× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 048b48c316e6989645e98d4fbd0b13488220b1c6b87ae62f4601bd29d620267c
File name: avira-free-security-suite-8877.exe
Detection ratio: 0 / 67
Analysis date: 2018-11-10 02:55:29 UTC ( 6 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware 20181110
AegisLab 20181110
AhnLab-V3 20181109
Alibaba 20180921
ALYac 20181110
Antiy-AVL 20181110
Arcabit 20181109
Avast 20181110
Avast-Mobile 20181109
AVG 20181110
Avira (no cloud) 20181110
Babable 20180918
Baidu 20181109
BitDefender 20181110
Bkav 20181110
CAT-QuickHeal 20181108
ClamAV 20181109
CMC 20181109
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181110
Cyren 20181110
DrWeb 20181110
Emsisoft 20181110
Endgame 20181108
ESET-NOD32 20181110
F-Prot 20181110
F-Secure 20181109
Fortinet 20181110
GData 20181110
Ikarus 20181109
Sophos ML 20181108
Jiangmin 20181110
K7AntiVirus 20181109
K7GW 20181109
Kaspersky 20181109
Kingsoft 20181110
Malwarebytes 20181110
MAX 20181110
McAfee 20181110
McAfee-GW-Edition 20181109
Microsoft 20181110
eScan 20181110
NANO-Antivirus 20181110
Palo Alto Networks (Known Signatures) 20181110
Panda 20181109
Qihoo-360 20181110
Rising 20181110
SentinelOne (Static ML) 20181011
Sophos AV 20181109
SUPERAntiSpyware 20181107
Symantec 20181109
Symantec Mobile Insight 20181108
TACHYON 20181110
Tencent 20181110
TheHacker 20181108
TotalDefense 20181109
TrendMicro 20181110
TrendMicro-HouseCall 20181110
Trustlook 20181110
VBA32 20181109
VIPRE 20181110
ViRobot 20181109
Webroot 20181110
Yandex 20181109
Zillya 20181109
ZoneAlarm by Check Point 20181110
Zoner 20181110
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2015 Avira Operations GmbH & Co. KG and its Licensors

