5 jours)
Last submission 2019-03-24 16:08:45 UTC (il y a 3 semaines, 5 jours)
Noms du fichier rtc.exe
Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections