Report #12657 cancel

  • Creation Date: July 11, 2021, 3:04 a.m.
  • Last Update: July 11, 2021, 3:05 a.m.
  • File: rufus-3.14p.exe
  • Results:
Binary
DLL
False cancel
Size
1.12MB
trid
61.2% UPX compressed Win32 Executable
14.8% Win32 Dynamic Link Library
10.2% Win32 Executable
4.5% OS/2 Executable
4.5% Generic Win/DOS Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
c1df434cf15aeb31783e1144b8a30059
sha1
1c385ec41d5f20ab411bd20e792ad8e7da7feaf9
crc32
0x82b2875e
sha224
dd7669c8dca7a8cde79e883feb15e4f86389d57f66d2bbadb4bd5cf9
sha256
c0ccf4f480545b50169cc1f5bf92b357ce588520cb8534128200ca48fc6ae588
sha384
efe45722a374ada52895ce24ff5b583b553eaf191f4b0d8e6f8be6bcd94250e76fc2c965f9f1c69bf085c6eec9cf2204
sha512
7dcdd37b831c3e6d54ea5cb74e5308ead0ac3a344a94f40d70b1ad72746a830d0109ed3ddebd4fa6dc8a3cd8352545dd81164a1cff6fdbbcc9ed3312ecbe76f4
ssdeep
24576:g8wnf/FU0nBI1gbXfrnSuEw239Bwyu+4WVIBjP0q/E8kw2hd27:g5NlBI1gbmHw+BLu+5Il8qpb2hU
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
UPX_v30_EXE_LZMA_Markus_Oberhumer_Laszlo_Molnar_John_Reiser_additional, UPX_wwwupxsourceforgenet, screenshot, UPX_wwwupxsourceforgenet_additional, url, IP, contentis_base64, domain, yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h, IsPacked, HasOverlay, UPX_v30_EXE_LZMA_Markus_Oberhumer_Laszlo_Molnar_John_Reiser, UPX_302, UPX, IsPE32, IsWindowsGUI

Suspicious
True check_circle

Strings
List


Foremost
Matches
0.exe, 1 MB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed: http://schemas.microsoft.com/smi/2016/windowssettings, http://schemas.microsoft.com/smi/2005/windowssettings, http://schemas.microsoft.com/smi/2019/windowssettings
hasURLs: True check_circle
Suspicious: http://s.symcb.com/universal-root.crl0, https://d.symcb.com/cps0%, http://ocsp.comodoca.com0, https://secure.comodo.net/cps0c, https://rufus.ie, http://s.symcd.com06, http://crl.comodoca.com/comodorsacertificationauthority.crl0q, http://crl.comodoca.com/comodorsacodesigningca.crl0t, https://www.gnu.org/licenses/gpl-3.0.html, http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(, http://crt.comodoca.com/comodorsaaddtrustca.crt0$, http://ts-ocsp.ws.symantec.com0;, https://d.symcb.com/rpa0@, https://d.symcb.com/rpa0., http://crt.comodoca.com/comodorsacodesigningca.crt0$, http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
hasAllowed: True check_circle
hasSuspicious: True check_circle

Files
Allowed: ADVAPI32.dll, SHLWAPI.dll, msvcrt.dll, COMDLG32.DLL, SHELL32.dll, GDI32.dll, COMCTL32.DLL, KERNEL32.DLL, ole32.dll, CRYPT32.dll, USER32.dll, WINTRUST.dll, SETUPAPI.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 45056
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 4096
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 1194291
Suspicous: False cancel

Sections
Allowed: .rsrc
Suspicious: upx0, upx1
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: True check_circle

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: False cancel
Suspicious: 4
Linker
Version: 2.36
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 3430080
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: advapi32.dll, shlwapi.dll, msvcrt.dll, comdlg32.dll, shell32.dll, gdi32.dll, comctl32.dll, kernel32.dll, ole32.dll, crypt32.dll, user32.dll, wintrust.dll, setupapi.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: True check_circle
Valid: True check_circle
Value: 1969-12-31 21:00:00
Future: False cancel

Compilation
Packed: True check_circle
Missing: False cancel
Packers: UPX v3.0 (EXE_LZMA) -> Markus Oberhumer & Laszlo Molnar & John Reiser, UPX -> www.upx.sourceforge.net
Compiled: False cancel
Compilers

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
none: 1107
.rsrc: 1

pushpopmath
none: 632
.rsrc: 4

ss register
none: 14

garbagebytes
none: 397

hookdetection
none: 48

software breakpoint
none: 39
.rsrc: 1

fakeconditionaljumps
none: 28

programcontrolflowchange
none: 373

cpuinstructionsresultscomparison
none: 9
.rsrc: 3

AVclass
None
1
VirusTotal
md5
c1df434cf15aeb31783e1144b8a30059
sha1
1c385ec41d5f20ab411bd20e792ad8e7da7feaf9
SCANS (DETECTION RATE = 0.00%)
CMC
update: 20210624
version: 2.10.2019.1
detected: False cancel

