× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 03b73a7d50d6146d8295436169d4f548310eb0ab3b60fee19e1285fbe09f16e4
File name: saa_setup.exe
Detection ratio: 5 / 54
Analysis date: 2016-01-31 23:19:06 UTC ( 3 years ago ) View latest
Antivirus Result Update
Avast NSIS:Relevant-H [PUP] 20160130
ESET-NOD32 Win32/BundleLoader.B potentially unwanted 20160130
Fortinet Adware/Relevant 20160130
Ikarus PUA.BundleLoader 20160129
ViRobot Trojan.Win32.A.Downloader.1297582[h] 20160129
Ad-Aware 20160130
AegisLab 20160130
Yandex 20160129
AhnLab-V3 20160129
Alibaba 20160129
ALYac 20160130
Antiy-AVL 20160130
Arcabit 20160130
AVG 20160130
Avira (no cloud) 20160130
Baidu-International 20160129
BitDefender 20160130
Bkav 20160129
ByteHero 20160201
CAT-QuickHeal 20160129
ClamAV 20160130
CMC 20160130
Comodo 20160130
Cyren 20160129
DrWeb 20160130
Emsisoft 20160130
F-Prot 20160129
F-Secure 20160129
GData 20160130
Jiangmin 20160129
K7AntiVirus 20160129
K7GW 20160129
Kaspersky 20160129
McAfee 20160130
McAfee-GW-Edition 20160130
Microsoft 20160130
eScan 20160130
NANO-Antivirus 20160130
nProtect 20160129
Panda 20160129
Qihoo-360 20160201
Rising 20160129
Sophos AV 20160130
SUPERAntiSpyware 20160130
Symantec 20160129
Tencent 20160201
TheHacker 20160130
TotalDefense 20160129
TrendMicro 20160130
TrendMicro-HouseCall 20160130
VBA32 20160128
VIPRE 20160130
Zillya 20160130
Zoner 20160130
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2005-2010 Oleg N. Scherbakov

Product 7-Zip SFX
Original name 7ZSfxMod_x86.exe
Internal name 7ZSfxMod
File version 1.4.1.2100
Description 7z Setup SFX (x86)
Packers identified
F-PROT INNO, PE_Patch, appended, Aspack, 7Z
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-04-28 11:38:36
Entry Point 0x00015CBF
Number of sections 4
PE sections
Overlays
MD5 68ed6f4bc8454a00942d3144cbb72ca5
File type data
Offset 108544
Size 1189038
Entropy 8.00
PE imports
GetDeviceCaps
GetCurrentObject
DeleteDC
CreateFontIndirectW
SelectObject
StretchBlt
GetObjectW
SetStretchBltMode
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetUserDefaultUILanguage
SetThreadLocale
GetLastError
SetCurrentDirectoryW
GetStdHandle
EnterCriticalSection
TerminateThread
lstrlenA
GetModuleFileNameW
GlobalFree
WaitForSingleObject
GetVersionExW
SetEvent
MulDiv
FindNextFileW
SystemTimeToFileTime
FindResourceExA
ExpandEnvironmentStringsW
lstrlenW
GetLocalTime
DeleteCriticalSection
GetStartupInfoA
GetSystemDefaultUILanguage
GetDriveTypeW
SizeofResource
CompareFileTime
GetDiskFreeSpaceExW
GetFileSize
LockResource
SetFileTime
GetCommandLineW
CreateThread
GetSystemDefaultLCID
MultiByteToWideChar
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
GetLocaleInfoW
SuspendThread
RemoveDirectoryW
GetModuleHandleA
lstrcpyW
SetFileAttributesW
lstrcmpiA
WideCharToMultiByte
SetEnvironmentVariableW
SetFilePointer
GetSystemDirectoryW
ReadFile
GetTempPathW
ResetEvent
GetSystemTimeAsFileTime
FindFirstFileW
GlobalMemoryStatusEx
lstrcmpW
GetModuleHandleW
LoadLibraryA
LocalFree
FormatMessageW
ResumeThread
GetFileAttributesW
CreateEventW
GetExitCodeThread
lstrcmpiW
InitializeCriticalSection
LoadResource
WriteFile
CreateFileW
GlobalAlloc
VirtualFree
FindClose
lstrcatW
Sleep
IsBadReadPtr
SetEndOfFile
CloseHandle
ExitProcess
GetProcAddress
VirtualAlloc
GetEnvironmentVariableW
SetLastError
LeaveCriticalSection
_purecall
__p__fmode
malloc
??1type_info@@UAE@XZ
memset
_wcsnicmp
__dllonexit
_controlfp
_except_handler3
??2@YAPAXI@Z
strncmp
_onexit
_wtol
exit
_XcptFilter
memcmp
__setusermatherr
__p__commode
_acmdln
_CxxThrowException
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
_adjust_fdiv
??3@YAXPAX@Z
free
__getmainargs
_initterm
memmove
memcpy
_beginthreadex
_exit
_EH_prolog
__set_app_type
OleLoadPicture
VariantClear
SysAllocString
SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW
SHGetSpecialFolderPathW
SHGetMalloc
SetFocus
GetParent
EndDialog
DrawTextW
DefWindowProcW
KillTimer
GetMessageW
ShowWindow
MessageBeep
SetWindowPos
GetClassNameA
wvsprintfW
GetSystemMetrics
SetWindowLongW
IsWindow
SendMessageW
GetWindowRect
ClientToScreen
CharUpperW
MessageBoxA
GetSystemMenu
GetWindowDC
GetWindow
GetSysColor
DispatchMessageW
CopyImage
ReleaseDC
GetMenu
GetWindowLongW
DrawIconEx
SetWindowTextW
GetDlgItem
SystemParametersInfoW
LoadImageW
GetDC
ScreenToClient
wsprintfA
SetTimer
CallWindowProcW
DialogBoxIndirectParamW
EnableWindow
GetClientRect
GetWindowTextW
EnableMenuItem
LoadIconW
GetWindowTextLengthW
CreateWindowExW
wsprintfW
GetKeyState
DestroyWindow
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
Number of PE resources by type
RT_ICON 4
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
RUSSIAN 5
ENGLISH US 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.4.1.2100

