× Cookies estão desativados! Este site requer que os cookies estejam habilitados para funcionar corretamente
SHA256: ae056f2d42c45fe162793a816ddf75ee6bb6bd45e0266f80130c2c2badbe7a22
Nome do arquivo: SFInstaller_ASG_aresgalaxy_11015365_.exe
Taxa de detecção: 3 / 41
Data da análise: 2014-03-11 18:26:22 UTC ( 4 anos, 10 meses atrás ) Visualizar últimos
Antivírus Resultado Atualização
ESET-NOD32 a variant of Win32/Bundled.Toolbar.Ask.D 20140311
Malwarebytes PUP.Optional.Spigot.A 20140311
NANO-Antivirus Trojan.Win32.Downware.crduvi 20140311
Ad-Aware 20140311
Yandex 20140311
AhnLab-V3 20140311
AntiVir 20140311
Antiy-AVL 20140311
Avast 20140311
AVG 20140309
Baidu-International 20140311
BitDefender 20140311
Bkav 20140311
ByteHero 20140227
CAT-QuickHeal 20140311
ClamAV 20140310
CMC 20140307
Commtouch 20140311
Comodo 20140311
DrWeb 20140311
Emsisoft 20140311
F-Prot 20140311
F-Secure 20140311
Fortinet 20140311
GData 20140311
Ikarus 20140311
Jiangmin 20140311
K7AntiVirus 20140311
K7GW 20140311
Kaspersky 20140311
Kingsoft 20140311
McAfee 20140311
McAfee-GW-Edition 20140311
Microsoft 20140311
eScan 20140311
Norman 20140311
nProtect 20140311
Panda 20140311
Qihoo-360 20140302
Rising 20140311
Sophos AV 20140311
SUPERAntiSpyware 20140311
Symantec 20140311
TheHacker 20140311
TotalDefense 20140311
TrendMicro 20140311
TrendMicro-HouseCall 20140311
VBA32 20140311
VIPRE 20140311
ViRobot 20140311
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
2010 (c) Ask.com. All rights reserved.

