× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 11bbe7a9082f72b7f78b99cba61025a78e138e8393735cc9d57a4e85add2a16a
File name: setup.exe
Detection ratio: 15 / 68
Analysis date: 2018-01-13 01:13:25 UTC ( 1 year, 1 month ago ) View latest
Antivirus Result Update
Avira (no cloud) TR/Crypt.ZPACK.owotn 20180112
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cybereason malicious.7b90fc 20171103
Cylance Unsafe 20180113
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of Generik.LGMFMZV 20180113
Ikarus Win32.Outbreak 20180112
Sophos ML heuristic 20170914
McAfee Artemis!88BA80C7E97F 20180112
McAfee-GW-Edition BehavesLike.Win32.Ransomware.gc 20180113
Palo Alto Networks (Known Signatures) generic.ml 20180113
Rising Stealer.Delf!8.415 (TFE:3:X63DJp4G60R) 20180112
SentinelOne (Static ML) static engine - malicious 20171224
TrendMicro-HouseCall Suspicious_GEN.F47V0112 20180113
WhiteArmor Malware.HighConfidence 20180110
Ad-Aware 20180112
AegisLab 20180112
AhnLab-V3 20180112
Alibaba 20180112
ALYac 20180113
Antiy-AVL 20180112
Arcabit 20180112
Avast 20180112
Avast-Mobile 20180112
AVG 20180112
AVware 20180103
Baidu 20180112
BitDefender 20180113
Bkav 20180112
CAT-QuickHeal 20180112
ClamAV 20180112
CMC 20180111
Comodo 20180113
Cyren 20180113
DrWeb 20180113
eGambit 20180113
Emsisoft 20180113
F-Prot 20180113
F-Secure 20180113
Fortinet 20180113
GData 20180113
Jiangmin 20180113
K7AntiVirus 20180112
K7GW 20180112
Kaspersky 20180113
Kingsoft 20180113
Malwarebytes 20180113
MAX 20180113
Microsoft 20180112
eScan 20180113
NANO-Antivirus 20180113
nProtect 20180112
Panda 20180112
Qihoo-360 20180113
Sophos AV 20180113
SUPERAntiSpyware 20180113
Symantec 20180112
Symantec Mobile Insight 20180112
Tencent 20180113
TheHacker 20180112
TotalDefense 20180112
TrendMicro 20180113
Trustlook 20180113
VBA32 20180112
VIPRE 20180113
ViRobot 20180112
Webroot 20180113
Yandex 20180112
Zillya 20180112
ZoneAlarm by Check Point 20180113
Zoner 20180112
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-09-02 17:06:59
Entry Point 0x0002F370
Number of sections 4
PE sections
PE imports
DeleteDC
GetLastError
GetModuleHandleA
GetTempPathA
lstrlenW
MapViewOfFile
lstrlenA
lstrcatA
GetCommandLineW
GetCurrentDirectoryA
ExitProcess
GetStartupInfoA
HeapAlloc
GetVersionExA
GetCommandLineA
OutputDebugStringA
lstrcmpW
Sleep
GetProcessHeap
CommandLineToArgvW
GetMessageA
UpdateWindow
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
ShowWindow
MessageBeep
SetWindowLongW
MessageBoxW
DispatchMessageA
EndPaint
PostMessageA
TranslateMessage
DialogBoxParamA
SetDlgItemTextW
RegisterClassExA
GetCursorPos
DrawTextA
ShowCaret
LoadStringA
SendMessageA
SetWindowTextW
CreateWindowExA
LoadAcceleratorsA
wsprintfA
SetTimer
LoadCursorA
LockWindowUpdate
DestroyWindow
Number of PE resources by type
RT_BITMAP 3
RT_DIALOG 1
RT_GROUP_CURSOR 1
RT_MANIFEST 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
FINNISH DEFAULT 8
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
7.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.1.1.8

LanguageCode
Unknown (028C)

FileFlagsMask
0x0000

FileDescription
CostBuster 1.8

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unknown (0A60)

InitializedDataSize
147968

EntryPoint
0x2f370

OriginalFileName
costbust.exe

MIMEType
application/octet-stream

LegalCopyright
CostBuster Corporation. All rights reserv

FileVersion
1.1.1.8 (041017-108)

TimeStamp
2015:09:02 18:06:59+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
CostBuster

ProductVersion
1.1.1.8

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
CostBuster Corporation

CodeSize
292864

ProductName
CostBuster Application

ProductVersionNumber
1.1.1.8

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 88ba80c7e97f8d3f03bd4dfebfc09668
SHA1 db0096c7b90fc7c68a167dd32076c1ce82a146f7
SHA256 11bbe7a9082f72b7f78b99cba61025a78e138e8393735cc9d57a4e85add2a16a
ssdeep
6144:BQ8EaK3HpbyqPWah0MlHlHt7pIrBEowSHYvhmYJ8a4Lil3U:BQ8ETlPWm0MlFHBiE/JkLiS

authentihash 87fdedf13cc8615c27d00e14742c59e7f03e37a67d9e7ee98853f68436ee2dc1
imphash c7dc375aa131591b564506c425ecf732
File size 431.0 KB ( 441344 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-01-12 14:12:18 UTC ( 1 year, 1 month ago )
Last submission 2018-05-18 17:44:23 UTC ( 9 months ago )
File names setup.exe
4865445
worming2.png
output.112701985.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Copied files
Created processes
Opened mutexes
Runtime DLLs