× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0b392356522b6090f5e9ee642df1c41f5fa7844386331a5dd45ed9230e04b4bd
File name: avast_free_antivirus_setup_online.exe
Detection ratio: 0 / 66
Analysis date: 2017-10-23 18:07:53 UTC ( 10 months ago )
Antivirus Result Update
Ad-Aware 20171023
AegisLab 20171023
AhnLab-V3 20171023
Alibaba 20170911
ALYac 20171023
Antiy-AVL 20171023
Arcabit 20171023
Avast 20171023
Avast-Mobile 20171023
AVG 20171023
Avira (no cloud) 20171023
AVware 20171023
Baidu 20171023
BitDefender 20171023
Bkav 20171023
CAT-QuickHeal 20171020
ClamAV 20171023
CMC 20171023
Comodo 20171023
CrowdStrike Falcon (ML) 20171016
Cylance 20171023
Cyren 20171023
DrWeb 20171023
eGambit 20171023
Emsisoft 20171023
Endgame 20171016
ESET-NOD32 20171023
F-Prot 20171023
F-Secure 20171023
Fortinet 20171023
GData 20171023
Ikarus 20171023
Sophos ML 20170914
Jiangmin 20171023
K7AntiVirus 20171023
K7GW 20171023
Kaspersky 20171023
Kingsoft 20171023
Malwarebytes 20171023
MAX 20171023
McAfee 20171023
McAfee-GW-Edition 20171023
Microsoft 20171023
eScan 20171023
NANO-Antivirus 20171023
nProtect 20171023
Palo Alto Networks (Known Signatures) 20171023
Panda 20171023
Qihoo-360 20171023
Rising 20171023
SentinelOne (Static ML) 20171019
Sophos AV 20171023
SUPERAntiSpyware 20171023
Symantec 20171023
Symantec Mobile Insight 20171011
Tencent 20171023
TheHacker 20171017
TrendMicro 20171023
TrendMicro-HouseCall 20171023
Trustlook 20171023
VBA32 20171023
VIPRE 20171023
ViRobot 20171023
Webroot 20171023
WhiteArmor 20171016
Yandex 20171021
Zillya 20171021
ZoneAlarm by Check Point 20171023
Zoner 20171023
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (c) 2014 AVAST Software

Product Avast Antivirus
Original name SfxInst.exe
Internal name SfxInst
File version 11.1.2245.1540
Description avast! Antivirus Installer
Comments avast! Antivirus
Signature verification Signed file, verified signature
Signing date 2:35 PM 12/16/2015
Signers
[+] AVAST Software a.s.
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer DigiCert High Assurance Code Signing CA-1
Valid from 1:00 AM 7/12/2013
Valid to 1:00 PM 9/14/2016
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 181E2AE5727DE60F52EF26D90BC6919481601793
Serial number 0E F5 EC A7 BD 31 CF C3 A7 F8 E6 25 9B 42 33 59
[+] DigiCert High Assurance Code Signing CA-1
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 1:00 PM 2/11/2011
Valid to 1:00 PM 2/10/2026
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint E308F829DC77E80AF15EDD4151EA47C59399AB46
Serial number 02 C4 D1 E5 8A 4A 68 0C 56 8D A3 04 7E 7E 4D 5F
[+] DigiCert
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
Serial number 02 AC 5C 26 6A 0B 40 9B 8F 0B 79 F2 AE 46 25 77
Counter signers
[+] DigiCert Timestamp Responder
Status Valid
Issuer DigiCert Assured ID CA-1
Valid from 1:00 AM 10/22/2014
Valid to 1:00 AM 10/22/2024
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 614D271D9102E30169822487FDE5DE00A352B01D
Serial number 03 01 9A 02 3A FF 58 B1 6B D6 D5 EA E6 17 F0 66
[+] DigiCert Assured ID CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2021
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing
Algorithm sha1RSA
Thumbrint 19A09B5A36F4DD99727DF783C17A51231A56C117
Serial number 06 FD F9 03 96 03 AD EA 00 0A EB 3F 27 BB BA 1B
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbrint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-12-01 08:39:23
Entry Point 0x0016FB40
Number of sections 3
PE sections
Overlays
MD5 619fc64e5f4143ba2f4bf5c6f24dd71a
File type data
Offset 662528
Size 4403576
Entropy 8.00
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
Number of PE resources by type
RT_ICON 10
RT_MANIFEST 1
RT_VERSION 1
FILE 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 12
ENGLISH US 1
CZECH DEFAULT 1
PE resources
ExifTool file metadata
SubsystemVersion
5.1

Comments
avast! Antivirus

InitializedDataSize
77824

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
11.1.2245.1540

LanguageCode
Neutral

FileFlagsMask
0x0017

FileDescription
avast! Antivirus Installer

CharacterSet
Unicode

LinkerVersion
11.0

EntryPoint
0x16fb40

OriginalFileName
SfxInst.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 2014 AVAST Software

FileVersion
11.1.2245.1540

TimeStamp
2015:12:01 09:39:23+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
SfxInst

ProductVersion
11.1.2245.1540

UninitializedDataSize
917504

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
AVAST Software

CodeSize
585728

ProductName
Avast Antivirus

ProductVersionNumber
11.1.2245.1540

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 e69eb5b9efd8fce1e632cafc7627469d
SHA1 c2937e35dd4e37e420656fa6242b6949ffcf1030
SHA256 0b392356522b6090f5e9ee642df1c41f5fa7844386331a5dd45ed9230e04b4bd
ssdeep
98304:9trBumE7JH0VWhQHbn5RRxmsuzsTsOoZR3OXgRblFbFW:Ml0HbL2qoz3zbly

authentihash 7df4a5a5cba24a6942a79628cf408cdaf3e36821e22c8be118fe57ab22dfa900
imphash e58ab46f2a279ded0846d81bf0fa21f7
File size 4.8 MB ( 5066104 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (43.5%)
Win32 EXE Yoda's Crypter (42.7%)
Win32 Executable (generic) (7.2%)
Generic Win/DOS Executable (3.2%)
DOS Executable Generic (3.2%)
Tags
peexe signed upx overlay

VirusTotal metadata
First submission 2015-12-17 01:18:25 UTC ( 2 years, 8 months ago )
Last submission 2017-10-23 18:07:53 UTC ( 10 months ago )
File names avast_free_antivirus_setup_online.exe
avast_free_antivirus_setup_online.exe
avast_free_antivirus_setup_online.exe
SfxInst
avast_free_antivirus_setup_online (2).exe
avast_free_antivirus_setup_online.exe
avast_free_antivirus_setup_online (1).exe
avast_free_antivirus_setup_online.exe
avast_free_antivirus_setup_online.exe
SfxInst.exe
avast_free_antivirus_setup_online.exe
avast_free_antivirus_setup_online.exe
avast_free_antivirus_setup_online.exe
avast_free_antivirus_setup_online.exe
avast_free_antivirus_setup_online.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections