× الكوكيز معطل! هذا الموقع يتطلب تمكين الكوكيز للعمل بشكل صحيح
SHA256: a79ad94a093682d29bc9d93b69758d76d9e6cdadc212ce4255dcddcb76dbbf42
إسم الملف: u.exe
نسبة الفحص: 0 / 62
تاريخ الفحص 2017-03-19 05:38:57 UTC ( 1 شهر، 1 أسبوع مضت )
Probably harmless! There are strong indicators suggesting that this file is safe to use.
مكافح الفيروسات النتيجة التحديث
Ad-Aware 20170319
AegisLab 20170319
AhnLab-V3 20170318
Alibaba 20170228
ALYac 20170319
Antiy-AVL 20170319
Arcabit 20170319
Avast 20170319
AVG 20170319
Avira (no cloud) 20170318
AVware 20170319
Baidu 20170318
BitDefender 20170319
Bkav 20170318
CAT-QuickHeal 20170318
ClamAV 20170318
CMC 20170317
Comodo 20170319
CrowdStrike Falcon (ML) 20170130
Cyren 20170319
DrWeb 20170319
Emsisoft 20170319
Endgame 20170317
ESET-NOD32 20170319
F-Prot 20170319
F-Secure 20170319
Fortinet 20170319
GData 20170319
Ikarus 20170318
Invincea 20170203
Jiangmin 20170319
K7AntiVirus 20170318
K7GW 20170319
Kaspersky 20170319
Kingsoft 20170319
Malwarebytes 20170319
McAfee 20170319
McAfee-GW-Edition 20170319
Microsoft 20170319
eScan 20170319
NANO-Antivirus 20170319
nProtect 20170319
Palo Alto Networks (Known Signatures) 20170319
Panda 20170318
Qihoo-360 20170319
Rising 20170318
SentinelOne (Static ML) 20170315
Sophos 20170319
SUPERAntiSpyware 20170319
Symantec 20170318
Tencent 20170319
TheHacker 20170318
TotalDefense 20170319
TrendMicro 20170319
TrendMicro-HouseCall 20170319
Trustlook 20170319
VBA32 20170317
VIPRE 20170319
ViRobot 20170319
Webroot 20170319
WhiteArmor 20170315
Yandex 20170318
Zillya 20170317
ZoneAlarm by Check Point 20170319
Zoner 20170319
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
www.shockingsoft.com

Product Auto Clicker by Shocker
File version Auto Clicker by Shoc
Description Auto Clicker by Shocker
Comments This installation was built with Inno Setup.
Signature verification Certificate out of its validity period
Signers
[+] Yang Cai
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer StartCom Class 2 Primary Intermediate Object CA
Valid from 4:06 PM 4/5/2012
Valid to 12:49 PM 4/7/2014
Valid usage Code Signing, 1.3.6.1.4.1.311.2.1.21, Lifetime Signing
Algorithm sha1RSA
Thumbprint 0CCF36D41A005C12371DF0FD7EE2630CD021BBCD
Serial number 05 C1
[+] StartCom Class 2 Primary Intermediate Object CA
Status Valid
Issuer StartCom Certification Authority
Valid from 11:01 PM 10/24/2007
Valid to 11:01 PM 10/24/2017
Valid usage All
Algorithm sha1RSA
Thumbprint D893C4F678F891F2823CD078AA5E1C48FD1DA225
Serial number 24
[+] StartCom Certification Authority
Status Valid
Issuer StartCom Certification Authority
Valid from 8:46 PM 9/17/2006
Valid to 8:46 PM 9/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbprint 3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F
Serial number 01
Counter signers
[+] GlobalSign Time Stamping Authority
Status The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer GlobalSign Timestamping CA
Valid from 10:32 AM 12/21/2009
Valid to 10:32 AM 12/22/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint AEDF7DF76BBA2410D67DBAF18F5BA15B417E496C
Serial number 01 00 00 00 00 01 25 B0 B4 CC 01
[+] GlobalSign Timestamping CA
Status Valid
Issuer GlobalSign Root CA
Valid from 12:00 PM 3/18/2009
Valid to 1:00 PM 1/28/2028
Valid usage All
Algorithm sha1RSA
Thumbrint 958D23902D5448314F2F811034356A58255CDC9B
Serial number 04 00 00 00 00 01 20 19 C1 90 66
[+] GlobalSign
Status Valid
Issuer GlobalSign Root CA
Valid from 1:00 PM 9/1/1998
Valid to 1:00 PM 1/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbrint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
Packers identified
F-PROT INNO
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00009C40
Number of sections 8
PE sections
Overlays
MD5 aadc18dab3997b8a76313c705c7a9486
File type data
Offset 54272
Size 824840
Entropy 8.00
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
CreateDirectoryA
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetLocaleInfoA
LocalAlloc
LockResource
IsDBCSLeadByte
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
CloseHandle
GetACP
GetFullPathNameA
LocalFree
CreateProcessA
GetModuleFileNameA
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
FindResourceA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 4
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
DUTCH 4
ENGLISH US 3
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
This installation was built with Inno Setup.