Product Offercast - APN Install Manager
Original name AskInstaller.exe
Internal name AskInstaller.exe
File version 2.8.0.2
Description Offercast - APN Install Manager
Signature verification Signed file, verified signature
Signing date 1:51 AM 7/23/2013
Signers
[+] Ask.com
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 6/20/2011
Valid to 12:59 AM 6/19/2014
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 6A67AEA201E76B8957B837D5C20645B0243FDA7E
Serial number 09 65 F2 AC 72 36 C7 E1 BD CA 44 ED 13 9B 27 3A
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-07-23 00:50:52
Entry Point 0x00074993
Number of sections 5
PE sections
Overlays
MD5 6df24fb5e87de19b04fbd29d267f29cd
File type data
Offset 1011712
Size 6552
Entropy 7.30
PE imports
GetTokenInformation
RegCreateKeyExW
RegDeleteValueW
CryptReleaseContext
RegCloseKey
RegNotifyChangeKeyValue
OpenProcessToken
RegSetValueExW
CryptGetHashParam
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
CryptAcquireContextW
RegDeleteKeyW
CryptHashData
RegQueryInfoKeyW
ConvertSidToStringSidW
CryptDestroyHash
CryptCreateHash
ImageList_GetIconSize
InitCommonControlsEx
ImageList_Destroy
_TrackMouseEvent
CertFreeCertificateContext
CertCloseStore
CryptQueryObject
CertFindCertificateInStore
CryptMsgClose
CertGetNameStringW
CryptMsgGetParam
CryptDecodeObject
GetDIBColorTable
CreateFontIndirectW
GetDeviceCaps
DeleteDC
SetBkMode
CreateFontW
DeleteObject
GetObjectW
BitBlt
CreateDIBSection
SetTextColor
GetStockObject
CreateCompatibleDC
StretchBlt
SelectObject
SetDIBColorTable
GetTextColor
CreateSolidBrush
DPtoLP
SetBkColor
GetBkColor
CreateCompatibleBitmap
GetPrivateProfileSectionNamesA
GetStdHandle
ReleaseMutex
InterlockedPopEntrySList
WaitForSingleObject
HeapDestroy
EncodePointer
GetFileAttributesW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
GetSystemDefaultLCID
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
GetProcAddress
InterlockedExchange
FindResourceExW
GetTimeZoneInformation
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
LocalFree
FormatMessageW
ResumeThread
InterlockedPushEntrySList
InitializeCriticalSection
OutputDebugStringW
GlobalHandle
FindClose
TlsGetValue
OutputDebugStringA
SetLastError
InterlockedDecrement
CopyFileW
lstrcpynW
LoadResource
RemoveDirectoryW
IsDebuggerPresent
ExitProcess
lstrcmpiW
HeapSetInformation
EnumSystemLocalesA
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
FlushInstructionCache
GetPrivateProfileStringW
CreateThread
GetPrivateProfileSectionA
GetExitCodeThread
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
TerminateProcess
VirtualQuery
GetDiskFreeSpaceExW
SetEndOfFile
SetWaitableTimer
LeaveCriticalSection
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
LoadLibraryW
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
GetModuleHandleW
RtlUnwind
FreeLibrary
GetDateFormatA
GetWindowsDirectoryW
OpenProcess
DeleteFileA
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
CreateWaitableTimerW
CompareStringW
lstrcpyW
GetModuleFileNameW
lstrcmpA
FindNextFileW
GetCurrentThreadId
GetTimeFormatA
FindFirstFileW
IsValidLocale
lstrcmpW
WaitForMultipleObjects
CreateFileMappingW
GetTempPathW
GetCurrentDirectoryW
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
FindResourceW
GetEnvironmentStringsW
GlobalUnlock
GlobalAlloc
lstrlenW
WinExec
Process32NextW
VirtualFree
CancelWaitableTimer
SizeofResource
CompareFileTime
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
InterlockedCompareExchange
Process32FirstW
SuspendThread
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GlobalLock
GetVersion
IsValidCodePage
HeapCreate
WriteFile
CreateProcessW
Sleep
VirtualAlloc
GetOEMCP
TransparentBlt
AlphaBlend
VarUI4FromStr
OleCreateFontIndirect
LoadRegTypeLib
SysStringLen
SysAllocStringLen
CreateErrorInfo
SysStringByteLen
DispCallFunc
VariantClear
SysAllocString
VarBstrCmp
VariantCopy
SetErrorInfo
LoadTypeLib
SysFreeString
SysAllocStringByteLen
VariantInit
UuidCreate
UuidToStringW
RpcStringFreeW
SHGetFolderPathW
Ord(155)
Ord(190)
Shell_NotifyIconW
ShellExecuteW
SHOpenFolderAndSelectItems
SHGetSpecialFolderPathW
StrCmpW
AssocQueryStringW
PathFileExistsW
RedrawWindow
GetMessagePos
LoadBitmapW
MoveWindow
SetWindowPos
IsWindow
EndPaint
GetDC
GetCursorPos
MapDialogRect
GetDlgCtrlID
SendMessageW
UnregisterClassA
GetClientRect
SetWindowContextHelpId
AllowSetForegroundWindow
DrawTextW
LoadImageW
GetActiveWindow
GetWindowTextW
GetWindowTextLengthW
InvalidateRgn
DestroyWindow
GetClassInfoExW
UpdateWindow
ShowWindow
PeekMessageW
EnableWindow
TranslateMessage
IsWindowEnabled
GetWindow
LoadStringW
DrawFocusRect
SetTimer
FillRect
CreateAcceleratorTableW
CreateWindowExW
ReleaseDC
GetWindowLongW
CharNextW
IsChild
SetFocus
RegisterWindowMessageW
GetMonitorInfoW
BeginPaint
OffsetRect
DefWindowProcW
KillTimer
MapWindowPoints
GetParent
GetSystemMetrics
SetWindowLongW
GetWindowRect
SetCapture
ReleaseCapture
SendDlgItemMessageW
PostMessageW
PtInRect
SetWindowTextW
GetDlgItem
ClientToScreen
DialogBoxIndirectParamW
DestroyAcceleratorTable
GetDesktopWindow
SetWindowsHookExW
LoadCursorW
DispatchMessageW
SetForegroundWindow
CharLowerBuffW
SetLayeredWindowAttributes
EndDialog
FindWindowW
GetCapture
ScreenToClient
GetWindowThreadProcessId
MessageBoxW
GetMenu
RegisterClassExW
UnhookWindowsHookEx
SetRectEmpty
AdjustWindowRectEx
GetSysColor
DestroyIcon
SystemParametersInfoW
MonitorFromWindow
InvalidateRect
CallWindowProcW
GetClassNameW
GetFocus
SetCursor
SetWindowTheme
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
HttpQueryInfoW
InternetGetCookieW
InternetConnectW
InternetReadFile
InternetCloseHandle
InternetCrackUrlW
InternetSetCookieW
InternetSetOptionW
HttpSendRequestW
InternetOpenW
DeleteUrlCacheEntryW
HttpOpenRequestW
WinVerifyTrust
setsockopt
socket
recvfrom
inet_addr
getprotobyname
WSAStartup
gethostbyname
sendto
inet_ntoa
gethostbyaddr
WSAGetLastError
GdipCreateBitmapFromScan0
GdiplusShutdown
GdipGetImagePalette
GdipFree
GdipCreateBitmapFromFile
GdipBitmapUnlockBits
GdipGetImageHeight
GdipGetImageWidth
GdipAlloc
GdipDisposeImage
GdipCloneImage
GdipBitmapLockBits
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipDrawImageI
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdiplusStartup
Ord(70)
ProgIDFromCLSID
OleUninitialize
CLSIDFromString
CoInitialize
CoTaskMemAlloc
CreateStreamOnHGlobal
CoTaskMemRealloc
CLSIDFromProgID
OleLockRunning
CoInitializeSecurity
CoUninitialize
CoInitializeEx
CoCreateInstance
OleInitialize
CoTaskMemFree
StringFromGUID2
CoGetClassObject
URLDownloadToFileW
Number of PE resources by type
RT_ICON 5
BKG 4
RT_BITMAP 4
RT_DIALOG 3
JAVASCRIPT 3
XML 2
RT_MANIFEST 2
RT_STRING 2
TYPELIB 1
RT_VERSION 1
HTM 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 19
ENGLISH US 10
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

