× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0d1576bf8a019cf72767e236082d4d57d2723112d9ba87c564bf0ecbd239b950
File name: VHSC_inst.exe
Detection ratio: 0 / 44
Analysis date: 2012-10-27 06:40:48 UTC ( 6 years, 4 months ago ) View latest
Antivirus Result Update
Yandex 20121026
AhnLab-V3 20121026
AntiVir 20121026
Antiy-AVL 20121027
Avast 20121026
AVG 20121027
BitDefender 20121027
ByteHero 20121026
CAT-QuickHeal 20121026
ClamAV 20121027
Commtouch 20121026
Comodo 20121027
DrWeb 20121027
Emsisoft 20121027
eSafe 20121017
ESET-NOD32 20121026
F-Prot 20121026
F-Secure 20121027
Fortinet 20121027
GData 20121027
Ikarus 20121027
Jiangmin 20121027
K7AntiVirus 20121026
Kaspersky 20121027
Kingsoft 20121008
McAfee 20121027
McAfee-GW-Edition 20121027
Microsoft 20121027
eScan 20121027
Norman 20121026
nProtect 20121026
Panda 20121027
PCTools 20121027
Rising 20121025
Sophos AV 20121027
SUPERAntiSpyware 20121027
Symantec 20121027
TheHacker 20121025
TotalDefense 20121026
TrendMicro 20121027
TrendMicro-HouseCall 20121027
VBA32 20121026
VIPRE 20121027
ViRobot 20121027
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 1.0.15.0
Description VH Toolkit Setup
Comments This installation was built with Inno Setup: http://www.innosetup.com
Packers identified
F-PROT INNO, EXECryptor, appended, UTF-8, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00009228
Number of sections 8
PE sections
Overlays
MD5 a0a97556d530a85a536da7a3f0d7db0c
File type data
Offset 50688
Size 6883251
Entropy 8.00
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
GetModuleFileNameA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
WriteFile
CloseHandle
GetFullPathNameA
LocalFree
CreateProcessA
InitializeCriticalSection
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
CharNextA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 6
DUTCH 4
ENGLISH US 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
This installation was built with Inno Setup: http://www.innosetup.com

InitializedDataSize
16896

ImageVersion
0.0

FileVersionNumber
1.0.15.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Windows, Latin1

LinkerVersion
2.25

FileTypeExtension
exe

MIMEType
application/octet-stream

FileVersion
1.0.15.0

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
VH Toolkit Setup

OSVersion
1.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Hmelyoff Labs

CodeSize
35328

FileSubtype
0

ProductVersionNumber
0.0.0.0

EntryPoint
0x9228

ObjectFileType
Executable application

Execution parents
File identification
MD5 d819cf3f95ff406e3a8fbad449c617b3
SHA1 c97a4bee4c01893f5287da86b5032225da8c9284
SHA256 0d1576bf8a019cf72767e236082d4d57d2723112d9ba87c564bf0ecbd239b950
ssdeep
196608:zBJMT/sEmkZyE5F6MgWXwXGBUWTmg0RIn4VPDCpSm:zkVPb5F6MguwWMg0EIq

authentihash 4438ec4a00d0e49998d81379641e6832a344eb24b6169bf0d522fd816b21605f
imphash d4d9611325bd9013d9f218e143c002de
File size 6.6 MB ( 6933939 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (82.8%)
Win32 Executable Delphi generic (10.7%)
Win32 Executable (generic) (3.4%)
Generic Win/DOS Executable (1.5%)
DOS Executable Generic (1.5%)
Tags
execryptor peexe overlay

VirusTotal metadata
First submission 2009-10-28 16:04:00 UTC ( 9 years, 4 months ago )
Last submission 2018-11-10 16:41:45 UTC ( 4 months, 1 week ago )
File names d819cf3f95ff406e3a8fbad449c617b3
VHCapture_inst.exe
0D1576BF8A019CF72767E236082D4D57D2723112D9BA87C564BF0ECBD239B950
VHSC_inst.exe
filename
VHSC_inst_.exe
file-2168198_exe
VHSC_inst.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!