× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 03da7fa99737533d8262ba4a96ef870e5ffd8d2a79055cb2e04657916c9d7d4b
File name: avpuzzlepro31d.exe
Detection ratio: 0 / 55
Analysis date: 2016-03-31 23:59:08 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware 20160401
AegisLab 20160331
AhnLab-V3 20160330
ALYac 20160401
Antiy-AVL 20160331
Arcabit 20160331
Avast 20160331
AVG 20160331
Avira (no cloud) 20160331
AVware 20160331
Baidu 20160331
Baidu-International 20160331
BitDefender 20160331
Bkav 20160331
CAT-QuickHeal 20160331
ClamAV 20160331
CMC 20160322
Comodo 20160331
Cyren 20160331
DrWeb 20160331
Emsisoft 20160331
ESET-NOD32 20160331
F-Prot 20160331
F-Secure 20160331
Fortinet 20160330
GData 20160331
Ikarus 20160331
Jiangmin 20160331
K7AntiVirus 20160331
K7GW 20160331
Kaspersky 20160331
Malwarebytes 20160331
McAfee 20160331
McAfee-GW-Edition 20160331
Microsoft 20160331
eScan 20160331
NANO-Antivirus 20160331
nProtect 20160331
Panda 20160331
Qihoo-360 20160401
Rising 20160331
Sophos AV 20160331
SUPERAntiSpyware 20160331
Symantec 20160331
Tencent 20160401
TheHacker 20160330
TotalDefense 20160330
TrendMicro 20160331
TrendMicro-HouseCall 20160331
VBA32 20160331
VIPRE 20160401
ViRobot 20160401
Yandex 20160316
Zillya 20160331
Zoner 20160331
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2003-2009

Product AVSetup
Original name AVSetup
Internal name AVSetup2.5
File version 2, 5, 0, 2
Description AV Bros. Setup Tool Ver. 2.5
Comments AV Bros. Setup Tool Ver. 2.5
Signature verification Signed file, verified signature
Signing date 4:59 PM 1/16/2011
Signers
[+] AV Bros.
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Code Signing CA - G2
Valid from 12:00 AM 08/18/2010
Valid to 11:59 PM 08/18/2011
Valid usage Code Signing, 1.3.6.1.4.1.311.2.1.22
Algorithm sha1RSA
Thumbprint 0509E1246B4F5E2DF5EAD438B64E419E77DA89DC
Serial number 40 CA 54 FF 8A FE E3 09 D9 EB 96 98 07 3E 5B 46
[+] Thawte Code Signing CA - G2
Status Valid
Issuer thawte Primary Root CA
Valid from 01:00 AM 02/08/2010
Valid to 12:59 AM 02/08/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 808D62642B7D1C4A9A83FD667F7A2A9D243FB1C7
Serial number 47 97 4D 78 73 A5 BC AB 0D 2F B3 70 19 2F CE 5E
[+] thawte
Status Valid
Issuer thawte Primary Root CA
Valid from 01:00 AM 11/17/2006
Valid to 11:59 PM 07/16/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 91C6D6EE3E8AC86384E548C299295C756C817B81
Serial number 34 4E D5 57 20 D5 ED EC 49 F4 2F CE 37 DB 2B 6D
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 12:00 AM 06/15/2007
Valid to 11:59 PM 06/14/2012
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 01:00 AM 12/04/2003
Valid to 12:59 AM 12/04/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 01:00 AM 01/01/1997
Valid to 12:59 AM 01/01/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-01-14 15:08:34
Entry Point 0x0002750E
Number of sections 4
PE sections
Overlays
MD5 3e0e144eb4ab163cef3b1e9a4c2f0168
File type data
Offset 4517888
Size 5176
Entropy 7.37
PE imports
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExA
FillRgn
CombineRgn
DeleteDC
SelectObject
OffsetRgn
CreateRectRgn
GdiFlush
CreateSolidBrush
CreateFontA
ExtCreateRegion
BitBlt
SetBkColor
CreateDIBSection
CreateCompatibleDC
DeleteObject
SelectClipRgn
SetTextColor
GetStdHandle
GetConsoleOutputCP
GetFileAttributesA
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
GetLogicalDrives
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
InitializeCriticalSection
LoadResource
InterlockedDecrement
SetLastError
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
RemoveDirectoryA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
SetUnhandledExceptionFilter
TerminateProcess
WriteConsoleA
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
CreateDirectoryA
GlobalLock
GetProcessHeap
GetDiskFreeSpaceA
GetProcAddress
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
GetModuleFileNameA
GetEnvironmentStrings
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
SizeofResource
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetMalloc
SHGetSpecialFolderPathA
SHGetSpecialFolderLocation
SetFocus
RedrawWindow
GetCaretBlinkTime
SetWindowRgn
UpdateWindow
BeginPaint
ReleaseCapture
GetCapture
KillTimer
GetMonitorInfoA
PostQuitMessage
DefWindowProcA
ShowWindow
MessageBeep
SetWindowPos
GetParent
IsWindow
GetWindowRect
DispatchMessageA
EndPaint
SetCapture
MoveWindow
WindowFromPoint
MessageBoxA
PeekMessageA
SetWindowLongA
TranslateMessage
IsWindowEnabled
SetActiveWindow
GetDC
RegisterClassExA
GetCursorPos
SystemParametersInfoA
GetDoubleClickTime
GetKeyState
UnregisterClassA
SetClipboardData
IsWindowVisible
EmptyClipboard
SendMessageA
CloseClipboard
GetClipboardData
CreateWindowExA
ScreenToClient
MonitorFromRect
GetWindowLongA
IsClipboardFormatAvailable
SetTimer
LoadCursorA
GetMessageA
SetWindowTextA
EnumThreadWindows
OpenClipboard
GetFocus
ReleaseDC
EnableWindow
GetWindowTextA
DestroyWindow
SetCursor
timeGetTime
CoUninitialize
CoCreateInstance
CoInitialize
Number of PE resources by type
RT_ICON 10
RT_MANIFEST 1
AVS4 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL DEFAULT 11
ENGLISH US 3
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

