home

qnut42s3.exe

CertChain

Governmental

Publisher:
Iran Center for eCommerce Development  (signed by Governmental)

Product:
CertChain

Description:
LatestCertChain

Version:
1.0.0.1

MD5:
d3a6c796c4d688c8e19299a551ff06a8

SHA-1:
a6c537517645e0c24e6dddc4ddb4cafbbfd89d1f

SHA-256:
fbde990938ef86bd64f29d7715111d8f4935ab8c6eed7ceae285b7733d902dff

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/26/2024 4:47:19 AM UTC  (today)

Scan engine
Detection
Engine version

Trend Micro House Call
TROJ_GEN.F47V0330
7.2.158

File size:
65.9 KB (67,512 bytes)

Product version:
1.0.0.1

Copyright:
Copyright © Iran Center for eCommerce Development

Original file name:
LatestCertChain.exe

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\qnut42s3.exe.part

Digital Signature
Signed by:
Governmental

Authority:
I.R. Government

Valid from:
12/9/2012 11:16:05 AM

Valid to:
12/9/2013 11:16:05 AM

Subject:
CN=Iran Center for eCommerce Development, SERIALNUMBER=14000405500, OU=Non-Individual Level 2 (Silver), OU=Iran Center for eCommerce Development, O=Governmental, C=IR

Issuer:
CN=GICA Code Sign-Silver(L2), OU=General Intermediate CA, OU=Iran Center for e-Commerce Development, OU=Ministry of Industry Mine and Trade, O=I.R. Government, C=IR

Serial number:
1D66D47B000000000004

File PE Metadata
Compilation timestamp:
3/12/2013 10:56:49 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:rFLhth2inVrfHm6dyW8XQASAg6+FAUsLsUtGSJnqlWYWFnDtcqWFny:rFFtoinbdyByArIUhlHYWFnDOqWFny

Entry address:
0x9C4E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.1768

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
31.5 KB (32,256 bytes)

The file qnut42s3.exe has been seen being distributed by the following URL.

http://www.gica.ir/MFPortal/APP_Client/UserFiles/.../LatestCertChain.exe

Scan qnut42s3.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.