× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0d9b0a9ffd2a2933d7b23b03885e5bbc3c6455ec59bde26b4193bce317f25716
File name: Setup
Detection ratio: 0 / 66
Analysis date: 2018-05-29 21:13:09 UTC ( 2 weeks, 6 days ago )
Antivirus Result Update
Ad-Aware 20180529
AegisLab 20180529
AhnLab-V3 20180529
Alibaba 20180529
ALYac 20180529
Antiy-AVL 20180529
Arcabit 20180529
Avast 20180529
Avast-Mobile 20180528
AVG 20180529
Avira (no cloud) 20180529
AVware 20180529
Babable 20180406
Baidu 20180529
BitDefender 20180529
Bkav 20180529
CAT-QuickHeal 20180528
ClamAV 20180529
CMC 20180529
Comodo 20180529
CrowdStrike Falcon (ML) 20180418
Cybereason 20180225
Cylance 20180529
Cyren 20180529
DrWeb 20180529
eGambit 20180529
Emsisoft 20180529
Endgame 20180507
ESET-NOD32 20180529
F-Prot 20180529
F-Secure 20180529
Fortinet 20180529
GData 20180529
Ikarus 20180529
Sophos ML 20180503
Jiangmin 20180529
K7AntiVirus 20180528
K7GW 20180529
Kaspersky 20180529
Kingsoft 20180529
Malwarebytes 20180529
MAX 20180529
McAfee 20180529
McAfee-GW-Edition 20180529
Microsoft 20180529
eScan 20180529
NANO-Antivirus 20180529
nProtect 20180528
Palo Alto Networks (Known Signatures) 20180529
Panda 20180529
Qihoo-360 20180529
Rising 20180529
SentinelOne (Static ML) 20180225
Sophos AV 20180529
SUPERAntiSpyware 20180528
Symantec 20180529
Symantec Mobile Insight 20180524
Tencent 20180529
TheHacker 20180523
TrendMicro 20180529
TrendMicro-HouseCall 20180529
Trustlook 20180529
VBA32 20180529
VIPRE 20180529
ViRobot 20180529
Webroot 20180529
Yandex 20180529
ZoneAlarm by Check Point 20180529
Zoner 20180528
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 2013 Flexera Software LLC. All Rights Reserved.

