× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: 2fe6189be9acc0952e25595bd55472b7d8b4332a8816bfb6e5ae1dd1dc5e2e4c
Dateiname: Setup Computer Werkzeugkiste.exe
Erkennungsrate: 2 / 68
Analyse-Datum: 2018-11-30 21:09:02 UTC ( vor 4 Monate, 3 Wochen ) Zeige Neueste
Antivirus Ergebnis Aktualisierung
McAfee-GW-Edition BehavesLike.Win32.AdwareFileTour.th 20181130
Trapmine malicious.moderate.ml.score 20181128
Ad-Aware 20181130
AegisLab 20181130
AhnLab-V3 20181130
Alibaba 20180921
ALYac 20181130
Antiy-AVL 20181130
Arcabit 20181130
Avast 20181130
Avast-Mobile 20181130
AVG 20181130
Avira (no cloud) 20181130
Babable 20180918
Baidu 20181130
BitDefender 20181130
Bkav 20181129
CAT-QuickHeal 20181130
ClamAV 20181130
CMC 20181130
Comodo 20181130
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181130
Cyren 20181130
DrWeb 20181130
eGambit 20181130
Emsisoft 20181130
Endgame 20181108
ESET-NOD32 20181130
F-Prot 20181130
F-Secure 20181130
Fortinet 20181130
GData 20181130
Ikarus 20181130
Sophos ML 20181128
Jiangmin 20181130
K7AntiVirus 20181130
K7GW 20181130
Kaspersky 20181130
Kingsoft 20181130
Malwarebytes 20181130
MAX 20181130
McAfee 20181130
Microsoft 20181130
eScan 20181130
NANO-Antivirus 20181130
Palo Alto Networks (Known Signatures) 20181130
Panda 20181130
Qihoo-360 20181130
Rising 20181130
SentinelOne (Static ML) 20181011
Sophos AV 20181130
SUPERAntiSpyware 20181128
Symantec 20181130
Symantec Mobile Insight 20181121
TACHYON 20181130
Tencent 20181130
TheHacker 20181129
TrendMicro 20181130
TrendMicro-HouseCall 20181130
Trustlook 20181130
VBA32 20181130
ViRobot 20181130
Webroot 20181130
Yandex 20181129
Zillya 20181130
ZoneAlarm by Check Point 20181130
Zoner 20181130
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright

Product Computer Werkzeugkiste
File version
Description Computer Werkzeugkiste Setup
Comments This installation was built with Inno Setup.
Packers identified
F-PROT INNO, appended, UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0000AA98
Number of sections 8
PE sections
Overlays
MD5 02d0622bc5fce7936c947c88406cebc3
File type data
Offset 450048
Size 780023
Entropy 8.00
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
CreateDirectoryA
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
LoadLibraryA
GetACP
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetLocaleInfoA
LocalAlloc
LockResource
IsDBCSLeadByte
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
CloseHandle
GetSystemDirectoryA
GetFullPathNameA
LocalFree
CreateProcessA
GetModuleFileNameA
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
GetVersion
FindResourceA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 1
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
ENGLISH US 4
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
This installation was built with Inno Setup.

LinkerVersion
2.25

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Computer Werkzeugkiste Setup

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Unicode

InitializedDataSize
407552

EntryPoint
0xaa98

MIMEType
application/octet-stream

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0.9.0

UninitializedDataSize
0

OSVersion
1.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Top-PE.de

CodeSize
41472

ProductName
Computer Werkzeugkiste

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 b29f4e5e47a7f3b890cd2b0644aa0a33
SHA1 ad032d3997f21026be76d0077908eb77ba4a6a57
SHA256 2fe6189be9acc0952e25595bd55472b7d8b4332a8816bfb6e5ae1dd1dc5e2e4c
ssdeep
24576:O7blfnNNNN6Ny1zNNNyNNNjmFHVdrNTNZN8Nt4TDRrttGv0026jZ9e/ShXRo4nTa:O75/NNNN6NyNNNNyNNNSFHLrNTNZN8Nm

authentihash 11490bec24324ddd94d0115502f82b630b7b262a2afa94bbf3a8f457da02a3a1
imphash 2fb819a19fe4dee5c03e8c6a79342f79
File size 1.2 MB ( 1230071 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (80.3%)
Win32 Executable Delphi generic (10.3%)
Win32 Executable (generic) (3.3%)
Win16/32 Executable Delphi generic (1.5%)
OS/2 Executable (generic) (1.4%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2018-11-30 21:09:02 UTC ( vor 4 Monate, 3 Wochen )
Last submission 2018-11-30 21:09:02 UTC ( vor 4 Monate, 3 Wochen )
Dateinamen Setup Computer Werkzeugkiste.exe
Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Runtime DLLs