× Obsługa plików cookie w przeglądarce jest wyłączona! Ta strona wymaga włączonej obsługi plików cookie, aby działać poprawnie
SHA256: cb579063018f1ee1ea2ca6a910f44738d5977d8216cf2e0df7aca3409fe8690a
Nazwa pliku: evibzyBLD.exe
Współczynnik wykrycia: 12 / 67
Data analizy: 2018-09-04 05:51:16 UTC ( 8 miesięcy, 2 tygodnie temu ) Zobacz najnowsze
Antywirus Wynik Uaktualnij
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9989 20180904
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20180723
Cybereason malicious.d33f49 20180225
Endgame malicious (moderate confidence) 20180730
ESET-NOD32 a variant of Win32/GenKryptik.CKAW 20180904
Sophos ML heuristic 20180717
Kaspersky UDS:DangerousObject.Multi.Generic 20180904
McAfee Artemis!279C3C5D33F4 20180904
McAfee-GW-Edition Artemis!Trojan 20180904
Rising Malware.Heuristic!ET#86% (RDM+:cmRtazp5oXNDY+O4JYN3LfFAlq5X) 20180904
TrendMicro-HouseCall Suspicious_GEN.F47V0904 20180904
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180904
Ad-Aware 20180904
AegisLab 20180904
AhnLab-V3 20180903
Alibaba 20180713
ALYac 20180904
Antiy-AVL 20180904
Arcabit 20180904
Avast 20180904
Avast-Mobile 20180904
AVG 20180904
Avira (no cloud) 20180903
AVware 20180823
Babable 20180902
BitDefender 20180904
Bkav 20180831
CAT-QuickHeal 20180902
ClamAV 20180904
CMC 20180903
Comodo 20180904
Cylance 20180904
Cyren 20180904
DrWeb 20180904
eGambit 20180904
Emsisoft 20180904
F-Prot 20180904
F-Secure 20180904
Fortinet 20180904
GData 20180904
Ikarus 20180903
Jiangmin 20180904
K7AntiVirus 20180904
K7GW 20180904
Kingsoft 20180904
Malwarebytes 20180904
MAX 20180904
Microsoft 20180904
eScan 20180904
NANO-Antivirus 20180904
Palo Alto Networks (Known Signatures) 20180904
Panda 20180903
Qihoo-360 20180904
SentinelOne (Static ML) 20180830
Sophos AV 20180904
SUPERAntiSpyware 20180903
Symantec 20180904
Symantec Mobile Insight 20180831
TACHYON 20180904
Tencent 20180904
TheHacker 20180904
TrendMicro 20180904
Trustlook 20180904
VBA32 20180903
VIPRE 20180904
ViRobot 20180903
Webroot 20180904
Yandex 20180903
Zillya 20180903
Zoner 20180903
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright 2003

Product EPSControl Module
Original name EPSControl.DLL
Internal name EPSControl
File version 1, 0, 0, 1
Description EPSControl Module
Signature verification A certificate was explicitly revoked by its issuer.
Signing date 6:46 PM 9/3/2018
Signers
[+] LETCROFT LIMITED
Status Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer COMODO RSA Code Signing CA
Valid from 11:00 PM 08/09/2018
Valid to 10:59 PM 08/10/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint A3FD078325D097446E77B9F27B73A24D11867B36
Serial number 30 A3 AE ED 48 68 12 FE 78 05 BF 74 F5 0B 5A C8
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 11:00 PM 05/08/2013
Valid to 10:59 PM 05/08/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 01/19/2010
Valid to 11:59 PM 01/18/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] Certum EV TSA SHA2
Status Valid
Issuer Certum Trusted Network CA
Valid from 01:10 PM 03/08/2016
Valid to 12:10 PM 05/30/2027
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 4F8D4C480649426AEF8B86D4D5FC7932E7142D85
Serial number 00 FE 67 E4 F1 5A 24 E3 C6 0D 54 7C A0 20 C2 76 70
[+] Certum Trusted Network CA
Status Valid
Issuer Certum Trusted Network CA
Valid from 11:07 AM 10/22/2008
Valid to 12:07 PM 12/31/2029
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbrint 07E032E020B72C3F192F0628A2593A19A70F069E
Serial number 04 44 C0
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2003-09-10 19:05:20
Entry Point 0x00001AE0
Number of sections 9
PE sections
Overlays
MD5 929f2f5ce2589285ec3200dffab1102c
File type data
Offset 229376
Size 5600
Entropy 7.41
PE imports
CryptMsgGetParam
EnumFontFamiliesA
InterlockedExchange
LocalFree
RaiseException
LocalAlloc
GetLastError
FreeLibrary
LoadLibraryA
GetProcAddress
VarCyRound
RpcUserFree
GetMenuState
Ord(30)
Ord(29)
Number of PE resources by type
RT_STRING 3
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
SPANISH 5
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
EPSControl Module

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
208896

EntryPoint
0x1ae0

OriginalFileName
EPSControl.DLL

MIMEType
application/octet-stream

LegalCopyright
Copyright 2003

FileVersion
1, 0, 0, 1

TimeStamp
2003:09:10 21:05:20+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
EPSControl

ProductVersion
1, 0, 0, 1

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
20480

ProductName
EPSControl Module

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 279c3c5d33f4912d545c9e2f9fd9aa8a
SHA1 3b7dcb1cbb24759017494479846f2189d2488d35
SHA256 cb579063018f1ee1ea2ca6a910f44738d5977d8216cf2e0df7aca3409fe8690a
ssdeep
1536:g6u/ExOQ9DAl9rm+V1wbWdJetQANbXFYzKirFL/JNn3DfU2SgNMZkiZjEtoViU:RxF90l9rrnww2dVaFFbvTf7/mkiZjUof

authentihash 0218c7437266cde68e6e05482d1903cb8fb40ecb4e3e529cc9f6271dec72a4ab
imphash fcfad7a80f067b666e6fdf5cef5f3f82
File size 229.5 KB ( 234976 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
revoked-cert peexe signed overlay

VirusTotal metadata
First submission 2018-09-03 23:10:04 UTC ( 8 miesięcy, 2 tygodnie temu )
Last submission 2018-09-03 23:10:04 UTC ( 8 miesięcy, 2 tygodnie temu )
Nazwy plików evibzyBLD.exe
EPSControl.DLL
plugin.php2
EPSControl
Brak komentarzy. Żaden z członków społeczności VirusTotal nie skomentował tego. Bądź pierwszy, by to zrobić!

Skomentuj

?
Dodaj komentarz

Nie jesteś zalogowany. Tylko zarejestrowani użytkownicy mogą dodawać komentarze, zalogować się i mieć swój głos!

Brak ocen. Nikt jeszcze nie oddał swojego głosu, bądź pierwszy!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.