× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: 492d0f37a24271466d79676429059c114e95bf58953c00ded0f07c50def02467
Dateiname: eDell Certificate Uninstaller - CHIP-Installer.exe
Erkennungsrate: 6 / 55
Analyse-Datum: 2015-11-24 20:36:08 UTC ( vor 3 Jahre, 3 Monate ) Zeige Neueste
Antivirus Ergebnis Aktualisierung
CAT-QuickHeal PUA.Chipdigita1.Gen 20151124
ESET-NOD32 a variant of Win32/DownloadSponsor.C potentially unwanted 20151124
K7GW Hacktool ( 655367771 ) 20151124
McAfee Artemis!9B6C9B2660E2 20151124
McAfee-GW-Edition Artemis!Trojan 20151124
Qihoo-360 HEUR/QVM11.1.Malware.Gen 20151124
Ad-Aware 20151124
AegisLab 20151124
Yandex 20151124
AhnLab-V3 20151124
Alibaba 20151124
ALYac 20151124
Antiy-AVL 20151124
Arcabit 20151124
Avast 20151201
AVG 20151124
Avira (no cloud) 20151124
AVware 20151124
Baidu-International 20151124
BitDefender 20151124
Bkav 20151124
ByteHero 20151124
ClamAV 20151124
CMC 20151124
Comodo 20151124
Cyren 20151124
DrWeb 20151124
Emsisoft 20151124
F-Prot 20151124
F-Secure 20151124
Fortinet 20151124
GData 20151124
Ikarus 20151124
Jiangmin 20151123
K7AntiVirus 20151124
Kaspersky 20151201
Malwarebytes 20151124
Microsoft 20151130
eScan 20151124
NANO-Antivirus 20151124
nProtect 20151124
Panda 20151124
Rising 20151124
Sophos AV 20151124
SUPERAntiSpyware 20151124
Symantec 20151124
Tencent 20151124
TheHacker 20151121
TrendMicro 20151124
TrendMicro-HouseCall 20151124
VBA32 20151124
VIPRE 20151124
ViRobot 20151124
Zillya 20151123
Zoner 20151124
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2015 Chip Digital GmbH

Publisher CHIP Digital GmbH
File version 1.1.5.5
Description CHIP Secured Installer
Comments CHIP Secured Installer
Signature verification Signed file, verified signature
Signers
[+] CHIP Digital GmbH
Status Valid
Issuer None
Valid from 1:00 AM 1/7/2015
Valid to 1:00 PM 2/24/2016
Valid usage Code Signing
Algorithm 1.2.840.113549.1.1.11
Thumbprint C9CEA07C7BB1F9FB310F46751BD7673AFD9795EF
Serial number 01 A0 C3 E3 BC 06 9F 71 B4 64 AA D3 40 63 E2 09
[+] DigiCert SHA2 Assured ID Code Signing CA
Status Valid
Issuer None
Valid from 1:00 PM 10/22/2013
Valid to 1:00 PM 10/22/2028
Valid usage Code Signing
Algorithm 1.2.840.113549.1.1.11
Thumbprint 92C1588E85AF2201CE7915E8538B492F605B80C6
Serial number 04 09 18 1B 5F D5 BB 66 75 53 43 B5 6F 95 50 08
[+] DigiCert
Status Valid
Issuer None
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm SHA1
Thumbprint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
Packers identified
F-PROT AutoIt, UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-10-30 09:29:35
Entry Point 0x001E6900
Number of sections 3
PE sections
Overlays
MD5 d358edcbbafea03973fbba8c1fd82729
File type data
Offset 1463296
Size 3360
Entropy 7.26
PE imports
ImageList_Remove
GetSaveFileNameW
LineTo
IcmpSendEcho
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
WNetUseConnectionW
VariantInit
GetProcessMemoryInfo
DragFinish
LoadUserProfileW
IsThemeActive
VerQueryValueW
FtpOpenFileW
timeGetTime
CoGetObject
Number of PE resources by type
RT_STRING 7
RT_RCDATA 6
RT_ICON 1
RT_MANIFEST 1
RT_MENU 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH UK 10
GERMAN 7
NEUTRAL 1
PE resources
ExifTool file metadata
SubsystemVersion
5.1

Comments
CHIP Secured Installer

LinkerVersion
11.0

ImageVersion
0.0

FileVersionNumber
1.1.5.5

UninitializedDataSize
1646592

LanguageCode
German

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
1122304

EntryPoint
0x1e6900

MIMEType
application/octet-stream

LegalCopyright
Copyright 2015 Chip Digital GmbH

FileVersion
1.1.5.5

TimeStamp
2015:10:30 10:29:35+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.1.5.5

FileDescription
CHIP Secured Installer

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
344064

FileSubtype
0

ProductVersionNumber
1.1.5.5

FileTypeExtension
exe

ObjectFileType
Unknown

File identification
MD5 8f8f77d3b462e49f82369d6373d58353
SHA1 9e16d859af3e8ab1ad6618fced1bc3e48e096c1d
SHA256 492d0f37a24271466d79676429059c114e95bf58953c00ded0f07c50def02467
ssdeep
24576:eq5TfcdHj4fmbqOY2qX70smVkVMyO7BlWEWEzKJ9TtLs2l0llFJ+o0zQJ9TtDi8j:eUTsamVYxele5YlF55l

authentihash 7a33fb26de4686aeacfe56b08c6127b38c2f021f0871946a450c695ba711f402
imphash ef471c0edf1877cd5a881a6a8bf647b9
File size 1.4 MB ( 1466656 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (46.5%)
Win32 EXE Yoda's Crypter (40.4%)
Win32 Executable (generic) (6.8%)
Generic Win/DOS Executable (3.0%)
DOS Executable Generic (3.0%)
Tags
peexe signed upx overlay

VirusTotal metadata
First submission 2015-11-24 20:36:08 UTC ( vor 3 Jahre, 3 Monate )
Last submission 2015-11-24 20:36:08 UTC ( vor 3 Jahre, 3 Monate )
Dateinamen eDell Certificate Uninstaller - CHIP-Installer.exe
Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
HTTP requests
DNS requests
TCP connections