× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0c835e22c3dd74c23aaf57a4925f058ff980761708a310faace5c58ef24e1079
File name: iExplorerSetup.exe
Detection ratio: 0 / 69
Analysis date: 2018-12-10 12:19:40 UTC ( 1 month ago ) View latest
Antivirus Result Update
Ad-Aware 20181210
AegisLab 20181210
AhnLab-V3 20181210
Alibaba 20180921
Antiy-AVL 20181210
Arcabit 20181210
Avast 20181210
Avast-Mobile 20181209
AVG 20181210
Avira (no cloud) 20181209
Babable 20180918
Baidu 20181207
BitDefender 20181210
Bkav 20181208
CAT-QuickHeal 20181210
ClamAV 20181210
CMC 20181209
Comodo 20181210
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181210
Cyren 20181210
DrWeb 20181210
eGambit 20181210
Emsisoft 20181210
Endgame 20181108
ESET-NOD32 20181210
F-Prot 20181210
F-Secure 20181210
Fortinet 20181210
GData 20181210
Ikarus 20181209
Sophos ML 20181128
Jiangmin 20181210
K7AntiVirus 20181210
K7GW 20181210
Kaspersky 20181210
Kingsoft 20181210
Malwarebytes 20181210
MAX 20181210
McAfee 20181210
McAfee-GW-Edition 20181210
Microsoft 20181210
eScan 20181210
NANO-Antivirus 20181210
Palo Alto Networks (Known Signatures) 20181210
Panda 20181209
Qihoo-360 20181210
Rising 20181210
SentinelOne (Static ML) 20181011
Sophos AV 20181210
SUPERAntiSpyware 20181205
Symantec 20181210
Symantec Mobile Insight 20181207
TACHYON 20181210
Tencent 20181210
TheHacker 20181202
TotalDefense 20181210
Trapmine 20181205
TrendMicro 20181210
TrendMicro-HouseCall 20181210
Trustlook 20181210
VBA32 20181210
VIPRE 20181210
ViRobot 20181210
Webroot 20181210
Yandex 20181207
Zillya 20181208
ZoneAlarm by Check Point 20181210
Zoner 20181210
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Original name setup.exe
Internal name setup.exe
File version 15.0.26208.0 built by: D15REL
Description Setup
Signature verification Signed file, verified signature
Signing date 7:16 PM 11/5/2018
Signers
[+] Macroplant, LLC
Status Valid
Issuer DigiCert EV Code Signing CA (SHA2)
Valid from 1:00 AM 4/26/2017
Valid to 1:00 PM 6/17/2020
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 72A58EEFEE055979734CDE1951C859A50F7D4734
Serial number 04 AF BD 67 3B FE 08 45 53 8D A4 F7 28 96 C5 AA
[+] DigiCert EV Code Signing CA (SHA2)
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 1:00 PM 4/18/2012
Valid to 1:00 PM 4/18/2027
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 60EE3FC53D4BDFD1697AE5BEAE1CAB1C0F3AD4E3
Serial number 03 F1 B4 E1 5F 3A 82 F1 14 96 78 B3 D7 D8 47 5C
[+] DigiCert
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
Serial number 02 AC 5C 26 6A 0B 40 9B 8F 0B 79 F2 AE 46 25 77
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-09 03:17:50
Entry Point 0x00035427
Number of sections 5
PE sections
Overlays
MD5 ba3fe3682f5a8a45a0e9d4351f644c68
File type data
Offset 543744
Size 6680
Entropy 7.27
PE imports
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
GetDeviceCaps
GetTextMetricsW
DeleteDC
CreateFontIndirectW
SelectObject
GetTextExtentPoint32W
GetStockObject
EnumFontFamiliesExW
GetObjectW
CreateCompatibleDC
DeleteObject
GetStdHandle
WaitForSingleObject
GetFileAttributesW
GetExitCodeProcess
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
UnhandledExceptionFilter
LoadLibraryExW
FreeEnvironmentStringsW
InitializeSListHead
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
FormatMessageW
GetEnvironmentVariableA
LoadResource
OutputDebugStringW
FindClose
BeginUpdateResourceW
BeginUpdateResourceA
SetLastError
InitializeCriticalSection
CopyFileW
UpdateResourceW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
UpdateResourceA
HeapSetInformation
LoadLibraryExA
EnumSystemLocalesW
TlsGetValue
MultiByteToWideChar
SetFilePointerEx
CreateThread
GetSystemDirectoryW
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
TerminateProcess
GetModuleHandleExW
GlobalAlloc
GetDiskFreeSpaceExW
SetEndOfFile
GetVersion
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
EndUpdateResourceW
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
RtlUnwind
FreeLibrary
GetWindowsDirectoryW
OpenProcess
DeleteFileA
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
GetTempFileNameW
CompareStringW
WriteFile
ExpandEnvironmentStringsW
FindNextFileW
GetEnvironmentVariableW
FindFirstFileW
IsValidLocale
FindFirstFileExW
GetProcAddress
ReadConsoleW
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
GetTimeFormatW
GetEnvironmentStringsW
VirtualQuery
lstrlenW
Process32NextW
SwitchToThread
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
Process32FirstW
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
FindResourceW
Sleep
FindResourceA
GetCurrentThreadId
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetMalloc
ShellExecuteA
GetComputerObjectNameW
SetFocus
CreateDialogIndirectParamW
DrawTextW
SetClassLongW
ShowWindow
ShowScrollBar
MessageBoxW
PeekMessageW
GetWindowRect
EnableWindow
MoveWindow
MessageBoxA
SendDlgItemMessageW
SetDlgItemTextW
DispatchMessageW
CreateDialogParamW
ReleaseDC
SendMessageW
TranslateMessage
GetSystemMetrics
SendMessageA
SetWindowTextW
GetDlgItem
SystemParametersInfoW
ScreenToClient
LoadImageW
IsDialogMessageW
GetClientRect
GetDialogBaseUnits
LoadCursorW
LoadIconW
GetFocus
GetDC
MsgWaitForMultipleObjects
SetForegroundWindow
SetCursor
ExitWindowsEx
DestroyWindow
InternetCrackUrlW
InternetCombineUrlW
Ord(78)
Ord(150)
Ord(8)
Ord(92)
CoUninitialize
CoInitialize
PE exports
Number of PE resources by type
Struct(43) 92
RT_ICON 18
RT_DIALOG 3
Struct(40) 3
Struct(44) 2
Struct(45) 2
RT_GROUP_ICON 2
RT_MANIFEST 1
Struct(41) 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 100
ENGLISH US 25
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