Product Avira
Original name Avira.OE.Setup.Bundle.exe
Internal name setup
File version 1.2.120.25126
Description Avira
Signature verification Signed file, verified signature
Signing date 10:32 AM 9/10/2018
Signers
[+] Avira Operations GmbH & Co. KG
Status Valid
Issuer Symantec Class 3 Extended Validation Code Signing CA - G2
Valid from 12:00 AM 10/12/2016
Valid to 11:59 PM 10/12/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 9900CFAABC45B4247F9D78EE7E12B102D25EA325
Serial number 1F EB 54 56 B9 E0 C2 C6 83 57 C4 29 75 B9 82 24
[+] Symantec Class 3 Extended Validation Code Signing CA - G2
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 01:00 AM 03/04/2014
Valid to 12:59 AM 03/04/2024
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 5B8F88C80A73D35F76CD412A9E74E916594DFA67
Serial number 19 1A 32 CB 75 9C 97 B8 CF AC 11 8D D5 12 7F 49
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 01:00 AM 11/08/2006
Valid to 11:59 PM 07/16/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec SHA256 TimeStamping Signer - G3
Status Valid
Issuer Symantec SHA256 TimeStamping CA
Valid from 01:00 AM 12/23/2017
Valid to 12:59 AM 03/23/2029
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint A9A4121063D71D48E8529A4681DE803E3E7954B0
Serial number 7B D4 E5 AF BA CC 07 3F A1 01 23 04 22 41 4D 12
[+] Symantec SHA256 TimeStamping CA
Status Valid
Issuer VeriSign Universal Root Certification Authority
Valid from 01:00 AM 01/12/2016
Valid to 12:59 AM 01/12/2031
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 6FC9EDB5E00AB64151C1CDFCAC74AD2C7B7E3BE4
Serial number 7B 05 B1 D4 49 68 51 44 F7 C9 89 D2 9C 19 9D 12
[+] VeriSign Universal Root Certification Authority
Status Valid
Issuer VeriSign Universal Root Certification Authority
Valid from 12:00 AM 04/02/2008
Valid to 12:59 AM 12/02/2037
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha256RSA
Thumbrint 3679CA35668772304D30A5FB873B0FA77BB70D54
Serial number 40 1A C4 64 21 B3 13 21 03 0E BB E4 12 1A C5 1D
Packers identified
F-PROT CAB, UTF-8
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-10 08:32:10
Entry Point 0x00037F09
Number of sections 7
PE sections
Overlays
MD5 7692df7ece3cf38ef0c8c389865165ae
File type data
Offset 467456
Size 4961352
Entropy 8.00
PE imports
RegCreateKeyExW
SetSecurityDescriptorOwner
RegCloseKey
SetEntriesInAclW
OpenServiceW
AdjustTokenPrivileges
ControlService
InitializeAcl
LookupPrivilegeValueW
RegDeleteKeyW
CryptHashData
InitializeSecurityDescriptor
DecryptFileW
RegQueryValueExW
CryptCreateHash
SetSecurityDescriptorDacl
CloseServiceHandle
ConvertStringSecurityDescriptorToSecurityDescriptorW
CreateWellKnownSid
OpenProcessToken
QueryServiceStatus
RegOpenKeyExW
InitiateSystemShutdownExW
QueryServiceConfigW
GetTokenInformation
CryptReleaseContext
GetUserNameW
RegQueryInfoKeyW
RegEnumKeyExW
CryptAcquireContextW
CryptDestroyHash
RegDeleteValueW
RegSetValueExW
CryptGetHashParam
OpenSCManagerW
RegEnumValueW
AllocateAndInitializeSid
CheckTokenMembership
SetEntriesInAclA
ChangeServiceConfigW
SetSecurityDescriptorGroup
SetNamedSecurityInfoW
DeleteDC
SelectObject
GetObjectW
CreateCompatibleDC
DeleteObject
StretchBlt
GetVolumePathNameW
GetStdHandle
ReleaseMutex
WaitForSingleObject
EncodePointer
ProcessIdToSessionId
GetFileAttributesW
GetLocalTime
GetProcessId
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
InterlockedExchange
GetTempPathW
GetTimeZoneInformation
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
FormatMessageW
ConnectNamedPipe
GetExitCodeProcess
InitializeCriticalSection
OutputDebugStringW
FindClose
TlsGetValue
SetFileAttributesW
SetLastError
GetSystemTime
InterlockedDecrement
CopyFileW
GetUserDefaultLangID
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
VerSetConditionMask
HeapSetInformation
LoadLibraryExA
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
VerifyVersionInfoW
SetFilePointerEx
GetModuleHandleA
GetFullPathNameW
CreateThread
MoveFileExW
GetSystemDirectoryW
GetExitCodeThread
SetNamedPipeHandleState
SetUnhandledExceptionFilter
CreateMutexW
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetModuleHandleExW
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
GetSystemWow64DirectoryW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
RtlUnwind
DosDateTimeToFileTime
GetWindowsDirectoryW
OpenProcess
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GetTempFileNameW
GetComputerNameW
CompareStringW
GetFileSizeEx
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
ResetEvent
FindFirstFileW
DuplicateHandle
WaitForMultipleObjects
CreateFileMappingW
SetEvent
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
SystemTimeToFileTime
LCMapStringW
CreateNamedPipeW
lstrlenA
GlobalFree
GetConsoleCP
GetThreadLocale
GetEnvironmentStringsW
lstrlenW
VirtualFree
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCommandLineW
GetCPInfo
HeapSize
CopyFileExW
InterlockedCompareExchange
GetSystemDefaultLangID
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
SetThreadExecutionState
IsValidCodePage
UnmapViewOfFile
WriteFile
CreateProcessW
Sleep
SystemTimeToTzSpecificLocalTime
VirtualAlloc
CompareStringA
SysFreeString
VariantClear
VariantInit
SysAllocString
UuidCreate
SHGetFolderPathW
ShellExecuteExW
CommandLineToArgvW
GetMonitorInfoW
LoadBitmapW
DefWindowProcW
GetMessageW
PostQuitMessage
SetWindowLongW
MessageBoxW
PeekMessageW
TranslateMessage
PostMessageW
DispatchMessageW
GetCursorPos
RegisterClassW
UnregisterClassW
IsWindow
PostThreadMessageW
MonitorFromPoint
WaitForInputIdle
IsDialogMessageW
LoadCursorW
CreateWindowExW
MsgWaitForMultipleObjects
GetWindowLongW
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
CoInitializeSecurity
CLSIDFromProgID
CoTaskMemFree
StringFromGUID2
Number of PE resources by type
RT_ICON 4
RT_GROUP_ICON 1
RT_MESSAGETABLE 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 8
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.2.120.25126

