× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0d41bb7b4cee0516e2bfcd4d49f17a7b215f1afa56ed5c358d1077d335ad50a7
File name: OperaSetup.exe
Detection ratio: 1 / 57
Analysis date: 2017-02-22 06:30:55 UTC ( 2 years, 1 month ago ) View latest
Antivirus Result Update
Qihoo-360 HEUR/QVM11.1.0000.Malware.Gen 20170222
Ad-Aware 20170222
AegisLab 20170222
AhnLab-V3 20170221
Alibaba 20170222
ALYac 20170222
Antiy-AVL 20170222
Arcabit 20170222
Avast 20170222
AVG 20170222
Avira (no cloud) 20170222
AVware 20170222
Baidu 20170222
BitDefender 20170222
Bkav 20170221
CAT-QuickHeal 20170222
ClamAV 20170222
CMC 20170221
Comodo 20170222
CrowdStrike Falcon (ML) 20170130
Cyren 20170222
DrWeb 20170221
Emsisoft 20170222
Endgame 20170217
ESET-NOD32 20170222
F-Prot 20170222
F-Secure 20170222
Fortinet 20170222
GData 20170222
Ikarus 20170221
Sophos ML 20170203
Jiangmin 20170222
K7AntiVirus 20170222
K7GW 20170222
Kaspersky 20170222
Kingsoft 20170222
Malwarebytes 20170222
McAfee 20170222
McAfee-GW-Edition 20170222
Microsoft 20170222
eScan 20170222
NANO-Antivirus 20170222
nProtect 20170222
Panda 20170221
Rising 20170222
Sophos AV 20170222
SUPERAntiSpyware 20170222
Symantec 20170221
Tencent 20170222
TheHacker 20170221
TrendMicro 20170222
Trustlook 20170222
VBA32 20170221
VIPRE 20170222
ViRobot 20170222
Webroot 20170222
WhiteArmor 20170222
Yandex 20170221
Zillya 20170220
Zoner 20170222
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright Opera Software 2017

Product Opera Installer
Internal name Opera
File version 43.0.2442.991
Description Opera Installer
Signature verification Signed file, verified signature
Signing date 2:04 PM 2/20/2017
Signers
[+] Opera Software AS
Status Valid
Issuer DigiCert EV Code Signing CA (SHA2)
Valid from 1:00 AM 6/23/2016
Valid to 1:00 PM 6/27/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 49B00D844B474FC69BC372951A681C9FC2BBBC66
Serial number 0F DE 84 F0 D5 5D 8D 33 68 32 5D C0 CD C4 A9 79
[+] DigiCert EV Code Signing CA (SHA2)
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 1:00 PM 4/18/2012
Valid to 1:00 PM 4/18/2027
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 60EE3FC53D4BDFD1697AE5BEAE1CAB1C0F3AD4E3
Serial number 03 F1 B4 E1 5F 3A 82 F1 14 96 78 B3 D7 D8 47 5C
[+] DigiCert
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
Serial number 02 AC 5C 26 6A 0B 40 9B 8F 0B 79 F2 AE 46 25 77
Counter signers
[+] DigiCert Timestamp Responder
Status Valid
Issuer DigiCert Assured ID CA-1
Valid from 1:00 AM 10/22/2014
Valid to 1:00 AM 10/22/2024
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 614D271D9102E30169822487FDE5DE00A352B01D
Serial number 03 01 9A 02 3A FF 58 B1 6B D6 D5 EA E6 17 F0 66
[+] DigiCert Assured ID CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2021
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing
Algorithm sha1RSA
Thumbrint 19A09B5A36F4DD99727DF783C17A51231A56C117
Serial number 06 FD F9 03 96 03 AD EA 00 0A EB 3F 27 BB BA 1B
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbrint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-17 18:26:54
Entry Point 0x00201A00
Number of sections 3
PE sections
Overlays
MD5 9bfeb8306cf58b1fbd50bcaf21565659
File type data
Offset 1143808
Size 16288
Entropy 7.16
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
MessageBoxW
Number of PE resources by type
RT_STRING 44
RT_ICON 12
RT_DIALOG 5
TXT 4
RT_RCDATA 2
PNG 2
JPG 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 30
SWEDISH 1
UZBEK LATIN 1
TELUGU DEFAULT 1
VIETNAMESE DEFAULT 1
TAMIL DEFAULT 1
FRENCH 1
BELARUSIAN DEFAULT 1
INDONESIAN DEFAULT 1
CZECH DEFAULT 1
AZERI LATIN 1
MACEDONIAN DEFAULT 1
ITALIAN 1
AFRIKAANS DEFAULT 1
CATALAN DEFAULT 1
PORTUGUESE BRAZILIAN 1
FINNISH DEFAULT 1
HINDI DEFAULT 1
TURKISH DEFAULT 1
DUTCH 1
KOREAN 1
MALAY MALAYSIA 1
HUNGARIAN DEFAULT 1
LITHUANIAN 1
GERMAN 1
ZULU DEFAULT 1
BULGARIAN DEFAULT 1
POLISH DEFAULT 1
JAPANESE DEFAULT 1
DANISH DEFAULT 1
SWAHILI DEFAULT 1
SLOVAK DEFAULT 1
BENGALI DEFAULT 1
GREEK DEFAULT 1
UKRAINIAN DEFAULT 1
LATVIAN DEFAULT 1
NORWEGIAN BOKMAL 1
CHINESE TRADITIONAL 1
THAI DEFAULT 1
SERBIAN DEFAULT 1
KAZAK DEFAULT 1
PUNJABI DEFAULT 1
ROMANIAN 1
RUSSIAN 1
PE resources
ExifTool file metadata
UninitializedDataSize
999424

