× Kolačići su onemogućeni. Ovo web-mesto zahtijeva kolačiće kako bi normalno funkcioniralo
SHA256: d8057b046d34d916d125701e314cfdf6c7f404264a9d10004954d62b3b88efe8
Ime datoteke: hbViiBVoLoOnE.exe
Omjer otkrivanja: 13 / 66
Datum analize: 2018-03-13 12:16:52 UTC (prije 1 godina, 2 mjeseci) Pogledaj posljednje
Antivirus Rezultat Ažuriranje
Avast FileRepMalware 20180313
AVG FileRepMalware 20180313
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180313
CrowdStrike Falcon (ML) malicious_confidence_70% (D) 20170201
Cylance Unsafe 20180313
Endgame malicious (high confidence) 20180308
Sophos ML heuristic 20180121
Kaspersky UDS:DangerousObject.Multi.Generic 20180313
Palo Alto Networks (Known Signatures) generic.ml 20180313
Qihoo-360 HEUR/QVM20.1.CB98.Malware.Gen 20180313
Rising Malware.XPACK-LNR/Heur!1.5594 (CLASSIC) 20180313
Webroot W32.Trojan.Gen 20180313
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180313
Ad-Aware 20180313
AegisLab 20180313
AhnLab-V3 20180312
Alibaba 20180313
ALYac 20180313
Antiy-AVL 20180313
Arcabit 20180313
Avast-Mobile 20180313
Avira (no cloud) 20180313
AVware 20180313
BitDefender 20180313
Bkav 20180313
CAT-QuickHeal 20180313
ClamAV 20180313
CMC 20180313
Comodo 20180313
Cybereason None
Cyren 20180313
DrWeb 20180313
eGambit 20180313
Emsisoft 20180313
ESET-NOD32 20180313
F-Prot 20180313
F-Secure 20180313
Fortinet 20180313
GData 20180313
Ikarus 20180313
Jiangmin 20180313
K7AntiVirus 20180313
K7GW 20180313
Kingsoft 20180313
Malwarebytes 20180313
MAX 20180313
McAfee 20180313
McAfee-GW-Edition 20180313
Microsoft 20180313
eScan 20180313
NANO-Antivirus 20180313
nProtect 20180313
Panda 20180312
SentinelOne (Static ML) 20180225
Sophos AV 20180313
SUPERAntiSpyware 20180313
Symantec 20180313
Symantec Mobile Insight 20180311
Tencent 20180313
TheHacker 20180311
TrendMicro 20180313
TrendMicro-HouseCall 20180313
Trustlook 20180313
VBA32 20180313
VIPRE 20180313
ViRobot 20180313
WhiteArmor 20180223
Yandex 20180313
Zillya 20180312
Zoner 20180313
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft Synchronization Framework
Original name WINSYNC.DLL
Internal name WINSYNC
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Synchronization Framework
Signature verification A certificate was explicitly revoked by its issuer.
Signing date 8:49 AM 3/13/2018
Signers
[+] eGlobe Ltd
Status Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer COMODO RSA Code Signing CA
Valid from 12:00 AM 02/23/2018
Valid to 11:59 PM 02/23/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint D43FFC11119D214FCF9C4E3F859C4D07C15D3179
Serial number 5A 8C 22 C9 85 27 CE 6D BA 91 98 D2 CA 17 DA 99
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 11:00 PM 05/08/2013
Valid to 10:59 PM 05/08/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 01/19/2010
Valid to 11:59 PM 01/18/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] DigiCert Timestamp Responder
Status Valid
Issuer DigiCert Assured ID CA-1
Valid from 11:00 PM 10/21/2014
Valid to 11:00 PM 10/21/2024
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 614D271D9102E30169822487FDE5DE00A352B01D
Serial number 03 01 9A 02 3A FF 58 B1 6B D6 D5 EA E6 17 F0 66
[+] DigiCert Assured ID CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 12:00 AM 11/10/2006
Valid to 12:00 AM 11/10/2021
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing
Algorithm sha1RSA
Thumbrint 19A09B5A36F4DD99727DF783C17A51231A56C117
Serial number 06 FD F9 03 96 03 AD EA 00 0A EB 3F 27 BB BA 1B
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 12:00 AM 11/10/2006
Valid to 12:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbrint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1994-01-31 15:39:30
Entry Point 0x00002C83
Number of sections 6
PE sections
Overlays
MD5 c990928d68ef9ca1fa232aebb3b9a925
File type data
Offset 160256
Size 7520
Entropy 7.24
PE imports
CryptGetOIDFunctionAddress
EnumEnhMetaFile
PatBlt
GetNearestPaletteIndex
DeleteMetaFile
SetupComm
OpenSemaphoreW
GetTickCount
SetWaitableTimer
FreeConsole
DsGetDcNameW
NdrAsyncServerCall
StrToIntExW
IntersectRect
SetLastErrorEx
FindFirstUrlCacheEntryW
SetPrinterDataExW
CoResumeClassObjects
CoAddRefServerProcess
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2007.94.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Synchronization Framework

ImageFileCharacteristics
Executable, 32-bit, System file

CharacterSet
Unicode

InitializedDataSize
140800

EntryPoint
0x2c83

OriginalFileName
WINSYNC.DLL

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
1994:01:31 16:39:30+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
WINSYNC

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
18432

ProductName
Microsoft Synchronization Framework

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 dab02e5d3e48ad35962ab00324222454
SHA1 96f54d7ea10f3fc56c130f523d7778a67564f278
SHA256 d8057b046d34d916d125701e314cfdf6c7f404264a9d10004954d62b3b88efe8
ssdeep
3072:a4x0H7DKdtT2MOCFHt4fcUceATznvFVn9KY2bx8hDCO3lK:V0HHKdsMVu7Yr959KYo8a

authentihash 3f1d03f695a994eb7b89365630d3bc33f5cc59c2e7098338330ec3105b27cca1
imphash 4dcc26215537524850b594a645d7e940
File size 163.8 KB ( 167776 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
revoked-cert peexe signed overlay

VirusTotal metadata
First submission 2018-03-13 12:16:52 UTC (prije 1 godina, 2 mjeseci)
Last submission 2018-05-25 10:22:25 UTC (prije 12 mjeseci)
Imena datoteka WINSYNC
hbViiBVoLoOnE.exe
VirusShare_dab02e5d3e48ad35962ab00324222454
VirusShare_dab02e5d3e48ad35962ab00324222454
WINSYNC.DLL
Nema komentara.. Nijedan član zajednice VirusTotala još nije prokomentirao ovu stavku. Budite prvi koji će to napraviti!

Ostavite komentar…

?
Postavi komentar

Niste prijavljeni. Samo registrirani korisnici mogu ostavljati komentare. Otvorite račun i razglasite se!

Nema glasova.. Još nitko nije glasovao za ovu stavku. Budite prvi koji će to napraviti!