× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0747c02d7d2146af818d0763a17f1065f1e961be692c3432c746168ac2cc097a
File name: setup.exe
Detection ratio: 3 / 47
Analysis date: 2014-01-07 21:53:57 UTC ( 3 months, 1 week ago ) View latest
Antivirus Result Update
ESET-NOD32 probably a variant of Win32/AdWare.WindowsExpertConsole.AC 20140107
McAfee FakeAlert-FSX!C3D0A58267CD 20140107
VBA32 suspected of Trojan.Downloader.gen.h 20140105
AVG 20140107
Ad-Aware 20140107
Agnitum 20140107
AhnLab-V3 20140107
AntiVir 20140107
Antiy-AVL 20140107
Avast 20140107
Baidu-International 20131213
BitDefender 20140107
Bkav 20140107
ByteHero 20131226
CAT-QuickHeal 20140107
ClamAV 20140107
Commtouch 20140107
Comodo 20140107
DrWeb 20140107
Emsisoft 20140107
F-Prot 20140107
F-Secure 20140107
Fortinet 20140107
GData 20140107
Ikarus 20140107
Jiangmin 20140107
K7AntiVirus 20140107
K7GW 20140107
Kaspersky 20140107
Kingsoft 20130829
Malwarebytes 20140107
McAfee-GW-Edition 20140107
MicroWorld-eScan 20140107
Microsoft 20140107
NANO-Antivirus 20140107
Norman 20140107
Panda 20140107
Rising 20140107
SUPERAntiSpyware 20140107
Sophos 20140107
Symantec 20140107
TheHacker 20140107
TotalDefense 20140107
TrendMicro 20140107
TrendMicro-HouseCall 20140107
VIPRE 20140107
ViRobot 20140107
nProtect 20140107
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-01-07 19:55:38
Link date 8:55 PM 1/7/2014
Entry Point 0x0006D76F
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
LookupPrivilegeValueA
RegCloseKey
OpenServiceW
QueryServiceConfigW
ControlService
LookupPrivilegeValueW
RegOpenKeyExW
RegDeleteKeyW
RegQueryValueExW
CloseServiceHandle
OpenProcessToken
RegEnumKeyW
RegOpenKeyW
QueryServiceConfig2W
RegQueryValueW
GetTokenInformation
EnumServicesStatusExW
RegDeleteValueW
RegEnumValueW
StartServiceW
AdjustTokenPrivileges
EnumDependentServicesW
RegSetValueExW
OpenSCManagerW
QueryServiceStatusEx
ChangeServiceConfigW
_TrackMouseEvent
GetDIBColorTable
GetTextMetricsW
SetMapMode
TextOutW
GetWindowOrgEx
PatBlt
SetStretchBltMode
CreatePen
GetRgnBox
SaveDC
ExtSelectClipRgn
CreateRectRgnIndirect
EndPath
PtVisible
GetClipBox
StretchBlt
GetWindowExtEx
GetClipRgn
GetViewportOrgEx
GetPixel
SelectObject
Rectangle
BitBlt
GetDeviceCaps
LineTo
DeleteDC
RestoreDC
SetBkMode
CreateFontIndirectW
CreateBitmap
CreateFontW
SetPixel
EndDoc
CreateSolidBrush
StartPage
DeleteObject
GetObjectW
SetDIBitsToDevice
CreateDIBSection
SetTextColor
OffsetWindowOrgEx
CreatePatternBrush
GetCurrentObject
RectVisible
ExtTextOutW
SelectClipPath
MoveToEx
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
GetViewportExtEx
OffsetViewportOrgEx
SetTextAlign
SelectClipRgn
RoundRect
GetTextExtentPoint32W
StartDocW
GetBkColor
ScaleViewportExtEx
EndPage
CreateRectRgn
AbortDoc
CopyMetaFileW
GetMapMode
SetDIBColorTable
SetWindowExtEx
GetTextColor
SetWindowOrgEx
DPtoLP
Escape
SetBkColor
BeginPath
SetViewportExtEx
CreateCompatibleBitmap
CreateCompatibleDC
LPtoDP
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
SetEvent
HeapDestroy
GetFileAttributesW
lstrcmpW
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
GetVolumeInformationW
SetErrorMode
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetFileTime
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetProfileIntW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
FormatMessageW
InitializeCriticalSection
LoadResource
GlobalHandle
GetLogicalDriveStringsW
FindClose
