× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 12184fe3823796889bee484139bd34a2c2ff3f5396b9f36e2e2c9f465b689ecc
File name: Wextract
Detection ratio: 0 / 67
Analysis date: 2019-03-21 13:30:04 UTC ( 2 months ago )
Antivirus Result Update
Acronis 20190321
Ad-Aware 20190321
AegisLab 20190321
AhnLab-V3 20190321
Alibaba 20190306
Antiy-AVL 20190321
Arcabit 20190321
Avast 20190321
Avast-Mobile 20190320
AVG 20190321
Avira (no cloud) 20190321
Babable 20180918
Baidu 20190318
BitDefender 20190321
Bkav 20190320
CAT-QuickHeal 20190320
ClamAV 20190321
CMC 20190321
Comodo 20190321
CrowdStrike Falcon (ML) 20190212
Cybereason 20190109
Cylance 20190321
Cyren 20190321
DrWeb 20190321
eGambit 20190321
Emsisoft 20190321
Endgame 20190321
ESET-NOD32 20190321
F-Prot 20190321
F-Secure 20190321
Fortinet 20190321
GData 20190321
Ikarus 20190321
Sophos ML 20190313
Jiangmin 20190321
K7AntiVirus 20190321
K7GW 20190321
Kaspersky 20190321
Kingsoft 20190321
Malwarebytes 20190321
MAX 20190321
McAfee 20190321
McAfee-GW-Edition 20190321
Microsoft 20190321
eScan 20190321
NANO-Antivirus 20190321
Palo Alto Networks (Known Signatures) 20190321
Panda 20190321
Qihoo-360 20190321
Rising 20190321
SentinelOne (Static ML) 20190317
Sophos AV 20190321
SUPERAntiSpyware 20190321
Symantec Mobile Insight 20190220
TACHYON 20190321
Tencent 20190321
TheHacker 20190320
TotalDefense 20190318
Trapmine 20190301
TrendMicro 20190321
TrendMicro-HouseCall 20190321
Trustlook 20190321
VBA32 20190321
ViRobot 20190321
Yandex 20190321
Zillya 20190320
ZoneAlarm by Check Point 20190321
Zoner 20190321
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
(C) Microsoft Corporation. All rights reserved.

Product Windows Media Component Setup Application
Original name WEXTRACT.EXE
Internal name Wextract
File version 9.00.00.2980
Description Windows Media Component Setup Application
Signature verification Signed file, verified signature
Signing date 4:49 AM 12/17/2002
Signers
[+] Microsoft Corporation
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer Microsoft Code Signing PCA
Valid from 11:55 PM 05/24/2002
Valid to 01:05 AM 11/25/2003
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 282D9806C3DF7345929F64F5895EF2EA4AC29302
Serial number 61 07 11 43 00 00 00 00 00 34
[+] Microsoft Code Signing PCA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Root Authority
Valid from 08:00 AM 12/10/2000
Valid to 08:00 AM 11/12/2005
Valid usage Code Signing
Algorithm md5RSA
Thumbprint CB22765346A5D0708D1583389BE264383F7F6EB8
Serial number 6A 0B 99 4F C0 00 DE AA 11 D4 D8 40 9A A8 BE E6
[+] Microsoft Root Authority
Status Valid
Issuer Microsoft Root Authority
Valid from 07:00 AM 01/10/1997
Valid to 07:00 AM 12/31/2020
Valid usage All
Algorithm md5RSA
Thumbprint A43489159A520F0D93D032CCAF37E7FE20A8B419
Serial number 00 C1 00 8B 3C 3C 88 11 D1 3E F6 63 EC DF 40
Counter signers
[+] VeriSign Time Stamping Service
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
Valid from 12:00 AM 02/28/2001
Valid to 11:59 PM 01/06/2004
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint 23348A128A2A9ABA478C9AAD1EC275F444F078D3
Serial number 08 7A 6D 5C 6F 62 93 4F BA C4 FD 43 E1 14 18 9D
[+] VeriSign Time Stamping CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
Valid from 11:00 PM 05/11/1997
Valid to 11:59 PM 01/07/2004
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint 18F7C1FCC3090203FD5BAA2F861A754976C8DD25
Serial number 4A 19 D2 38 8C 82 59 1C A5 5D 73 5F 15 5D DC A3
Packers identified
F-PROT CAB, appended, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2001-08-18 01:42:57
Entry Point 0x00005A5E
Number of sections 3
PE sections
Overlays
MD5 9506833ddcf8a61ab66a957a0957d720
File type data
Offset 13096448
Size 6792
Entropy 7.32
PE imports
GetTokenInformation
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegSetValueExA
FreeSid
RegQueryValueExA
AllocateAndInitializeSid
AdjustTokenPrivileges
EqualSid
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
RegQueryInfoKeyA
GetDeviceCaps
GetLastError
IsDBCSLeadByte
DosDateTimeToFileTime
ReadFile
GetStartupInfoA
GetSystemInfo
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
LockResource
GetExitCodeProcess
MulDiv
ExitProcess
SetFileTime
GetVersionExA
GlobalUnlock
RemoveDirectoryA
GetModuleFileNameA
GetShortPathNameA
FreeLibrary
GetCurrentProcess
GetVolumeInformationA
LoadLibraryExA
SizeofResource
GetCurrentDirectoryA
GetPrivateProfileStringA
WritePrivateProfileStringA
LocalAlloc
lstrcatA
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
_llseek
GetCommandLineA
GetProcAddress
EnumResourceLanguagesA
TerminateThread
GetTempPathA
CreateMutexA
GetModuleHandleA
_lclose
LoadLibraryA
CreateThread
lstrcmpiA
GetDiskFreeSpaceA
SetFilePointer
lstrcmpA
FindFirstFileA
CreateEventA
lstrcpyA
_lopen
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
GetSystemDirectoryA
GlobalLock
ExpandEnvironmentStringsA
FreeResource
SetFileAttributesA
SetEvent
LocalFree
CreateProcessA
LoadResource
WriteFile
GlobalAlloc
LocalFileTimeToFileTime
FindClose
FormatMessageA
CreateFileA
GetDriveTypeA
FindResourceA
SetCurrentDirectoryA
ResetEvent
CharPrevA
EndDialog
ShowWindow
MessageBeep
SetWindowPos
SendDlgItemMessageA
GetSystemMetrics
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
CharUpperA
GetDC
ReleaseDC
SetWindowTextA
GetWindowLongA
SendMessageA
GetDlgItem
wsprintfA
LoadStringA
CharNextA
GetDesktopWindow
CallWindowProcA
MsgWaitForMultipleObjects
SetForegroundWindow
ExitWindowsEx
DialogBoxIndirectParamA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Number of PE resources by type
RT_RCDATA 15
RT_DIALOG 6
RT_STRING 6
RT_ICON 2
AVI 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
GERMAN 17
ENGLISH US 15
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
7.0

ImageVersion
5.1

FileSubtype
0

FileVersionNumber
6.0.2600.0

LanguageCode
German

FileFlagsMask
0x003f

FileDescription
Windows Media Component Setup Application

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
13060608

EntryPoint
0x5a5e

OriginalFileName
WEXTRACT.EXE

MIMEType
application/octet-stream

LegalCopyright
(C) Microsoft Corporation. All rights reserved.

FileVersion
9.00.00.2980

TimeStamp
2001:08:18 03:42:57+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
Wextract

ProductVersion
9.00.00.2980

SubsystemVersion
4.0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
34816

ProductName
Windows Media Component Setup Application

ProductVersionNumber
6.0.2600.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 54a752d0cc2c3090303f849724ce7f68
SHA1 18dea3b5b449ca8df8c594853fff5d6238ac4232
SHA256 12184fe3823796889bee484139bd34a2c2ff3f5396b9f36e2e2c9f465b689ecc
ssdeep
393216:Mb4ohtq+FOLMn46E3BdITA3aJWJGkgerC:GnPZnQR+TA3rgerC

authentihash 089221fe9d5fad814f8c4f0b08f8f67b7e5f2153e5ec139c910f15e61832819d
imphash 1494de9b53e05fc1f40cb92afbdd6ce4
File size 12.5 MB ( 13103240 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Microsoft Update - Self Extracting Cabinet (81.7%)
Win32 Executable MS Visual C++ (generic) (7.5%)
Win64 Executable (generic) (6.6%)
Win32 Dynamic Link Library (generic) (1.5%)
Win32 Executable (generic) (1.0%)
Tags
peexe nsrl signed overlay

VirusTotal metadata
First submission 2009-04-04 22:58:58 UTC ( 10 years, 1 month ago )
Last submission 2018-03-24 23:06:40 UTC ( 1 year, 1 month ago )
File names output.23504852.txt
MPSetup.exe
MPSetup.exe
MP_9X_DEU.EXE
file-5046188_exe
WEXTRACT.EXE
Mediaplayer_98-2000.exe
Wextract
mpsetup.exe
mp9setup.exe
mpsetup.exe
mpsetup-german.exe
MPSETUP.EXE
WindowsMediaPlayer9_mpsetup.exe
23504852
National Software Reference Library (NIST)
The National Software Reference Library (NSRL) is designed to collect software from various sources and incorporate file profiles computed from this software into a reference data set of information. This file was found in the NSRL dataset, in the following products and with the following file names.
Products SetPoint 2.4a (Logitech)
SetPoint 2.11c (Logitech)
File names mpsetup.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!