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
7z Setup SFX (x86)

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
20992

PrivateBuild
April 28, 2011

EntryPoint
0x15cbf

OriginalFileName
7ZSfxMod_x86.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2005-2010 Oleg N. Scherbakov

FileVersion
1.4.1.2100

TimeStamp
2011:04:28 04:38:36-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
7ZSfxMod

ProductVersion
1.4.1.2100

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Oleg N. Scherbakov

CodeSize
87040

ProductName
7-Zip SFX

ProductVersionNumber
1.4.1.2100

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 9058392fec26d0fb8ac989576f88b185
SHA1 fb64a1e282fa08af778a3df23a50473da7ab3342
SHA256 03b73a7d50d6146d8295436169d4f548310eb0ab3b60fee19e1285fbe09f16e4
ssdeep
24576:5IQcNL63YAYJY1WW/cMKCWIRkdQyG6yV3NiyHrW5srx6N8ZgXI/3gf8EU74h:mdN6hMeqMKCbJdNiyH65Ax6CgXI/wf8+

authentihash 21a2cfff795876254639bc2123a08bb7f7950173b11b2d70f4751c1ebfbf2dbf
imphash c769210c368165fcb9c03d3f832f55eb
File size 1.2 MB ( 1297582 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Microsoft Visual C++ compiled executable (generic) (73.2%)
OS/2 Executable (generic) (8.9%)
Generic Win/DOS Executable (8.8%)
DOS Executable Generic (8.8%)
Tags
peexe overlay armadillo aspack software-collection

VirusTotal metadata
First submission 2014-01-09 07:13:59 UTC ( 5 years, 1 month ago )
Last submission 2018-06-03 07:35:44 UTC ( 8 months, 3 weeks ago )
File names saa_setup (2).exe
saa_setup (1).exe.infected
29265155
saa_setup.exe.infected
03b73a7d50d6146d8295436169d4f548310eb0ab3b60fee19e1285fbe09f16e4
antenne satelite saa_setup.exe
saa_setup.exe
7ZSfxMod
saa_setup (1).exe
filename
7ZSfxMod_x86.exe
satellite-antenna-alignment_2-99-0_fr_20172.exe
saa_setup299.exe
saa_setup.exe
116-saa_setup.exe
16ebad416bb1c27a7abf098adba9709002810601b4a3647771e1096a734e38a56c4b527aa24f4a3e7a96a5d1c19ab5c670636d9b3a9bb75077965fda4bc3bd1a
saa_setup.exe
461745
saa_setup.exe
Satellite Antenna Alignment 2.99.0.exe
satellite-antenna-alignment-2-99-0-en-win.exe
6218030
file-6618452_exe
saa_setup.exe
sa.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!