× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 08744188e4768726e7ae5cb788031d669a593d736e458b15723e222e98124edb
File name: Setup.exe
Detection ratio: 8 / 48
Analysis date: 2013-12-10 05:39:40 UTC ( 4 months, 1 week ago )
Antivirus Result Update
AVG Skodna.Generic_r.HV 20131209
Avast Win32:Installer-AH [PUP] 20131210
ESET-NOD32 a variant of MSIL/DomaIQ.J 20131209
GData Win32.Application.DomaIQ.B 20131210
Malwarebytes PUP.Optional.DomalIQ.A 20131210
Norman DomaIQ.YSY 20131209
Sophos DomainIQ pay-per install 20131210
VIPRE DomaIQ (fs) 20131210
Ad-Aware 20131210
Agnitum 20131209
AhnLab-V3 20131209
AntiVir 20131210
Antiy-AVL 20131209
Baidu-International 20131209
BitDefender 20131210
Bkav 20131209
ByteHero 20131127
CAT-QuickHeal 20131209
ClamAV 20131209
Commtouch 20131210
Comodo 20131210
DrWeb 20131210
Emsisoft 20131210
F-Prot 20131210
F-Secure 20131210
Fortinet 20131210
Ikarus 20131210
Jiangmin 20131210
K7AntiVirus 20131209
K7GW 20131210
Kaspersky 20131210
Kingsoft 20130829
McAfee 20131210
McAfee-GW-Edition 20131210
MicroWorld-eScan 20131210
Microsoft 20131209
NANO-Antivirus 20131210
Panda 20131209
Rising 20131210
SUPERAntiSpyware 20131209
Symantec 20131210
TheHacker 20131209
TotalDefense 20131209
TrendMicro 20131210
TrendMicro-HouseCall 20131210
VBA32 20131209
ViRobot 20131210
nProtect 20131209
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Publisher Payments Interactive SL
Signature verification Signed file, verified signature
Signing date 6:38 AM 12/10/2013
Signers
[+] Payments Interactive SL
Status Valid
Valid from 1:00 AM 10/15/2013
Valid to 1:00 PM 12/19/2014
Valid usage Code Signing
Algorithm SHA1
Thumbrint 287B7FB20F7ECD211092A81E20837E971D35FD1F
Serial number 06 0C E3 45 6F DD B3 F9 8D A9 ED A1 B8 76 84 2F
[+] DigiCert Assured ID Code Signing CA-1
Status Valid
Valid from 1:00 PM 2/11/2011
Valid to 1:00 PM 2/10/2026
Valid usage Code Signing
Algorithm SHA1
Thumbrint 409AA4A74A0CDA7C0FEE6BD0BB8823D16B5F1875
Serial number 0F A8 49 06 15 D7 00 A0 BE 21 76 FD C5 EC 6D BD
[+] DigiCert
Status Valid
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm SHA1
Thumbrint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-12-09 15:47:37
Entry Point 0x0000CD4C
Number of sections 5
PE sections
PE imports
SetMapMode
SaveDC
TextOutA
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
DeleteObject
SetTextColor
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
ExtTextOutA
PtVisible
ScaleViewportExtEx
SelectObject
SetWindowExtEx
Escape
SetBkColor
SetViewportExtEx
GetStdHandle
GetConsoleOutputCP
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
WideCharToMultiByte
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
InitializeCriticalSection
LoadResource
GlobalHandle
InterlockedDecrement
FormatMessageA
SetLastError
IsDebuggerPresent
ExitProcess
FlushFileBuffers
GetModuleFileNameA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
GlobalAddAtomA
SetUnhandledExceptionFilter
TerminateProcess
WriteConsoleA
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GlobalDeleteAtom
CreateDirectoryA
GetProcAddress
GlobalReAlloc
lstrcmpA
CompareStringA
CreateFileMappingA
lstrcmpW
GlobalLock
GlobalFindAtomA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
UnmapViewOfFile
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GlobalGetAtomNameA
GetEnvironmentStringsW
GlobalUnlock
GetEnvironmentStrings
GetCurrentProcessId
LockResource
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
MapViewOfFile
TlsFree
GetModuleHandleA
GlobalFlags
CloseHandle
GetACP
CopyFileA
GetModuleHandleW
SizeofResource
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
CreateStdAccessibleObject
LresultFromObject
Ord(12)
Ord(8)
Ord(9)
ShellExecuteA
MapWindowPoints
GetDlgCtrlID
GetForegroundWindow
GetParent
SystemParametersInfoA
SetPropA
SetMenuItemBitmaps
PostQuitMessage
GetCapture
GetMenuState
GetClassInfoExA
DestroyMenu
RegisterWindowMessageA
DefWindowProcA
GetMessagePos
CallNextHookEx
IsWindowEnabled
GetPropA
LoadBitmapA
DrawTextExA
GetWindowThreadProcessId
GetSysColorBrush
GetSystemMetrics
EnableMenuItem
IsWindow
GetWindowRect
DispatchMessageA
RegisterClassA
SetMenu
PostMessageA
ModifyMenuA
GrayStringA
MessageBoxA
PeekMessageA
SetWindowLongA
AdjustWindowRectEx
GetMessageTime
GetWindow
GetSysColor
GetDC
GetKeyState
DrawTextA
RemovePropA
SetWindowTextA
CheckMenuItem
GetMenu
GetSubMenu
GetLastActivePopup
GetWindowPlacement
GetClassInfoA
GetWindowTextA
GetClientRect
GetDlgItem
GetMenuCheckMarkDimensions
WinHelpA
SetWindowPos
IsIconic
ClientToScreen
GetClassLongA
GetMenuItemCount
TabbedTextOutA
GetWindowLongA
CreateWindowExA
LoadCursorA
LoadIconA
SetWindowsHookExA
SendMessageA
GetTopWindow
CopyRect
GetDesktopWindow
ValidateRect
CallWindowProcA
GetClassNameA
GetFocus
GetMenuItemID
ReleaseDC
EnableWindow
SetForegroundWindow
PtInRect
UnhookWindowsHookEx
DestroyWindow
OpenPrinterA
DocumentPropertiesA
ClosePrinter
Number of PE resources by type
RT_ICON 3
FILE 3
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
SPANISH MODERN 7
ENGLISH US 1
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:12:09 16:47:37+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
113664

LinkerVersion
9.0

EntryPoint
0xcd4c

InitializedDataSize
338944

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 101bbd03899dad33db60cfbfb1685f42
SHA1 6b35b3f9108fdcdd3210aa211d98147b7f468857
SHA256 08744188e4768726e7ae5cb788031d669a593d736e458b15723e222e98124edb
ssdeep
6144:r0PCRT5LgXEhN7th62W4hPpmM7wyxGV6jQ6100nmK1r8iw49cCiKFYa:hgXEhxth62phxB7wyxGV6Z/4N49cCrj

File size 449.1 KB ( 459832 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe signed

VirusTotal metadata
First submission 2013-12-10 05:39:40 UTC ( 4 months, 1 week ago )
Last submission 2013-12-10 05:39:40 UTC ( 4 months, 1 week ago )
File names Setup.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!