InterlockedDecrement
QueryDosDeviceW
GetFullPathNameW
WritePrivateProfileStringW
GetEnvironmentVariableW
SetLastError
GlobalFindAtomW
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetVersionExA
GetModuleFileNameA
EnumResourceLanguagesW
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
GlobalAddAtomW
CreateThread
SetUnhandledExceptionFilter
ConvertDefaultLocale
CreateMutexW
MulDiv
GetDateFormatA
ExitThread
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
VirtualQuery
SetEndOfFile
GetVersion
LeaveCriticalSection
WriteConsoleW
CreateToolhelp32Snapshot
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetLastError
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
CopyFileW
GlobalSize
GetStartupInfoA
UnlockFile
GetFileSize
GlobalDeleteAtom
OpenProcess
GetModuleHandleW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GlobalLock
GetProcessHeap
CompareStringW
GlobalReAlloc
lstrcmpA
FindNextFileW
CompareStringA
FindFirstFileW
DuplicateHandle
GetProcAddress
GlobalAlloc
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GlobalGetAtomNameW
LocalReAlloc
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
LockFile
lstrlenW
Process32NextW
CreateProcessW
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentProcessId
LockResource
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
lstrcpynW
GetSystemDefaultLangID
RaiseException
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
GetACP
GetCurrentThreadId
FreeResource
SizeofResource
HeapCreate
FindResourceW
VirtualFree
Sleep
OpenEventA
VirtualAlloc
GetTimeFormatA
AlphaBlend
TransparentBlt
GradientFill
CreateStdAccessibleObject
LresultFromObject
VariantChangeType
SafeArrayAccessData
VariantTimeToSystemTime
SysStringLen
SystemTimeToVariantTime
SysAllocStringLen
VarUdateFromDate
SafeArrayUnaccessData
OleCreateFontIndirect
VariantClear
SysAllocString
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayCreateVector
VariantCopy
SafeArrayGetLBound
SysFreeString
VariantInit
GetProcessImageFileNameW
SHBrowseForFolderW
DragQueryFileW
DragFinish
SHGetFolderPathW
Shell_NotifyIconW
ShellExecuteW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW
ExtractIconW
ShellExecuteA
Shell_NotifyIconA
PathIsUNCW
PathStripToRootW
PathRemoveFileSpecW
PathFindExtensionW
PathFindFileNameW
RedrawWindow
GetMessagePos
SetMenuItemBitmaps
LoadBitmapW
SetRectEmpty
DestroyMenu
PostQuitMessage
GetForegroundWindow
DrawStateW
SetWindowPos
SetScrollPos
IsWindow
GrayStringW
ScreenToClient
WindowFromPoint
GetMessageTime
SetActiveWindow
GetMenuItemID
GetCursorPos
MapDialogRect
GetDlgCtrlID
GetMenu
UnregisterClassA
UnregisterClassW
GetClassInfoW
DrawTextW
GetNextDlgTabItem
CallNextHookEx
IsClipboardFormatAvailable
LoadImageW
GetActiveWindow
FindWindowW
GetWindowTextW
CopyAcceleratorTableW
GetWindowTextLengthW
LoadAcceleratorsW
GetTopWindow
InvalidateRgn
PtInRect
DrawEdge
GetParent
UpdateWindow
GetPropW
EqualRect
GetMessageW
ShowWindow
DrawFrameControl
GetNextDlgGroupItem
SetPropW
ValidateRect
PeekMessageW
SetWindowsHookExW
InsertMenuItemW
CharUpperW
TranslateMessage
IsWindowEnabled
GetWindow
CreateIconFromResourceEx
GetIconInfo
RegisterClassW
ScrollWindow
IsWindowVisible
DestroyWindow
SetWindowLongW
EnableMenuItem
InvertRect
TrackPopupMenuEx
DrawFocusRect
GetScrollRange
SetTimer
ShowOwnedPopups
FillRect
CopyRect
GetSysColorBrush
CreateWindowExW
RemovePropW
GetWindowLongW
CharNextW
IsChild
SetFocus
RegisterWindowMessageW
ReleaseCapture
BeginPaint
OffsetRect
DefWindowProcW
GetScrollPos
KillTimer
ClipCursor
MapWindowPoints
GetClassInfoExW
SendDlgItemMessageA
GetSystemMetrics
IsIconic
GetWindowRect
InflateRect
SetCapture
DrawIcon
IntersectRect
SendDlgItemMessageW
PostMessageW
GetScrollInfo
CreatePopupMenu
CheckMenuItem
GetSubMenu
GetClassLongW
GetLastActivePopup
DrawIconEx
SetWindowTextW
GetDlgItem
GetMenuCheckMarkDimensions
BringWindowToTop
GetWindowPlacement
CreateIconIndirect
ClientToScreen
TrackPopupMenu
PostThreadMessageW
GetMenuItemCount
AttachThreadInput
GetMenuState
IsDialogMessageW
LoadCursorW
LoadIconW
ReuseDDElParam
DispatchMessageW
SetForegroundWindow
ExitWindowsEx
GetMenuItemInfoW
EndPaint
CreateDialogIndirectParamW
ReleaseDC
DrawTextExW
SetLayeredWindowAttributes
EndDialog
ModifyMenuW
SetWindowContextHelpId
GetCapture
MessageBeep
LoadMenuW
GetWindowThreadProcessId
DeferWindowPos
BeginDeferWindowPos
MessageBoxW
SendMessageW
UnhookWindowsHookEx
MoveWindow
MessageBoxA
AppendMenuW
GetWindowDC
DestroyCursor
AdjustWindowRectEx
LookupIconIdFromDirectoryEx
GetSysColor
RegisterClipboardFormatW
SetScrollInfo
GetKeyState
EndDeferWindowPos
SystemParametersInfoA
GetDoubleClickTime
TabbedTextOutW
DestroyIcon
ShowScrollBar
WinHelpW
GetDesktopWindow
UnpackDDElParam
SystemParametersInfoW
GetDC
FrameRect
SetRect
DeleteMenu
InvalidateRect
CallWindowProcW
GetClassNameW
GetClientRect
IsRectEmpty
GetFocus
EnableWindow
SetCursor
SetMenu
TranslateAcceleratorW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
InternetReadFile
InternetOpenUrlA
InternetCloseHandle
InternetOpenA
ClosePrinter
DocumentPropertiesW
OpenPrinterW
GetFileTitleW
GdipCreateBitmapFromScan0
GdiplusShutdown
GdipGetImagePalette
GdipDisposeImage
GdipBitmapUnlockBits
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePaletteSize
GdipAlloc
GdipBitmapLockBits
GdipCloneImage
GdiplusStartup
GdipGetImagePixelFormat
GdipDrawImageI
GdipGetImageGraphicsContext
GdipFree
GdipDeleteGraphics
GdipCreateBitmapFromStream
OleUninitialize
DoDragDrop
StgOpenStorageOnILockBytes
CreateStreamOnHGlobal
OleFlushClipboard
ReleaseStgMedium
RegisterDragDrop
RevokeDragDrop
CoRegisterMessageFilter
OleGetClipboard
StgCreateDocfileOnILockBytes
CLSIDFromString
CreateILockBytesOnHGlobal
CoGetClassObject
OleInitialize
CoLockObjectExternal
CoCreateInstance
OleDuplicateData
CoInitializeEx
OleSetClipboard
CoTaskMemAlloc
CoRevokeClassObject
CLSIDFromProgID
CoFreeUnusedLibraries
OleIsCurrentClipboard
CoTaskMemFree
OleUIBusyW
Number of PE resources by type
Struct(300) 59
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 60
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:01:07 20:55:38+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
573440

LinkerVersion
8.0

EntryPoint
0x6d76f

InitializedDataSize
589824

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 c3d0a58267cd9fa0e9a2e8bf9df99bb0
SHA1 42f2b93bdd359e2b3c03c2d60379bf52bba7adf0
SHA256 0747c02d7d2146af818d0763a17f1065f1e961be692c3432c746168ac2cc097a
ssdeep
24576:GrfA43No15nPTiZiVezxPxDaiXdSlzcAlLKcr0iBHk3EEdK:+CoxPxD7glYAl7kUEc

File size 1.1 MB ( 1167360 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-01-07 20:06:29 UTC ( 3 months, 1 week ago )
Last submission 2014-01-29 23:14:15 UTC ( 2 months, 2 weeks ago )
File names guard-xduo.exe
setup.exe
vti-rescan
eae31daa4006defb09dd63251a62c9ca203aadb9
guard-rymd.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!