LinkerVersion
2.25

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
3.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
17920

EntryPoint
0x9c40

MIMEType
application/octet-stream

LegalCopyright
www.shockingsoft.com

FileVersion
Auto Clicker by Shoc

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

ProductVersion
V3.0

FileDescription
Auto Clicker by Shocker

OSVersion
1.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
shockingsoft.com

CodeSize
37888

ProductName
Auto Clicker by Shocker

ProductVersionNumber
3.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 ab911567e1e2cd12afa8c7b34c49124a
SHA1 bc81ac8aa04b92e7d5c66062f45fc0b5c0806cf4
SHA256 a79ad94a093682d29bc9d93b69758d76d9e6cdadc212ce4255dcddcb76dbbf42
ssdeep
24576:0naTk8XeZPcV/EH5vgxSY311pIrwESkS3rJQBtUkBgqX:0aAUeNcVIY3ewVinXBgu

authentihash dd188a425e1d9b1f9717b3616e8fb2b9b2f1d4610b447f3353b891a436bd6177
imphash 884310b1928934402ea6fec1dbd3cf5e
File size 858.5 ك.ب ( 879112 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (77.7%)
Win32 Executable Delphi generic (10.0%)
Win32 Dynamic Link Library (generic) (4.6%)
Win32 Executable (generic) (3.1%)
Win16/32 Executable Delphi generic (1.4%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2012-07-31 20:34:20 UTC ( 4 سنوات، 8 أشهر مضت )
Last submission 2017-03-19 05:38:57 UTC ( 1 شهر، 1 أسبوع مضت )
أسماء الملفات file-5751621_exe
ab911567e1e2cd12afa8c7b34c49124a.bc81ac8aa04b92e7d5c66062f45fc0b5c0806cf4
14A6205A08FA98DF6A810D495314E400A468E427.exe
AutoClickerShocker-Setup (1).exe
Auto Clicker Hack.exe
u.exe
filename
Auto Clicker v3.exe
AutoClickerShocker-Setup.exe
octet-stream
AutoClickerShocker-Setup.exe
AutoClickerShocker-Setup.exe
freerunning01012.exe
AutoClickerShocker-Setup--------------.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
لا توجد تعليقات. لا يوجد أحد من أعضاء مجتمع فايروس توتال قام بالتعليق على هذا الملف حتى الآن، كٌن اول شخص يفعل ذلك!

أترك تعليقك...

?
إضافة تعليق

لم تقم بتسجيل الدخول.فقط الأعضاء المسجلون لدينا يملكون صلاحية الرد, قم بتسجيل الدخول وشارك بصوتك !

لا توجد تصويتات. لا احد صوت على هذا الملف من قبل، كٌن اول شخص يفعل ذلك!