MAX
update: 20210710
version: 2019.9.16.1
detected: False cancel

APEX
update: 20210710
version: 6.185
detected: False cancel

Bkav
update: 20210710
version: 1.3.0.9899
detected: False cancel

K7GW
update: 20210710
version: 11.192.37693
detected: False cancel

ALYac
update: 20210710
version: 1.1.3.1
detected: False cancel

Avast
update: 20210710
version: 21.1.5827.0
detected: False cancel

Avira
update: 20210710
version: 8.3.3.12
detected: False cancel

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cynet
update: 20210710
version: 4.0.0.27
detected: False cancel

Cyren
update: 20210710
version: 6.3.0.2
detected: False cancel

DrWeb
update: 20210710
version: 7.0.49.9080
detected: False cancel

GData
update: 20210710
version: A:25.30238B:27.23671
detected: False cancel

Panda
update: 20210710
version: 4.6.4.2
detected: False cancel

VBA32
update: 20210709
version: 5.0.0
detected: False cancel

VIPRE
update: 20210710
version: 93908
detected: False cancel

Zoner
update: 20210709
version: 0.0.0.0
detected: False cancel

ClamAV
update: 20210710
version: 0.103.3.0
detected: False cancel

Comodo
update: 20210710
version: 33699
detected: False cancel

Ikarus
update: 20210710
version: 0.1.5.2
detected: False cancel

Lionic
update: 20210710
version: 4.2
detected: False cancel

McAfee
update: 20210710
version: 6.0.6.653
detected: False cancel

Rising
update: 20210710
version: 25.0.0.26
detected: False cancel

Sophos
update: 20210710
version: 1.3.0.0
detected: False cancel

Yandex
update: 20210709
version: 5.5.2.24
detected: False cancel

Zillya
update: 20210709
version: 2.0.0.4405
detected: False cancel

Acronis
update: 20210512
version: 1.1.1.82
detected: False cancel

Alibaba
update: 20190527
version: 0.3.0.5
detected: False cancel

Arcabit
update: 20210710
version: 1.0.0.886
detected: False cancel

Cylance
update: 20210710
version: 2.3.1.101
detected: False cancel

Elastic
update: 20210710
version: 4.0.25
detected: False cancel

FireEye
update: 20210710
version: 32.44.1.0
detected: False cancel

Sangfor
update: 20210625
version: 2.9.0.0
detected: False cancel

TACHYON
update: 20210710
version: 2021-07-10.02
detected: False cancel

Tencent
update: 20210710
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20210710
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20210710
version: 1.0.0.403
detected: False cancel

Ad-Aware
update: 20210710
version: 3.0.21.179
detected: False cancel

Emsisoft
update: 20210710
version: 2018.12.0.1641
detected: False cancel

F-Secure
update: 20210710
version: 12.0.86.52
detected: False cancel

Fortinet
update: 20210710
version: 6.2.142.0
detected: False cancel

Jiangmin
update: 20210709
version: 16.0.100
detected: False cancel

Kingsoft
update: 20210710
version: 2017.9.26.565
detected: False cancel

Paloalto
update: 20210710
version: 1.0
detected: False cancel

Symantec
update: 20210710
version: 1.15.0.0
detected: False cancel

AhnLab-V3
update: 20210710
version: 3.20.3.10145
detected: False cancel

Antiy-AVL
update: 20210710
version: 3.0.0.1
detected: False cancel

Kaspersky
update: 20210710
version: 21.0.1.45
detected: False cancel

MaxSecure
update: 20210710
version: 1.0.0.1
detected: False cancel

Microsoft
update: 20210710
version: 1.1.18300.4
detected: False cancel

Qihoo-360
update: 20210710
version: 1.0.0.1300
detected: False cancel

ZoneAlarm
update: 20210710
version: 1.0
detected: False cancel

Cybereason
update: 20210330
version: 1.2.449
detected: False cancel

ESET-NOD32
update: 20210710
version: 23605
detected: False cancel

Gridinsoft
update: 20210710
version: 1.0.47.140
detected: False cancel

TrendMicro
update: 20210710
version: 11.0.0.1006
detected: False cancel

BitDefender
update: 20210710
version: 7.2
detected: False cancel

CrowdStrike
update: 20210203
version: 1.0
detected: False cancel

K7AntiVirus
update: 20210710
version: 11.192.37693
detected: False cancel

SentinelOne
update: 20210703
version: 5.2.0.9
detected: False cancel

Malwarebytes
update: 20210710
version: 4.2.2.27
detected: False cancel

CAT-QuickHeal
update: 20210710
version: 14.00
detected: False cancel

NANO-Antivirus
update: 20210710
version: 1.0.146.25311
detected: False cancel

BitDefenderTheta
update: 20210702
version: 7.2.37796.0
detected: False cancel

MicroWorld-eScan
update: 20210710
version: 14.0.409.0
detected: False cancel

SUPERAntiSpyware
update: 20210710
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
update: 20210710
version: v2019.1.2+3728
detected: False cancel

TrendMicro-HouseCall
update: 20210710
version: 10.0.0.1040
detected: False cancel

total
68
sha256
c0ccf4f480545b50169cc1f5bf92b357ce588520cb8534128200ca48fc6ae588
scan_id
c0ccf4f480545b50169cc1f5bf92b357ce588520cb8534128200ca48fc6ae588-1625954807
resource
c1df434cf15aeb31783e1144b8a30059
positives
0
scan_date
2021-07-10 22:06:47
verbose_msg
Scan finished, information embedded
response_code
1