Comments
AV Bros. Setup Tool Ver. 2.5

InitializedDataSize
4280320

ImageVersion
0.0

ProductName
AVSetup

FileVersionNumber
2.5.0.2

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
AVSetup

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2, 5, 0, 2

TimeStamp
2011:01:14 16:08:34+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
AVSetup2.5

ProductVersion
2, 5, 0, 2

FileDescription
AV Bros. Setup Tool Ver. 2.5

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright (C) 2003-2009

MachineType
Intel 386 or later, and compatibles

CompanyName
AV Bros.

CodeSize
233472

FileSubtype
0

ProductVersionNumber
2.5.0.2

EntryPoint
0x2750e

ObjectFileType
Unknown

File identification
MD5 00f2292882e59a9aba902de5ecef99d5
SHA1 7922e35c0b7528361170543162df99e14b1638cc
SHA256 03da7fa99737533d8262ba4a96ef870e5ffd8d2a79055cb2e04657916c9d7d4b
ssdeep
98304:xaHRaYpmKRsvXTc/W6PeuU+W6mWR1LFloxljYfXglc5unVlkxCRB:xaHYYp24xXWp6oIglvVyUP

authentihash 541874b3707df10e9fa2e042130b00953e35f85cff80d07b127a6183cf24ae21
imphash 7e989b5331b4050d6b63b48ab1ab67bc
File size 4.3 MB ( 4523064 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (36.1%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win64 Executable (generic) (23.2%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.7%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2011-12-03 07:30:02 UTC ( 7 years, 5 months ago )
Last submission 2019-04-24 21:27:03 UTC ( 1 month ago )
File names 1032012
avpuzzlepro31d.exe
AVSetup
avpuzzlepro31d.exe
03DA7FA99737533D8262BA4A96EF870E5FFD8D2A79055CB2E04657916C9D7D4B
AVSetup2.5
avpuzzlepro31d.exe
00f2292882e59a9aba902de5ecef99d5
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs