| Info |
Matching compiler(s): |
Microsoft Visual C# v7.0 / Basic .NET
MASM/TASM - sig1(h)
.NET executable -> Microsoft
|
| Suspicious |
Strings found in the binary may indicate undesirable behavior: |
May have dropper capabilities:
- %TEMP%
- CurrentControlSet\Services
Contains another PE executable:
- This program cannot be run in DOS mode.
Contains domain names:
- 2010-aia.verisign.com
- 2010-crl.verisign.com
- Battle.net
- Sysinternals.com
- Systinternals.com
- aia.verisign.com
- crl.microsoft.com
- crl.verisign.com
- csc3-2010-aia.verisign.com
- csc3-2010-crl.verisign.com
- http://crl.microsoft.com
- http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl0Z
- http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl0
- http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
- http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z
- http://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
- http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl0X
- http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T
- http://crl.verisign.com
- http://crl.verisign.com/pca3-g5.crl04
- http://csc3-2010-aia.verisign.com
- http://csc3-2010-aia.verisign.com/CSC3-2010.cer0
- http://csc3-2010-crl.verisign.com
- http://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
- http://logo.verisign.com
- http://logo.verisign.com/vslogo.gif04
- http://ocsp.verisign.com0
- http://schemas.microsoft.com
- http://schemas.microsoft.com/winfx/2006/xaml
- http://schemas.microsoft.com/winfx/2006/xaml/presentation
- http://www.microsoft.com
- http://www.microsoft.com/PKI/docs/CPS/default.htm0
- http://www.microsoft.com/exporting
- http://www.microsoft.com/pki/certs/MicCodSigPCA_08-31-2010.crt0
- http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt0
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
- http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0
- http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0
- http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0
- http://www.microsoft.com/pkiops/Docs/Repository.htm0
- http://www.microsoft.com/pkiops/certs/MicCodSigPCA2011_2011-07-08.crt0
- http://www.microsoft.com/pkiops/certs/Microsoft%20Time-Stamp%20PCA%202010
- http://www.microsoft.com/pkiops/certs/Microsoft%20Windows%20Third%20Party%20Component%20CA%202012.crt0
- http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl0a
- http://www.microsoft.com/pkiops/crl/Microsoft%20Time-Stamp%20PCA%202010
- http://www.microsoft.com/pkiops/crl/Microsoft%20Windows%20Third%20Party%20Component%20CA%202012.crl0
- http://www.microsoft.com/pkiops/docs/primarycps.htm0
- http://www.sysinternals.com
- https://www.sysinternals.com0
- https://www.verisign.com
- https://www.verisign.com/cps0
- https://www.verisign.com/rpa
- https://www.verisign.com/rpa0
- logo.verisign.com
- microsoft.com
- schemas.microsoft.com
- sysinternals.com
- technet.microsoft.com
- verisign.com
- www.microsoft.com
- www.sysinternals.com
- www.verisign.com
|
| Info |
Cryptographic algorithms detected in the binary: |
Uses constants related to MD5
Uses constants related to SHA1
Uses constants related to SHA256
|
| Suspicious |
The PE is possibly packed. |
The PE only has 0 import(s).
|
| Suspicious |
No VirusTotal score. |
This file has never been scanned on VirusTotal.
|
82d73a645dafd501fe483f8fdb66ca006c12dbb16363b4f62647033f0df4c617