InitializedDataSize
398336

ImageVersion
0.0

ProductName
Offercast - APN Install Manager

FileVersionNumber
2.8.0.2

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
10.0

FileTypeExtension
exe

OriginalFileName
AskInstaller.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.8.0.2

TimeStamp
2013:07:23 01:50:52+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
AskInstaller.exe

ProductVersion
2.8.0.2

FileDescription
Offercast - APN Install Manager

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
2010 (c) Ask.com. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Ask.com

CodeSize
612352

FileSubtype
0

ProductVersionNumber
2.8.0.2

EntryPoint
0x74993

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
Compressed bundles
File identification
MD5 49cd4c92eca4bb4474aad560ecead4a7
SHA1 1c7e7a423243c1478980c410a85e66d173f3554c
SHA256 ae056f2d42c45fe162793a816ddf75ee6bb6bd45e0266f80130c2c2badbe7a22
ssdeep
24576:u1Exan+PnAgY7brmWJtnvVFLdg8tY6YfsNQoby/CB:uhcnLYyWJtnvVFZtXYfsNzy/CB

authentihash 34088a9a6017e60fbde82e9b16636c03c49217f71c88ceabc27fd9c676de963f
imphash d40e9f85aeb6429e855355c1cca15021
File size 994.4 KB ( 1018264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2013-07-24 16:36:20 UTC ( 5 anos, 6 meses atrás )
Last submission 2018-07-03 10:12:22 UTC ( 6 meses, 2 semanas atrás )
Nomes do arquivo output.44879366.txt
16767229
test.exe
38353003
output.38353003.txt
624-SFInstaller_ASG_aresgalaxy_9933997_.exe
746b7a0eea02d17375efa08fbb6478d1.exe
SFInstaller_AS
sfinstaller_asg_aresgalaxy_11785577.exe
SFInstaller_ASG_aresgalaxy_8896843_.exe
aresregular224installer.exe
SFInstaller_ASG_aresgalaxy_11785577_+%281%29.exe
22461-674616-ares.exe
1.exe
SFInstaller_ASG_aresgalaxy_11785577_.exe.part
13529701
SFInstaller_ASG_aresgalaxy_11785577_.exe%26amp%3Bfor_html_installer%3D1%26amp%3Bsr%3D1%26amp%3Binstaller_file_name%3Dares%26amp%3Bfilesize%3D995
output.22736753.txt
49cd4c92eca4bb4474aad560ecead4a7_INFA914.tmp
get-getaresregular224installer.exe
22461-673901-ares.exe
output.24051133.txt
get-aresregular224installer.exe
64748405
64748403
Behaviour characterization
Zemana
dll-injection

Sem comentários. Ainda nenhum membro da Comunidade VirusTotal comentou este item, seja o primeiro!

Deixe o seu comentário...

?
Postar comentário

Você ainda não entrou. Apenas usuários registrados podem comentar, entre e expresse-se!

Sem votos. Ainda nenhum usuário votou neste item, seja o primeiro!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Set keys
Deleted keys
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications