× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 027ae2e47520321b25438d3fe738f56ae44c8b784707c24c38b82b27441604c6
File name: JDast_installer.exe
Detection ratio: 1 / 43
Analysis date: 2012-11-04 16:10:43 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
VBA32 Trojan.Autoit.Wirus 20121103
AVG 20121104
Agnitum 20121104
AhnLab-V3 20121104
AntiVir 20121104
Antiy-AVL 20121104
Avast 20121104
BitDefender 20121104
ByteHero 20121103
CAT-QuickHeal 20121103
ClamAV 20121104
Commtouch 20121104
Comodo 20121104
DrWeb 20121104
ESET-NOD32 20121104
Emsisoft 20121104
F-Prot 20121104
F-Secure 20121104
Fortinet 20121104
GData 20121104
Ikarus 20121104
Jiangmin 20121104
K7AntiVirus 20121102
Kaspersky 20121104
Kingsoft 20121028
McAfee 20121104
McAfee-GW-Edition 20121104
MicroWorld-eScan 20121104
Norman 20121104
PCTools 20121104
Panda 20121104
Rising 20121102
SUPERAntiSpyware 20121104
Sophos 20121104
Symantec 20121104
TheHacker 20121102
TotalDefense 20121102
TrendMicro 20121104
TrendMicro-HouseCall 20121104
VIPRE 20121104
ViRobot 20121104
eSafe 20121104
nProtect 20121104
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
GMW Software

Publisher GMW Software
File version 17.8
Description JDs Auto Speed Tester 17.8 Installation
Packers identified
PEiD BobSoft Mini Delphi -> BoB / BobSoft
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00017DE0
Number of sections 8
PE sections
PE imports
GetTokenInformation
LookupPrivilegeValueA
RegCloseKey
AdjustTokenPrivileges
OpenProcessToken
GetUserNameA
FreeSid
RegQueryValueExA
AllocateAndInitializeSid
OpenThreadToken
RegSetValueExA
EqualSid
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
FDIDestroy
FDICreate
FDICopy
ImageList_SetBkColor
ImageList_Draw
ImageList_Create
InitCommonControls
SetDIBits
AddFontResourceA
OffsetRgn
SaveDC
CreateFontIndirectA
CombineRgn
SetStretchBltMode
GetPixel
GetObjectA
ExcludeClipRect
DeleteDC
RestoreDC
SetBkMode
SetPixel
CreateSolidBrush
IntersectClipRect
BitBlt
CreateDIBSection
SetTextColor
MoveToEx
GetStockObject
CreateBrushIndirect
GetDIBits
ExtSelectClipRgn
SetBrushOrgEx
CreateCompatibleDC
StretchBlt
StretchDIBits
SetROP2
CreateRectRgn
SelectObject
GetTextExtentPoint32A
CreateCompatibleBitmap
SetWindowOrgEx
SetBkColor
DeleteObject
SetRectRgn
GetLastError
HeapFree
DosDateTimeToFileTime
GetUserDefaultLangID
FileTimeToSystemTime
GetFileAttributesA
GlobalFree
WaitForSingleObject
FreeLibrary
ExitProcess
CreateDirectoryA
GetVersionExA
RemoveDirectoryA
GetFileSize
RtlUnwind
LoadLibraryA
WinExec
GetDiskFreeSpaceA
GetDateFormatA
FileTimeToLocalFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
LocalAlloc
OpenProcess
SetFileTime
ExpandEnvironmentStringsA
GetWindowsDirectoryA
UnhandledExceptionFilter
SetErrorMode
MultiByteToWideChar
GetShortPathNameA
GetCommandLineA
GetProcAddress
GetProcessHeap
GetFullPathNameA
GetFileTime
SetFilePointer
GetTempPathA
RaiseException
CloseHandle
WideCharToMultiByte
GetModuleHandleA
ReadFile
DeleteFileA
WriteFile
GetCurrentProcess
FindFirstFileA
GetTimeFormatA
GetComputerNameA
FindNextFileA
GetSystemDirectoryA
HeapReAlloc
GetVersion
SetFileAttributesA
GetExitCodeProcess
TerminateProcess
GetModuleFileNameA
GlobalAlloc
LocalFileTimeToFileTime
FindClose
TlsGetValue
Sleep
FormatMessageA
SetEndOfFile
TlsSetValue
CreateFileA
HeapAlloc
GetCurrentThreadId
GetCurrentThread
SetCurrentDirectoryA
CompareStringA
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoInitialize
OleInitialize
SysReAllocStringLen
SysFreeString
SysAllocStringLen
SHGetFileInfoA
ShellExecuteExA
SHBrowseForFolderA
SHChangeNotify
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
SetFocus
GetParent
EnableWindow
GetWindowRgn
SetPropA
BeginPaint
OffsetRect
GetCapture
CheckRadioButton
KillTimer
RemovePropA
PostQuitMessage
DefWindowProcA
ShowWindow
GetPropA
SetWindowPos
FindWindowA
GetSystemMetrics
EnableMenuItem
IsWindow
GetWindowRect
DispatchMessageA
ScreenToClient
PostMessageA
DrawIcon
MessageBoxA
PeekMessageA
GetWindowDC
SetWindowLongA
wvsprintfA
TranslateMessage
IsWindowEnabled
GetWindow
GetSysColor
GetDC
GetKeyState
GetCursorPos
ReleaseDC
WaitMessage
GetClassInfoA
DestroyIcon
CreateWindowExA
DeleteMenu
SetParent
CopyImage
IsWindowVisible
IsZoomed
EnumWindows
SendMessageA
GetWindowTextA
GetClientRect
GetDCEx
CharLowerBuffA
IsIconic
RegisterClassA
GetClassLongA
InvalidateRect
GetWindowLongA
GetWindowTextLengthA
SetTimer
LoadCursorA
LoadIconA
DrawTextA
ClientToScreen
FillRect
GetUpdateRgn
ValidateRect
CallWindowProcA
GetSystemMenu
GetFocus
EndPaint
SetForegroundWindow
DestroyWindow
ExitWindowsEx
SetCursor
timeKillEvent
timeSetEvent
Number of PE resources by type
RT_ICON 4
RT_RCDATA 2
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 7
RUSSIAN 2
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
20480