InitializedDataSize
167424

ImageVersion
10.0

FileVersionNumber
15.0.26208.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, Large address aware, 32-bit

CharacterSet
Unicode

LinkerVersion
14.1

FileTypeExtension
exe

OriginalFileName
setup.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
15.0.26208.0 built by: D15REL

TimeStamp
2017:02:09 04:17:50+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
setup.exe

ProductVersion
15.0.26208.0

FileDescription
Setup

OSVersion
5.1

FileOS
Win32

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CodeSize
375296

FileSubtype
0

ProductVersionNumber
15.0.26208.0

EntryPoint
0x35427

ObjectFileType
Executable application

File identification
MD5 6a9b3c4b101faa53343cae3c053ecd63
SHA1 814435f38f70491718d59254b2cba4fa2f4b14a1
SHA256 0c835e22c3dd74c23aaf57a4925f058ff980761708a310faace5c58ef24e1079
ssdeep
12288:FD1qGhzOjPjwK8/U7BcB5PO34mhcQeMb01JQntLOCK+I8S:FDZqjP8/UiO3FuQemKSS

authentihash 66e7937180debf32a69eb0932b8f378b9d65e39e01f0f966248ade0ee594eceb
imphash 81fd276d49dcfb5944ab1253641f139e
File size 537.5 KB ( 550424 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2018-11-06 05:11:56 UTC ( 2 months, 1 week ago )
Last submission 2019-01-06 18:56:24 UTC ( 1 week, 2 days ago )
File names iExplorerSetup.exe
1046849
iExplorerSetup.exe
setup.exe
iExplorerSetup.exe
iExplorerSetup.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Deleted files
Runtime DLLs