× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 00e6cc49e7d9b5ea2ee17e403e2295d114d8a3c5808ab6a5f1fc347c0e9bcf53
File name: WakeOnLanProfessionalSetup.exe
Detection ratio: 2 / 56
Analysis date: 2015-10-24 05:45:11 UTC ( 3 years, 5 months ago ) View latest
Antivirus Result Update
Rising PE:Malware.RDM.32!5.26[F1] 20151024
Zillya Adware.Eorezo.Win32.16503 20151024
Ad-Aware 20151025
AegisLab 20151024
Yandex 20151025
AhnLab-V3 20151024
Alibaba 20151023
ALYac 20151025
Antiy-AVL 20151025
Arcabit 20151025
Avast 20151025
AVG 20151025
Avira (no cloud) 20151024
AVware 20151025
Baidu-International 20151024
BitDefender 20151025
Bkav 20151025
ByteHero 20151025
CAT-QuickHeal 20151024
ClamAV 20151025
CMC 20151021
Comodo 20151025
Cyren 20151025
DrWeb 20151028
Emsisoft 20151025
ESET-NOD32 20151025
F-Prot 20151025
F-Secure 20151023
Fortinet 20151025
GData 20151025
Ikarus 20151025
Jiangmin 20151024
K7AntiVirus 20151025
K7GW 20151025
Kaspersky 20151025
Malwarebytes 20151025
McAfee 20151025
McAfee-GW-Edition 20151025
Microsoft 20151025
eScan 20151025
NANO-Antivirus 20151025
nProtect 20151023
Panda 20151024
Qihoo-360 20151025
Sophos AV 20151025
SUPERAntiSpyware 20151024
Symantec 20151024
Tencent 20151025
TheHacker 20151024
TotalDefense 20151025
TrendMicro 20151025
TrendMicro-HouseCall 20151025
VBA32 20151023
VIPRE 20151025
ViRobot 20151025
Zoner 20151025
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2001 - 2015 EMCO. All rights reserved.

Product EMCO WakeOnLan Professional
File version 1.3.3
Description EMCO WakeOnLan Professional Setup
Comments http://emcosoftware.com/
Signature verification Signed file, verified signature
Signing date 4:49 PM 8/6/2015
Signers
[+] EMCO ehf.
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 3/31/2014
Valid to 12:59 AM 4/30/2016
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 7CAACF26FF7F63F2CCCF4C00C920509C0D4A6B29
Serial number 23 CA 05 C5 80 14 1B DA E6 7D 09 3B AC 33 80 52
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-08-06 15:49:48
Entry Point 0x00005AEA
Number of sections 4
PE sections
Overlays
MD5 d57627a717271512d0b3a0751ac6b347
File type data
Offset 58835456
Size 7864
Entropy 7.38
PE imports
GetStdHandle
GetConsoleOutputCP
GetFileAttributesW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
FormatMessageW
LoadResource
InterlockedDecrement
SetLastError
RemoveDirectoryW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
MoveFileExW
SetUnhandledExceptionFilter
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
EnumResourceNamesW
CompareStringW
CompareStringA
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
FindResourceW
LCMapStringA
GetEnvironmentStringsW
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetEnvironmentStrings
IsValidCodePage
HeapCreate
GetTempPathW
VirtualFree
Sleep
VirtualAlloc
UuidCreate
UuidToStringW
RpcStringFreeW
CommandLineToArgvW
MessageBoxW
Ord(205)
Ord(74)
Ord(169)
Ord(141)
Ord(88)
Ord(70)
Ord(8)
Ord(232)
CoUninitialize
CoInitialize
Number of PE resources by type
RT_ICON 16
RT_RCDATA 3
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 19
NEUTRAL 3
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
http://emcosoftware.com/

InitializedDataSize
58759680

ImageVersion
0.0

ProductName
EMCO WakeOnLan Professional

FileVersionNumber
1.3.3.797

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
EMCO WakeOnLan Professional Setup

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.3.3

TimeStamp
2015:08:06 16:49:48+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.3.3

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2001 - 2015 EMCO. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
EMCO Software

CodeSize
74752

FileSubtype
8

ProductVersionNumber
1.3.3.797

EntryPoint
0x5aea

ObjectFileType
Driver

File identification
MD5 a42d04baf73655115c45f69eccc58043
SHA1 7ad00311fdb390ac963727acc0d768600b2b179e
SHA256 00e6cc49e7d9b5ea2ee17e403e2295d114d8a3c5808ab6a5f1fc347c0e9bcf53
ssdeep
1572864:o/ek/xaqEWuQdB1Jfpd3Y1Lnr/h3s1iK+QK:eeXqxuu53YF5cRE

authentihash c5b16d48606ebc460b5b87d9e20298cd3af184dd177fe39d0cb6d0d402309164
imphash 8e55f2d68beb6ad4c08e854b69f8c330
File size 56.1 MB ( 58843320 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (35.0%)
Win32 EXE PECompact compressed (generic) (33.8%)
Win64 Executable (generic) (22.4%)
Win32 Executable (generic) (3.6%)
OS/2 Executable (generic) (1.6%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2015-08-08 06:06:41 UTC ( 3 years, 7 months ago )
Last submission 2016-03-26 01:29:30 UTC ( 2 years, 12 months ago )
File names 714266
WakeOnLanProfessionalSetup.exe
WakeOnLanProfessionalSetup.exe
00E6CC49E7D9B5EA2EE17E403E2295D114D8A3C5808AB6A5F1FC347C0E9BCF53
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!