× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0a12118c029007506d6d172481ba95535b519f152d51c509532e61238cacb4c9
File name: MSItoEXECreatorDemo.exe
Detection ratio: 0 / 57
Analysis date: 2016-03-22 14:47:02 UTC ( 2 years, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware 20160322
AegisLab 20160322
Yandex 20160316
AhnLab-V3 20160322
Alibaba 20160322
ALYac 20160322
Antiy-AVL 20160322
Arcabit 20160322
Avast 20160322
AVG 20160321
Avira (no cloud) 20160322
AVware 20160322
Baidu 20160322
Baidu-International 20160322
BitDefender 20160322
Bkav 20160322
ByteHero 20160322
CAT-QuickHeal 20160322
ClamAV 20160319
CMC 20160322
Comodo 20160322
Cyren 20160322
DrWeb 20160322
Emsisoft 20160322
ESET-NOD32 20160322
F-Prot 20160322
F-Secure 20160322
Fortinet 20160322
GData 20160322
Ikarus 20160322
Jiangmin 20160322
K7AntiVirus 20160322
K7GW 20160322
Kaspersky 20160322
Malwarebytes 20160322
McAfee 20160322
McAfee-GW-Edition 20160322
Microsoft 20160322
eScan 20160322
NANO-Antivirus 20160322
nProtect 20160322
Panda 20160321
Qihoo-360 20160322
Rising 20160322
Sophos AV 20160322
SUPERAntiSpyware 20160322
Symantec 20160322
Tencent 20160322
TheHacker 20160321
TotalDefense 20160322
TrendMicro 20160322
TrendMicro-HouseCall 20160322
VBA32 20160322
VIPRE 20160322
ViRobot 20160322
Zillya 20160322
Zoner 20160322
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2005-2012 DRPU Software Pvt. Ltd.

Product DRPU MSI to EXE Creator(Demo) Application
Original name DRPU MSI to EXE Creator(Demo).EXE
Internal name DRPU MSI to EXE Creator(Demo)
File version 4. 0. 1. 6
Description DRPU MSI to EXE Creator(Demo) Application
Signature verification Signed file, verified signature
Signing date 10:09 AM 12/20/2012
Signers
[+] DRPU Software Private Limited
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 9/8/2010
Valid to 12:59 AM 9/8/2013
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint B0770677B9584E56C09D72E1CD6D6BF23F6CC461
Serial number 00 8D CD F2 09 44 D8 5E EB BD 5F FE 8E 4D 15 9B 97
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbprint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 5/20/2022
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint D43989A11E5961CC13A58008172BF544DA11F1E6
Serial number 7E 1F DF 72 99 E8 D2 45 A1 5D 0B A8 E5 B1 59 BA
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
PEiD BobSoft Mini Delphi -> BoB / BobSoft
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00028A6C
Number of sections 8
PE sections
Overlays
MD5 9fff1e89327e407cb198b296d0d008b7
File type data
Offset 195072
Size 1280896
Entropy 8.00
PE imports
RegOpenKeyExA
LookupAccountNameA
RegQueryValueExA
RegCloseKey
GetUserNameA
InitCommonControls
GetDeviceCaps
LineTo
SelectObject
GetTextExtentPoint32A
MoveToEx
CreatePen
GetTextMetricsA
CreateSolidBrush
DeleteObject
CreateFontA
GetStdHandle
FileTimeToDosDateTime
GetFileAttributesA
GetDriveTypeA
GetLocalTime
DeleteCriticalSection
GetLocaleInfoA
LocalAlloc
SetErrorMode
SetFileAttributesA
GetTempPathA
GetCPInfo
WriteFile
GetDiskFreeSpaceA
GetFullPathNameA
GetExitCodeProcess
LocalFree
MoveFileA
GetEnvironmentVariableA
FindClose
TlsGetValue
FormatMessageA
GetStringTypeExA
DeviceIoControl
InitializeCriticalSection
GlobalFindAtomA
ExitProcess
GetModuleFileNameA
RaiseException
EnumCalendarInfoA
LoadLibraryExA
GetPrivateProfileStringA
UnhandledExceptionFilter
GetModuleHandleA
GlobalAddAtomA
MulDiv
GetSystemDirectoryA
TerminateProcess
VirtualQuery
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
SetCurrentDirectoryA
EnterCriticalSection
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
GetFileSize
OpenProcess
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetProcAddress
FindFirstFileA
GetComputerNameA
FindNextFileA
CopyFileA
GetFileType
TlsSetValue
CreateFileA
LeaveCriticalSection
GetLastError
DosDateTimeToFileTime
GlobalDeleteAtom
lstrlenA
GetThreadLocale
IsDBCSLeadByte
RemoveDirectoryA
WinExec
FileTimeToLocalFileTime
WritePrivateProfileStringA
GetCurrentProcessId
SetFileTime
WideCharToMultiByte
GetShortPathNameA
GetCommandLineA
QueryPerformanceFrequency
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
GetVersion
CreateProcessA
VirtualFree
Sleep
VirtualAlloc
SysReAllocStringLen
SysFreeString
SysAllocStringLen
ShellExecuteA
SetFocus
GetMessageA
EnableWindow
ReleaseDC
PostQuitMessage
EnumWindows
KillTimer
RegisterWindowMessageA
DefWindowProcA
ShowWindow
SetWindowPos
GetWindowThreadProcessId
GetSystemMetrics
GetWindowRect
DispatchMessageA
EndPaint
LoadStringA
PostMessageA
DrawIcon
MessageBoxA
PeekMessageA
SetWindowLongA
TranslateMessage
GetWindow
GetSysColor
SetActiveWindow
GetDC
SystemParametersInfoA
BeginPaint
FindWindowA
UnregisterClassA
IsWindowVisible
SendMessageA
GetClientRect
SetTimer
EnableMenuItem
RegisterClassA
GetWindowLongA
CreateWindowExA
LoadCursorA
LoadIconA
GetActiveWindow
CharNextA
GetDesktopWindow
GetSystemMenu
GetFocus
FillRect
GetWindowTextA
GetKeyboardType
CharToOemA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetSetOptionA
InternetGetLastResponseInfoA
Number of PE resources by type
RT_STRING 6
RT_RCDATA 2
RT_VERSION 2
RT_ICON 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 9
HEBREW DEFAULT 3
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
2.25

