× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0f63432f945575dd42e6b78616056692dea79b852b5b4f4f1eb973c8549f5f1f
File name: 348236
Detection ratio: 1 / 57
Analysis date: 2015-08-11 00:32:04 UTC ( 3 weeks, 3 days ago )
Antivirus Result Update
ByteHero Virus.Win32.Part.a 20150811
ALYac 20150811
AVG 20150810
AVware 20150811
Ad-Aware 20150811
AegisLab 20150810
Agnitum 20150810
AhnLab-V3 20150810
Alibaba 20150803
Antiy-AVL 20150810
Arcabit 20150811
Avast 20150811
Avira 20150811
Baidu-International 20150810
BitDefender 20150811
Bkav 20150810
CAT-QuickHeal 20150810
CMC 20150710
ClamAV 20150810
Comodo 20150810
Cyren 20150810
DrWeb 20150811
ESET-NOD32 20150811
Emsisoft 20150811
F-Prot 20150810
F-Secure 20150810
Fortinet 20150810
GData 20150810
Ikarus 20150810
Jiangmin 20150810
K7AntiVirus 20150810
K7GW 20150810
Kaspersky 20150810
Kingsoft 20150811
Malwarebytes 20150810
McAfee 20150811
McAfee-GW-Edition 20150810
MicroWorld-eScan 20150811
Microsoft 20150811
NANO-Antivirus 20150810
Panda 20150810
Qihoo-360 20150811
Rising 20150810
SUPERAntiSpyware 20150811
Sophos 20150811
Symantec 20150811
Tencent 20150811
TheHacker 20150810
TotalDefense 20150811
TrendMicro 20150811
TrendMicro-HouseCall 20150811
VBA32 20150809
VIPRE 20150811
ViRobot 20150811
Zillya 20150810
Zoner 20150810
nProtect 20150810
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Setup Engine Copyright © 2004-2012 Indigo Rose Corporation

Publisher Stardock Corporation
Product Setup Factory Runtime
Original name suf_launch.exe
Internal name suf_launch
File version 9.1.0.0
Description Setup Application
Comments Created with Setup Factory
Signature verification Signed file, verified signature
Signing date 5:26 PM 1/28/2013
Signers
[+] Stardock Corporation
Status Certificate out of its validity period
Valid from 1:00 AM 10/4/2011
Valid to 12:59 AM 10/4/2014
Valid usage Code Signing
Algorithm SHA1
Thumbprint 83FCEC08891B6A993D1133609EB65C932412B093
Serial number 4C 2D A3 0D 1E 21 04 59 D4 C5 F5 7B BB 91 96 4E
[+] COMODO Code Signing CA 2
Status Valid
Valid from 1:00 AM 8/24/2011
Valid to 11:48 AM 5/30/2020
Valid usage Code Signing
Algorithm SHA1
Thumbprint B64771392538D1EB7A9281998791C14AFD0C5035
Serial number 10 70 9D 4F F5 54 08 D7 30 60 01 D8 EA 91 75 BB
[+] UTN-USERFirst-Object
Status Valid
Valid from 9:09 AM 6/7/2005
Valid to 11:48 AM 5/30/2020
Valid usage All
Algorithm SHA1
Thumbprint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] USERTrust
Status Valid
Valid from 11:48 AM 5/30/2000
Valid to 11:48 AM 5/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm SHA1
Thumbprint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm MD5
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-06-14 16:16:10
Entry Point 0x000029E1
Number of sections 5
PE sections
Overlays
MD5 f0d49ac46c60db98953514573052c8fd
File type data
Offset 419328
Size 4078304
Entropy 7.96
PE imports
GetTokenInformation
OpenProcessToken
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
lstrlenA
GetFileAttributesA
GetExitCodeProcess
QueryPerformanceCounter
HeapReAlloc
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
GetTempPathA
RemoveDirectoryA
RtlUnwind
LoadLibraryA
HeapSetInformation
GetCurrentProcess
_lwrite
GetFileType
GetStringTypeW
InterlockedIncrement
lstrcatA
CreateDirectoryA
DeleteFileA
GetCurrentDirectoryA
UnhandledExceptionFilter
InterlockedDecrement
_llseek
HeapSize
FreeEnvironmentStringsW
GetCPInfo
MultiByteToWideChar
GetProcAddress
_lread
EncodePointer
GetStartupInfoW
GetModuleFileNameW
_lclose
WideCharToMultiByte
LoadLibraryW
TlsFree
_lcreat
GetSystemTimeAsFileTime
DeleteCriticalSection
GetCurrentProcessId
SetUnhandledExceptionFilter
lstrcpyA
_lopen
DecodePointer
CloseHandle
IsProcessorFeaturePresent
GetCommandLineA
GetACP
GetDiskFreeSpaceA
MoveFileExA
GetModuleHandleW
FreeLibrary
LocalFree
TerminateProcess
GetModuleFileNameA
IsValidCodePage
HeapCreate
WriteFile
TlsGetValue
Sleep
SetLastError
GetTickCount
TlsSetValue
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
SetCurrentDirectoryA
GetOEMCP
CompareStringA
ShellExecuteExA
wsprintfA
LoadCursorA
DispatchMessageA
MessageBoxA
PeekMessageA
MsgWaitForMultipleObjects
TranslateMessage
SetCursor
Number of PE resources by type
RT_ICON 9
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 12
ExifTool file metadata
LegalTrademarks
Setup Factory is a trademark of Indigo Rose Corporation.

SubsystemVersion
5.1

Comments
Created with Setup Factory

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
9.1.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Setup Application

CharacterSet
Windows, Latin1

InitializedDataSize
395776

EntryPoint
0x29e1

OriginalFileName
suf_launch.exe

MIMEType
application/octet-stream

LegalCopyright
Setup Engine Copyright 2004-2012 Indigo Rose Corporation

FileVersion
9.1.0.0

TimeStamp
2012:06:14 17:16:10+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
suf_launch

ProductVersion
9.1.0.0

UninitializedDataSize
0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
22528

ProductName
Setup Factory Runtime

ProductVersionNumber
9.1.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 cc6ec6fe032906b4f7de1d0a1075afc4
SHA1 80af92066f4e8eab955f76ad74f695a774537abd
SHA256 0f63432f945575dd42e6b78616056692dea79b852b5b4f4f1eb973c8549f5f1f
ssdeep
98304:hV39LbkaUC5RJ5RG9TBPJ/1oIw89RdRN6vRtBTwm06FOznLo0+Zd6uxcx9HHfaCK:L39LbkaUC5RJ5RG9TBPJ/1oIw89RdRNe

authentihash d29ef2ec445e777c96b45e92a639134773ed7fe6994e84a88d5970e66ed43134
imphash 1ff847646487d56f85778df99ff3728a
File size 4.3 MB ( 4497632 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.8%)
Win32 EXE Yoda's Crypter (36.4%)
Win32 Dynamic Link Library (generic) (9.0%)
Win32 Executable (generic) (6.1%)
Generic Win/DOS Executable (2.7%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2013-02-01 20:07:24 UTC ( 2 years, 7 months ago )
Last submission 2015-08-11 00:32:04 UTC ( 3 weeks, 3 days ago )
File names suf_launch.exe
0f63432f945575dd42e6b78616056692dea79b852b5b4f4f1eb973c8549f5f1f
348236
multiplicity_public.exe
suf_launch
Multiplicity2_setup.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/doc/pua.html .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.