× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 180e6e66dfe3bdadd9407a228dd52bb7ab11e12f372ad11f94b381d9d6013de3
File name: Softango_VideoConverter_Multi.exe
Detection ratio: 37 / 55
Analysis date: 2016-02-24 06:40:12 UTC ( 7 months, 1 week ago )
Antivirus Result Update
AVG Luhe.PUP.InstallBrain.A 20160224
AVware InstallBrain (fs) 20160224
Ad-Aware Application.Bundler.InstallBrain.A 20160224
AegisLab Application.Bundler.Gen!c 20160224
AhnLab-V3 Win-PUP/InstallBrain 20160224
Antiy-AVL Trojan/Win32.TSGeneric 20160224
Arcabit Application.Bundler.InstallBrain.A 20160224
Avast Win32:PUP-gen [PUP] 20160224
Baidu-International PUA.Win32.InstallBrain.BSig 20160223
BitDefender Application.Bundler.InstallBrain.A 20160224
Bkav W32.HfsAdware.6E79 20160223
CAT-QuickHeal PUA.Performers.Gen 20160224
Comodo ApplicUnwnt.Win32.AdWare.IBrain.B 20160224
Cyren W32/IBrain.B2.gen!Eldorado 20160224
DrWeb Program.Unwanted.599 20160224
ESET-NOD32 a variant of Win32/InstallBrain potentially unwanted 20160224
F-Prot W32/IBrain.B2.gen!Eldorado 20160224
F-Secure Application.Bundler.InstallBrain 20160224
Fortinet Adware/InstallBrain 20160224
GData Application.Bundler.InstallBrain.A 20160224
Ikarus Trojan.Agent_s 20160224
Jiangmin AdWare.BrainInst.p 20160224
K7GW Unwanted-Program ( 004a9cab1 ) 20160224
Kaspersky not-a-virus:HEUR:AdWare.Win32.BrainInst.gen 20160224
Malwarebytes Adware.InstallBrain 20160224
McAfee Artemis!48A1B170D179 20160224
McAfee-GW-Edition BehavesLike.Win32.ZvuZona.fc 20160224
eScan Application.Bundler.InstallBrain.A 20160224
Microsoft TrojanDownloader:Win32/Brantall.A 20160224
NANO-Antivirus Riskware.Win32.BrainInst.dwtecc 20160224
Panda PUP/Ibups 20160223
Rising PE:Malware.Generic(Thunder)!1.A1C4 [F] 20160223
SUPERAntiSpyware PUP.InstallBrain/Variant 20160224
Sophos InstallBrain (PUA) 20160224
Tencent Win32.Trojan.Bp-generic.Bskd 20160224
VBA32 Signed-AdWare.BrainInst.PerformersoftLLC 20160223
VIPRE InstallBrain (fs) 20160224
ALYac 20160224
Yandex 20160221
Alibaba 20160224
ByteHero 20160224
CMC 20160223
ClamAV 20160224
Emsisoft 20160224
K7AntiVirus 20160224
Qihoo-360 20160224
Symantec 20160223
TheHacker 20160222
TotalDefense 20160223
TrendMicro 20160224
TrendMicro-HouseCall 20160224
ViRobot 20160224
Zillya 20160223
Zoner 20160224
nProtect 20160223
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright 2011

Product InstallBrain Installer
File version 11,6,20,2
Description InstallBrain Installer
Signature verification Signed file, verified signature
Signing date 7:38 PM 3/10/2012
Signers
[+] Performersoft LLC
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Go Daddy Secure Certification Authority
Valid from 2:38 PM 7/13/2011
Valid to 7:20 PM 6/25/2012
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 1F8A4F00541724059D086F42E07ACA8B6E0E9A43
Serial number 27 7B 96 F9 4D 20 C1
[+] Go Daddy Secure Certification Authority
Status Valid
Issuer Go Daddy Class 2 Certification Authority
Valid from 2:54 AM 11/16/2006
Valid to 2:54 AM 11/16/2026
Valid usage All
Algorithm sha1RSA
Thumbprint 7C4656C3061F7F4C0D67B319A855F60EBC11FC44
Serial number 03 01
[+] Go Daddy Class 2 Certification Authority
Status Valid
Issuer Go Daddy Class 2 Certification Authority
Valid from 6:06 PM 6/29/2004
Valid to 6:06 PM 6/29/2034
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 2796BAE63F1801E277261BA0D77770028F20EEE4
Serial number 00
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 1:00 AM 6/15/2007
Valid to 12:59 AM 6/15/2012
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT UPX_LZMA
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-03-10 18:38:14
Entry Point 0x000ECAE0
Number of sections 3
PE sections
Overlays
MD5 bb36685137bff6bcee1088b20e0aac70
File type data
Offset 336896
Size 6552
Entropy 7.30
PE imports
RegCloseKey
InitCommonControlsEx
BitBlt
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
SysAllocString
UuidCreate
Ord(680)
PathAppendW
CreateEnvironmentBlock
VerQueryValueW
WinHttpOpen
WTSQueryUserToken
MiniDumpWriteDump
Ord(90)
CoInitialize
CoInternetSetFeatureEnabled
Number of PE resources by type
RT_ICON 8
RT_DIALOG 4
RT_GROUP_ICON 2
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 11
NEUTRAL 5
PE resources
ExifTool file metadata
SpecialBuild
11,6,20,2

LegalTrademarks
InstallBrain

SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
11.6.20.2

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
InstallBrain Installer

CharacterSet
Windows, Latin1

InitializedDataSize
69632

PrivateBuild
2662

EntryPoint
0xecae0

MIMEType
application/octet-stream

LegalCopyright
Copyright 2011

FileVersion
11,6,20,2

TimeStamp
2012:03:10 19:38:14+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
11,6,20,2

UninitializedDataSize
700416

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
InstallBrain

CodeSize
270336

ProductName
InstallBrain Installer

ProductVersionNumber
11.6.20.2

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 48a1b170d179cf28f82aae0c16861612
SHA1 a0cd69838379d4799435db701848da54078d4b48
SHA256 180e6e66dfe3bdadd9407a228dd52bb7ab11e12f372ad11f94b381d9d6013de3
ssdeep
6144:CsSheEdCIvWu32pPaVRZjNSmdloE53aS09VU3FlkwoSSXM/:Cl2Nu3UyVRZjNSdE554VUHkwoSSXM/

authentihash 2a5f710ca3d4c6598a2735222e80d9528790103c20e39e2b1192efe0b2355186
imphash 59785afaf12a758ec7b9814cd9bbeecf
File size 335.4 KB ( 343448 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (46.5%)
Win32 EXE Yoda's Crypter (40.4%)
Win32 Executable (generic) (6.8%)
Generic Win/DOS Executable (3.0%)
DOS Executable Generic (3.0%)
Tags
peexe signed upx overlay

VirusTotal metadata
First submission 2012-03-10 21:43:18 UTC ( 4 years, 6 months ago )
Last submission 2015-12-01 15:46:07 UTC ( 10 months ago )
File names Video Performer63413.exe
Softango_VideoConverter_Multi.exe
48a1b170d179cf28f82aae0c16861612
file-3674388_exe
vt-upload-ZgFzT
Softango_VideoConverter (11).exe
EE40E6F5985562A23D3105B539797700E77F169A.exe
Softango_VideoConverter_Multi.exe
output.1315132.txt
Softango_VideoConverter_Multi.exe
Video Performer63413.exe
ibsvc.exe
DPYGEOETUB-617.pms.exe.SVD
A0068189.exe
180E6E66DFE3BDADD9407A228DD52BB7AB11E12F372AD11F94B381D9D6013DE3.dat
A0069092.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!