Product JPEGmicro
Original name InstallShield Setup.exe
Internal name Setup
File version 2.4
Description Setup Launcher Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-10-30 06:48:02
Entry Point 0x0006B0FB
Number of sections 4
PE sections
Overlays
MD5 91df1af19e13e0b313d32b09aa262c26
File type data
Offset 1216512
Size 7324400
Entropy 8.00
PE imports
SetSecurityDescriptorOwner
RegCreateKeyExW
RegCloseKey
RegCreateKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW
RegQueryValueExW
SetSecurityDescriptorDacl
OpenProcessToken
RegEnumKeyW
RegOpenKeyW
GetTokenInformation
RegQueryInfoKeyW
RegEnumKeyExW
OpenThreadToken
RegEnumValueW
RegSetValueExW
FreeSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
EqualSid
SetSecurityDescriptorGroup
GetDIBColorTable
GetSystemPaletteEntries
CreateHalftonePalette
GetDeviceCaps
TranslateCharsetInfo
DeleteDC
SetBkMode
CreateFontIndirectW
GetObjectW
BitBlt
RealizePalette
SetTextColor
CreatePalette
GetStockObject
CreateDIBitmap
SelectPalette
UnrealizeObject
CreateCompatibleDC
CreateFontW
SelectObject
CreateSolidBrush
DeleteObject
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
SetEvent
HeapDestroy
GetFileAttributesW
DuplicateHandle
GetLocalTime
HeapAlloc
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
SetErrorMode
FreeEnvironmentStringsW
lstrcatW
GetThreadContext
GetLocaleInfoW
SetStdHandle
GetFileTime
GetCPInfo
GetStringTypeA
GetDiskFreeSpaceW
InterlockedExchange
FindResourceExW
WaitForSingleObject
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
LocalFree
FormatMessageW
ResumeThread
CreateEventW
LoadResource
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
InitializeCriticalSection
CopyFileW
GetUserDefaultLangID
RemoveDirectoryW
IsDebuggerPresent
ExitProcess
VerLanguageNameW
GetModuleFileNameA
LoadLibraryA
QueryPerformanceFrequency
EnumSystemLocalesA
SetConsoleCtrlHandler
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
FatalAppExitA
FlushInstructionCache
GetPrivateProfileStringW
SetFilePointer
CreateThread
MoveFileExW
GetSystemDirectoryW
GetExitCodeThread
SetUnhandledExceptionFilter
MulDiv
SetEnvironmentVariableA
SetThreadContext
TerminateProcess
SearchPathW
WriteConsoleA
SetCurrentDirectoryW
GlobalAlloc
SetEndOfFile
GetVersion
InterlockedIncrement
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
lstrcmpiW
RtlUnwind
GetStartupInfoA
GetDateFormatA
GetWindowsDirectoryW
GetFileSize
WriteProcessMemory
OpenProcess
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
VirtualProtectEx
GetProcessHeap
GetTempFileNameW
CreateFileMappingW
WriteFile
CompareStringW
lstrcpyW
GetModuleFileNameW
ExpandEnvironmentStringsW
lstrcmpA
FindNextFileW
lstrcpyA
GetTimeFormatA
ResetEvent
FindFirstFileW
IsValidLocale
lstrcmpW
GetProcAddress
GetTempPathW
GetCurrentDirectoryW
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
GetCurrentThreadId
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
UnmapViewOfFile
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetTimeFormatW
GetProcessTimes
GetEnvironmentStringsW
GlobalUnlock
VirtualQuery
lstrlenW
Process32NextW
CreateProcessW
SizeofResource
CompareFileTime
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
Process32FirstW
GetCurrentThread
lstrcpynW
GetSystemDefaultLangID
RaiseException
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
lstrcpynA
GetACP
GlobalLock
GetModuleHandleW
TlsGetValue
IsValidCodePage
HeapCreate
FindResourceW
VirtualFree
Sleep
IsBadReadPtr
VirtualAlloc
GetOEMCP
CompareStringA
VarUI4FromStr
VariantChangeType
SysStringLen
SystemTimeToVariantTime
VarBstrFromDate
CreateErrorInfo
SysStringByteLen
VarBstrCat
VariantClear
SysAllocStringLen
SysAllocStringByteLen
SysReAllocStringLen
RegisterTypeLib
SysAllocString
GetErrorInfo
SysFreeString
LoadTypeLib
SetErrorInfo
UuidFromStringW
UuidCreate
UuidToStringW
RpcStringFreeW
SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetMalloc
CommandLineToArgvW
SetFocus
EndPaint
CreateDialogIndirectParamW
IntersectRect
EndDialog
BeginPaint
SetWindowTextW
TranslateMessage
DefWindowProcW
MoveWindow
KillTimer
CharPrevW
PostQuitMessage
ShowWindow
GetMessageW
SetWindowPos
wvsprintfW
GetDesktopWindow
GetSystemMetrics
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
EnableWindow
CharUpperW
GetWindowDC
SendDlgItemMessageW
GetWindow
PostMessageW
GetSysColor
DispatchMessageW
SetActiveWindow
GetDC
CreateDialogParamW
ReleaseDC
GetDlgCtrlID
SendMessageW
RegisterClassW
wsprintfW
SubtractRect
SetTimer
GetDlgItem
GetDlgItemTextW
MessageBoxW
FindWindowW
ClientToScreen
SetRect
CharNextW
LoadImageW
IsDialogMessageW
FillRect
GetClientRect
WaitForInputIdle
SetDlgItemTextW
GetSysColorBrush
DialogBoxIndirectParamW
LoadCursorW
LoadIconW
CreateWindowExW
MsgWaitForMultipleObjects
GetWindowLongW
SetForegroundWindow
DestroyWindow
ExitWindowsEx
SetCursor
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
ProgIDFromCLSID
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoCreateInstance
CoCreateGuid
CoTaskMemRealloc
CLSIDFromProgID
CoInitializeSecurity
GetRunningObjectTable
CoTaskMemFree
StringFromGUID2
CreateItemMoniker
Number of PE resources by type
RT_STRING 25
RT_DIALOG 23
RT_ICON 11
RT_BITMAP 6
RT_GROUP_ICON 3
GIF 2
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 46
ENGLISH US 26
PE resources
Debug information
ExifTool file metadata
FileTypeExtension
exe

SubsystemVersion
5.0

InitializedDataSize
499712

ImageVersion
0.0

ProductName
JPEGmicro

FileVersionNumber
2.4.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

LegalCopyright
Copyright (c) 2013 Flexera Software LLC. All Rights Reserved.

CharacterSet
Unicode

LinkerVersion
9.0

InternalBuildNumber
134369

OriginalFileName
InstallShield Setup.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.4

TimeStamp
2013:10:29 23:48:02-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
Setup

ProductVersion
2.4

FileDescription
Setup Launcher Unicode

ISInternalDescription
Setup Launcher Unicode

OSVersion
5.0

FileOS
Win32

ISInternalVersion
20.0.529

MachineType
Intel 386 or later, and compatibles

CompanyName
Romeolight

CodeSize
715776

FileSubtype
0

ProductVersionNumber
2.4.0.0

EntryPoint
0x6b0fb

ObjectFileType
Dynamic link library

File identification
MD5 eac0baabfe19a7e7e9cee945d8d2b86f
SHA1 7d7a3e392111d60e678089b36e048c3f047527b3
SHA256 0d9b0a9ffd2a2933d7b23b03885e5bbc3c6455ec59bde26b4193bce317f25716
ssdeep
196608:NaVciA0igCfHq+1p4TQJ0PEEaRYBGePU7AKQyW/kId1sa:N+pigCC+16g0PEEaktiWcu15

authentihash 2dd95cd59c9bca247960fee885a3516fbf3aeb33d71c4ef733c9075f3b981d00
imphash 8716dfcb53e9237687620dc5ebbd5d82
File size 8.1 MB ( 8540912 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (36.1%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win64 Executable (generic) (23.2%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-04-04 05:53:06 UTC ( 3 years, 2 months ago )
Last submission 2018-05-28 09:42:36 UTC ( 3 weeks, 1 day ago )
File names InstallShield Setup.exe
JPEGmicroSetup.exe
JPEGmicroSetup.exe
JPEGmicroSetup.exe
Setup
JPEGmicro 2.4.0.0.exe
JPEGmicroSetup.exe
965120
JPEGmicroSetup.exe
0d9b0a9ffd2a2933d7b23b03885e5bbc3c6455ec59bde26b4193bce317f25716
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.