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.0.1.6

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0002

CharacterSet
Windows, Latin1

InitializedDataSize
31232

EntryPoint
0x28a6c

OriginalFileName
DRPU MSI to EXE Creator(Demo).EXE

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2005-2012 DRPU Software Pvt. Ltd.

FileVersion
4. 0. 1. 6

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
DRPU MSI to EXE Creator(Demo)

ProductVersion
4. 0. 1. 6

FileDescription
DRPU MSI to EXE Creator(Demo) Application

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
DRPU Software Pvt. Ltd.

CodeSize
162816

ProductName
DRPU MSI to EXE Creator(Demo) Application

ProductVersionNumber
4.0.1.6

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 f49ed49b1d8fc2c41a90a455ce6c03ff
SHA1 dbbb4ffba4c0f7d0ee096e6b3bbe3d8fa81649fb
SHA256 0a12118c029007506d6d172481ba95535b519f152d51c509532e61238cacb4c9
ssdeep
24576:nUdWmAFJgjdo1WfmbPvolmwRrLhqwCxFE1GRDydvF8JZ4M/mMBDJeKK:WjdjwCvfh/CxQZd9keceL

authentihash b82a56def14b9d3f1259cdf1d1f23c864746bc85cb0044a7060b595046b0d54c
imphash c1a1896c511e1df507cce3e5f7bec89d
File size 1.4 MB ( 1475968 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (43.2%)
Win32 Executable Delphi generic (14.2%)
Windows screen saver (13.1%)
DOS Borland compiled Executable (generic) (10.0%)
Win32 Dynamic Link Library (generic) (6.6%)
Tags
bobsoft peexe signed overlay

VirusTotal metadata
First submission 2012-12-21 20:41:53 UTC ( 5 years, 6 months ago )
Last submission 2018-05-22 01:44:23 UTC ( 4 weeks ago )
File names 0A12118C029007506D6D172481BA95535B519F152D51C509532E61238CACB4C9
msi-to-exe-setup-creator_4-0-1-6_en_226202.exe
msitoexecreatordemo.exe
MSItoEXECreatorDemo.exe
micronmsitoexedemo.exe
DRPU MSI to EXE Creator(Demo).EXE
MicronMSItoEXEDemo.exe
0a12118c029007506d6d172481ba95535b519f152d51c509532e61238cacb4c9
file-5374853_ViR
340166
MSItoEXECreatorDemo.exe
MicronMSItoEXEDemo.exe
14834365
MSItoEXECreatorDemo.exe
MSItoEXECreatorDemo.exe
f49ed49b1d8fc2c41a90a455ce6c03ff.dbbb4ffba4c0f7d0ee096e6b3bbe3d8fa81649fb
MSItoEXECreatorDemo_Commercial.exe
DRPU MSI to EXE Creator(Demo)
output.14834365.txt
Setup_product_9555.exe
MSItoEXECreatorDemo.exe$
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Searched windows
Runtime DLLs
UDP communications