ImageVersion
0.0

FileVersionNumber
17.8.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

LinkerVersion
2.25

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
17.8

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2013:05:03 20:19:26+01:00

FileDescription
JDs Auto Speed Tester 17.8 Installation

OSVersion
4.0

FileCreateDate
2013:05:03 20:19:26+01:00

FileOS
Win32

LegalCopyright
GMW Software

MachineType
Intel 386 or later, and compatibles

CompanyName
GMW Software

CodeSize
94208

FileSubtype
0

ProductVersionNumber
0.0.0.0

EntryPoint
0x17de0

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 6e5024d6aebd5fb8b29133ff10ed96a1
SHA1 6298a87d1f47ddbecb9720cf163fa51912ccdc72
SHA256 027ae2e47520321b25438d3fe738f56ae44c8b784707c24c38b82b27441604c6
ssdeep
98304:OdY869XLOgdoukwX4nHcgav3GjgvYscMyf7N/R3L55IIAoohia/x0oYdyewv:OBCbOHmC8gavext/R3N5epIap0bwv

File size 4.9 MB ( 5110564 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (47.8%)
Win32 Executable Delphi generic (16.3%)
Windows Screen Saver (14.5%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (7.2%)
Tags
peexe bobsoft

VirusTotal metadata
First submission 2012-10-28 16:50:05 UTC ( 1 year, 5 months ago )
Last submission 2013-03-04 19:29:25 UTC ( 1 year, 1 month ago )
File names file-4716419_exe
test.exe
JDast_installer.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Set keys
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.