InitializedDataSize
45056

ImageVersion
0.0

ProductName
Opera Installer

FileVersionNumber
43.0.2442.991

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Opera Installer

CharacterSet
Unicode

LinkerVersion
14.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
43.0.2442.991

TimeStamp
2017:02:17 19:26:54+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Opera

ProductVersion
43.0.2442.991

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
Copyright Opera Software 2017

MachineType
Intel 386 or later, and compatibles

CompanyName
Opera Software

CodeSize
1101824

FileSubtype
0

ProductVersionNumber
43.0.2442.991

EntryPoint
0x201a00

ObjectFileType
Executable application

File identification
MD5 d6359cb3faa3917acf61dc009f5dd080
SHA1 61f52c81ef87114fe7db80ba8b37bdf87aa02364
SHA256 0d41bb7b4cee0516e2bfcd4d49f17a7b215f1afa56ed5c358d1077d335ad50a7
ssdeep
24576:lyCRFfMCPQCtnqypvqI+KqEDxAf3e3kPdVuUouodhmgviZSi8WGe8Ut5subA:YCRFw8vF+VE1Af3sUdzodhmgvGSvWGhn

authentihash 160fe22204ac1db1d168352d7d9ad3b4cd31890796b515d42f85c1095e6f6531
imphash 42ed306689b8aad675089ba03a61f2b0
File size 1.1 MB ( 1160096 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (28.6%)
UPX compressed Win32 Executable (28.0%)
Win32 EXE Yoda's Crypter (27.5%)
Win32 Dynamic Link Library (generic) (6.8%)
Win32 Executable (generic) (4.6%)
Tags
peexe signed upx overlay

VirusTotal metadata
First submission 2017-02-22 06:30:55 UTC ( 2 years, 1 month ago )
Last submission 2017-02-22 06:30:55 UTC ( 2 years, 1 month ago )
File names Opera
0d41bb7b4cee0516e2bfcd4d49f17a7b215f1afa56ed5c358d1077d335ad50a7
OperaSetup.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications