× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 124348611e216d1ccf01a06261ceb2a5b8fbee0c305e54d274a133fd35c22619
File name: PCPerformerSetup.exe
Detection ratio: 10 / 50
Analysis date: 2014-03-05 14:38:08 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
AVG Skodna.Downloader.BQ 20140305
Agnitum PUA.InstallBrain! 20140302
AntiVir APPL/InstallBrain.Gen 20140305
DrWeb Adware.Downware.1988 20140305
ESET-NOD32 a variant of Win32/InstallBrain.BH 20140305
Malwarebytes PUP.Optional.InstallBrain 20140305
NANO-Antivirus Trojan.Win32.Downware.cstqny 20140305
Panda Trj/Genetic.gen 20140305
Rising PE:PUF.SmartInstaller!1.9EA6 20140305
VIPRE InstallBrain (fs) 20140305
Ad-Aware 20140305
AhnLab-V3 20140305
Antiy-AVL 20140305
Avast 20140305
Baidu-International 20140305
BitDefender 20140305
Bkav 20140305
ByteHero 20140305
CAT-QuickHeal 20140305
CMC 20140228
ClamAV 20140304
Commtouch 20140305
Comodo 20140305
Emsisoft 20140305
F-Prot 20140305
F-Secure 20140305
Fortinet 20140305
GData 20140305
Ikarus 20140305
Jiangmin 20140305
K7AntiVirus 20140305
K7GW 20140304
Kaspersky 20140305
Kingsoft 20140305
McAfee 20140305
McAfee-GW-Edition 20140305
MicroWorld-eScan 20140305
Microsoft 20140305
Norman 20140305
Qihoo-360 20140305
SUPERAntiSpyware 20140305
Sophos 20140305
Symantec 20140305
TheHacker 20140305
TotalDefense 20140305
TrendMicro 20140305
TrendMicro-HouseCall 20140305
VBA32 20140305
ViRobot 20140305
nProtect 20140305
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright 2013