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Avira

ImageFileCharacteristics
Executable, 32-bit, Removable run from swap, Net run from swap

CharacterSet
Windows, Latin1

InitializedDataSize
177664

EntryPoint
0x37f09

OriginalFileName
Avira.OE.Setup.Bundle.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2015 Avira Operations GmbH & Co. KG and its Licensors

FileVersion
1.2.120.25126

TimeStamp
2018:09:10 10:32:10+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
setup

ProductVersion
1.2.120.25126

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Avira Operations GmbH & Co. KG

CodeSize
288768

ProductName
Avira

ProductVersionNumber
1.2.120.25126

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 38a7fe06126cb71d86dd69ea25fa0709
SHA1 a2aa53bd46211bd8ba5363141987530f2d371cf6
SHA256 048b48c316e6989645e98d4fbd0b13488220b1c6b87ae62f4601bd29d620267c
ssdeep
98304:fY1/ZiYimoSmr8ct+R5AEjR4RvJarqh/rjpb2wASrxdTR4EUNnpb96nCrzBL:gOvqbct+RmuOYrihjxdFZUNpbAnChL

authentihash cb3ef0a0323b3a644e19ebd4f737eb2805560d12836aab5cda784e5b6919f02c
imphash d18cde94cdc6e930f022e2819d39a2bd
File size 5.2 MB ( 5428808 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2018-10-05 12:55:34 UTC ( 7 months, 2 weeks ago )
Last submission 2018-11-10 02:55:29 UTC ( 6 months, 1 week ago )
File names avira_en_fass0_5bb97c01d9636__ws.exe
avira_en_fass0_5bba3f90ab4d5__ws.exe
avira_ru_vpnb0_5bb75eb0305aa__ws.exe
avira_fr_aps10_3125234128_70c0i184824rf8odet7z_wd.exe
avira_en_fass0_5bb9d841cb83d__ws.exe
avira_ru_fass0_5bb862773f138__ws.exe
avira_en_aps10_3123604847_zau92arp8tsyzk4ez9xz_wd.exe
avira-free-antivirus-8.exe
avira-free-security-suite-8877.exe
avira_ptbr_av_5bb9663e82311__ws.exe
avira_de_fass0_5bb8fc804ba30__ws.exe
avira_en_fass0_5bb97c01d9636__ws.exe
avira_de_asu80_5bba52d9a03e8__ws.exe
avira_ptbr_fass0_5b3a688153641__ws.exe
avira_en_ispm0_3001410648_3qq2gvejn5qggbtlyjk4_wd.exe
avira_fr_aps10_3125234128_8zdo0e45iybmkhpk5dp0_wd.exe
setup
avira_ru_av_5bba0d4a997c5__ws.exe
avira_ptbr_fass0_5bba9c3b4b134__ws.exe
Avira.OE.Setup.Bundle.exe
avira_tr_avpn0_5bbc523b6accd__ws.exe
avira_it_av_5a76c6573e578__ws.exe
avira-free-security-suite-8877.exe
avira_de_av_5bba14520d2bd__wsold2.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Runtime DLLs