× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 07ac717f288cdee6c5b6ef4eeda86f90892ef26fd11c7aac11ea6401a7dcc2e6
File name: Profile Stalker - V.exe
Detection ratio: 24 / 47
Analysis date: 2013-06-10 11:07:39 UTC ( 4 years ago ) View latest
Antivirus Result Update
AntiVir JS/Redirect.BR 20130610
BitDefender Trojan.Generic.9116146 20130610
Commtouch W32/Trojan.JOWU-9018 20130610
Comodo Heur.Suspicious 20130610
DrWeb Trojan.AVKill.30538 20130610
Emsisoft Trojan.Generic.9116146 (B) 20130610
eSafe Win32.Trojan 20130606
ESET-NOD32 JS/TrojanClicker.Agent.NDL 20130610
F-Secure Trojan.Generic.9116146 20130610
Fortinet JS/TrojanClicker_Agent.NDL 20130610
GData Trojan.Generic.9116146 20130610
Ikarus Trojan.SuspectCRC 20130610
K7AntiVirus Riskware 20130607
K7GW Riskware 20130607
McAfee Artemis!A6073378D764 20130610
McAfee-GW-Edition Artemis!A6073378D764 20130610
eScan Trojan.Generic.9116146 20130610
NANO-Antivirus Trojan.Win32.AVKill.bsigyz 20130610
Norman Troj_Generic.LPTGA 20130610
nProtect Trojan.Generic.9116146 20130610
Panda Suspicious file 20130609
Sophos Mal/Generic-S 20130610
TrendMicro-HouseCall TROJ_GEN.RC1H1EJ 20130610
VIPRE Trojan.Win32.Clicker!BT 20130610
Yandex 20130609
AhnLab-V3 20130609
Antiy-AVL 20130610
Avast 20130610
AVG 20130610
ByteHero 20130606
CAT-QuickHeal 20130610
ClamAV 20130610
F-Prot 20130610
Jiangmin 20130610
Kaspersky 20130610
Kingsoft 20130506
Malwarebytes 20130610
Microsoft 20130610
PCTools 20130521
Rising 20130607
SUPERAntiSpyware 20130609
Symantec 20130610
TheHacker 20130608
TotalDefense 20130607
TrendMicro 20130610
VBA32 20130610
ViRobot 20130610
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Facebook Inc.

Publisher rinim
Product Facebook Profile Viewer installer
Original name setup.exe
Internal name setup.exe
File version 2.0.0
Description Deploy Facebook Profile Viewer browsers extension
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Packers identified
F-PROT NSIS
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-29 18:03:41
Entry Point 0x0001F3A0
Number of sections 9
PE sections
PE imports
SHGetFolderPathA
RegFlushKey
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetSystemInfo
lstrlenA
GetFileAttributesA
WaitForSingleObject
FreeLibrary
QueryPerformanceCounter
CopyFileA
GetTickCount
GetThreadLocale
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
GetLocalTime
WritePrivateProfileStringA
DeleteCriticalSection
GetStartupInfoA
GetDateFormatA
LoadLibraryExA
SizeofResource
GetPrivateProfileStringA
GetLocaleInfoA
GetFileSize
CreateDirectoryA
LockResource
IsDBCSLeadByte
DeleteFileA
GetWindowsDirectoryA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
EnumCalendarInfoA
GetCPInfo
GetCommandLineA
GetProcAddress
FormatMessageA
GetFullPathNameA
SetFilePointer
GetTempPathA
RaiseException
CompareStringA
CloseHandle
WideCharToMultiByte
GetModuleHandleA
FindFirstFileA
WriteFile
GetCurrentProcess
ReadFile
ResetEvent
lstrcpynA
GetSystemDirectoryA
GetACP
GetDiskFreeSpaceA
FreeResource
SetFileAttributesA
SetEvent
FindResourceA
CreateProcessA
GetExitCodeProcess
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
CreateEventA
FindClose
InterlockedDecrement
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
LocalAlloc
InterlockedIncrement
StringFromCLSID
CoTaskMemFree
CoCreateGuid
VariantChangeType
SafeArrayGetLBound
SafeArrayPtrOfIndex
SysAllocStringLen
VariantClear
SafeArrayCreate
SysReAllocStringLen
SafeArrayGetUBound
VariantCopy
SysFreeString
VariantInit
ShellExecuteExA
CharPrevA
MapVirtualKeyA
keybd_event
FindWindowA
GetSystemMetrics
DispatchMessageA
VkKeyScanA
CharUpperBuffA
MessageBoxA
PeekMessageA
TranslateMessage
GetWindow
SetKeyboardState
GetKeyState
LoadStringA
SendMessageA
GetKeyboardState
CharNextA
WaitForInputIdle
MsgWaitForMultipleObjects
GetWindowTextA
CharToOemA
GetKeyboardType
IsDialogMessageA
DestroyWindow
Number of PE resources by type
RT_STRING 8
RT_RCDATA 6
RT_ICON 5
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 14
ENGLISH US 8
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
2.25

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
4402688

OriginalFilename
setup.exe

MIMEType
application/octet-stream

LegalCopyright
Facebook Inc.

FileVersion
2.0.0

TimeStamp
2013:03:29 19:03:41+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
setup.exe

ProductVersion
2.0.0

FileDescription
Deploy Facebook Profile Viewer browsers extension

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
124416

ProductName
Facebook Profile Viewer installer

ProductVersionNumber
2.0.0.0

EntryPoint
0x1f3a0

ObjectFileType
Executable application

File identification
MD5 a6073378d764e3af4cb289cac91b3f97
SHA1 ea93e9eeddfbe0bf8747fcb30f1077edf75788eb
SHA256 07ac717f288cdee6c5b6ef4eeda86f90892ef26fd11c7aac11ea6401a7dcc2e6
ssdeep
98304:R7Ar71MSDvsSgwDJWFPRF4V5sUheW1TxBq/j34:R7MMSDv/jgL65sUhr57q/jo

authentihash 5508178e909a190d2e83784e18e1d70c2be9c8a655d73b009e399f8aa2b040c4
imphash 73747b911244725f88ce26d959287999
File size 4.3 MB ( 4522176 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (64.5%)
Windows Screen Saver (19.6%)
Win32 Executable (generic) (6.7%)
Win16/32 Executable Delphi generic (3.1%)
Generic Win/DOS Executable (2.9%)
Tags
nsis peexe

VirusTotal metadata
First submission 2013-05-22 07:25:33 UTC ( 4 years, 1 month ago )
Last submission 2013-09-28 21:38:12 UTC ( 3 years, 9 months ago )
File names setup.exe
Profile Stalker - V.exe
5118-9fwgfw
$RXEZO0I.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!