Publisher PurpleTech Software Inc
Product PC Performer
Original name PC Performer.exe
Internal name PC Performer
File version 1.5.3.14
Description PC Performer
Signature verification Signed file, verified signature
Signing date 3:36 PM 3/5/2014
Signers
[+] PurpleTech Software Inc
Status Valid
Valid from 8:50 PM 12/15/2013
Valid to 3:45 AM 9/12/2015
Valid usage Code Signing
Algorithm SHA1
Thumbprint 2BBBCA7EDCC4510258722370478A095F5297DBF7
Serial number 04 39 90 24 0F 90 A4
[+] Go Daddy Secure Certification Authority
Status Valid
Valid from 2:54 AM 11/16/2006
Valid to 2:54 AM 11/16/2026
Valid usage All
Algorithm SHA1
Thumbprint 7C4656C3061F7F4C0D67B319A855F60EBC11FC44
Serial number 03 01
[+] Go Daddy Class 2 Certification Authority
Status Valid
Valid from 6:06 PM 6/29/2004
Valid to 6:06 PM 6/29/2034
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm SHA1
Thumbprint 2796BAE63F1801E277261BA0D77770028F20EEE4
Serial number 00
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm MD5
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-12-25 15:21:41
Entry Point 0x000ED725
Number of sections 5
PE sections
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
DeregisterEventSource
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegisterEventSourceA
RegDeleteKeyW
ReportEventA
RegQueryValueExW
InitCommonControlsEx
GetDeviceCaps
CombineRgn
DeleteDC
SelectObject
ExtCreateRegion
GetStockObject
CreateSolidBrush
GetObjectW
BitBlt
CreateDIBSection
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetStdHandle
InterlockedPopEntrySList
SetEvent
HeapDestroy
EncodePointer
GetFileAttributesW
GetExitCodeProcess
GetProcessId
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
lstrcatW
SetStdHandle
GetFileTime
GetCPInfo
GetTempPathW
WaitForSingleObject
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
FormatMessageW
InterlockedPushEntrySList
LoadResource
FindClose
TlsGetValue
MoveFileW
GetPrivateProfileSectionNamesW
GetEnvironmentVariableW
SetLastError
GetSystemTime
ReadConsoleInputA
CopyFileW
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetVersionExA
LoadLibraryA
HeapSetInformation
SetConsoleCtrlHandler
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
FlushInstructionCache
GetPrivateProfileStringW
GetModuleHandleA
CreateThread
SetEnvironmentVariableW
GetSystemDirectoryW
CreateSemaphoreW
CreateMutexW
MulDiv
IsProcessorFeaturePresent
ExitThread
DecodePointer
SetEnvironmentVariableA
TerminateProcess
SetUnhandledExceptionFilter
InterlockedDecrement
SetCurrentDirectoryW
VirtualQuery
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
GetProcAddress
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
lstrcmpiW
RtlUnwind
LeaveCriticalSection
FlushConsoleInputBuffer
GetFileSize
OpenProcess
CreateDirectoryA
GetModuleHandleW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
GetTempFileNameW
CompareStringW
GlobalReAlloc
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
ResetEvent
FindFirstFileW
GlobalMemoryStatus
lstrcmpW
WaitForMultipleObjects
GlobalLock
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetNativeSystemInfo
GetLastError
DosDateTimeToFileTime
LCMapStringW
HeapCreate
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
FindResourceW
GetEnvironmentStringsW
GlobalUnlock
GlobalAlloc
lstrlenW
Process32NextW
CreateProcessW
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
InterlockedCompareExchange
Process32FirstW
RaiseException
ReleaseSemaphore
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetVersion
FindResourceExW
IsValidCodePage
SetConsoleMode
WriteFile
VirtualFree
Sleep
VirtualAlloc
LoadRegTypeLib
OleCreateFontIndirect
SafeArrayAccessData
SafeArrayGetLBound
SysStringLen
SysAllocStringLen
SysStringByteLen
SafeArrayUnaccessData
VariantChangeType
VariantClear
SysAllocString
SafeArrayCreate
DispCallFunc
SafeArrayGetUBound
VariantCopy
LoadTypeLib
SysFreeString
SysAllocStringByteLen
VariantInit
VarUI4FromStr
UuidCreate
SHCreateDirectoryExW
SHBrowseForFolderW
Shell_NotifyIconW
ShellExecuteW
SHGetPathFromIDListW
ShellExecuteExW
SHFileOperationW
SHGetSpecialFolderPathW
Ord(680)
CommandLineToArgvW
PathStripPathW
PathFileExistsW
PathRemoveFileSpecW
PathAppendW
PathFindExtensionW
PathAddExtensionW
PathRemoveArgsW
SHGetValueW
MapWindowPoints
RedrawWindow
GetMonitorInfoW
GetUserObjectInformationW
GetParent
RegisterWindowMessageW
EndPaint
EndDialog
PostQuitMessage
GetFocus
DefWindowProcW
FindWindowW
EnumChildWindows
GetMessageW
ScreenToClient
ShowWindow
FillRect
SetWindowPos
GetClassInfoExW
GetSystemMetrics
SetWindowLongW
MessageBoxW
PeekMessageW
GetWindowRect
RegisterClassExW
SetCapture
MoveWindow
DialogBoxParamW
SetRect
MessageBoxA
TranslateMessage
GetWindow
GetProcessWindowStation
GetSysColor
DispatchMessageW
GetDC
GetKeyState
ReleaseCapture
ReleaseDC
BeginPaint
SendMessageW
UnregisterClassA
IsWindowVisible
GetForegroundWindow
DestroyWindow
GetClientRect
CreateAcceleratorTableW
GetDlgItem
SystemParametersInfoW
BringWindowToTop
IsWindow
MonitorFromWindow
ClientToScreen
PostMessageW
DestroyAcceleratorTable
InvalidateRect
LoadImageW
CallWindowProcW
GetClassNameW
GetActiveWindow
SetWindowTextW
GetWindowTextW
GetDesktopWindow
LoadCursorW
GetWindowTextLengthW
CreateWindowExW
GetWindowLongW
SetForegroundWindow
InvalidateRgn
CharNextW
SetWindowRgn
IsChild
SetFocus
SetCursor
WinHttpSetOption
WinHttpConnect
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpQueryDataAvailable
WinHttpGetProxyForUrl
WinHttpAddRequestHeaders
WinHttpSetStatusCallback
WinHttpReceiveResponse
WinHttpOpen
WinHttpOpenRequest
WinHttpReadData
WinHttpSendRequest
Ord(90)
CoInitializeEx
OleLockRunning
CoTaskMemFree
CoInitialize
CoTaskMemAlloc
CoCreateInstance
CoTaskMemRealloc
CLSIDFromProgID
OleUninitialize
CoInitializeSecurity
CoUninitialize
OleInitialize
CLSIDFromString
CreateStreamOnHGlobal
StringFromGUID2
CoSetProxyBlanket
CoGetClassObject
CoInternetSetFeatureEnabled
Number of PE resources by type
RT_ICON 11
RT_DIALOG 5
BMP 2
RT_GROUP_ICON 2
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 13
NEUTRAL 9
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.5.3.14

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
871424

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Copyright 2013

FileVersion
1.5.3.14

TimeStamp
2013:12:25 16:21:41+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
PC Performer

FileAccessDate
2014:03:10 13:18:59+01:00

ProductVersion
1.5.3.14

FileDescription
PC Performer

OSVersion
5.1

FileCreateDate
2014:03:10 13:18:59+01:00

OriginalFilename
PC Performer.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
1239552

ProductName
PC Performer

ProductVersionNumber
1.5.3.14

EntryPoint
0xed725

ObjectFileType
Executable application

File identification
MD5 f85a9d94027c2d44f33c153b22a86473
SHA1 f785bf540da6db17c3c0ba7b138faf6de3531695
SHA256 124348611e216d1ccf01a06261ceb2a5b8fbee0c305e54d274a133fd35c22619
ssdeep
49152:A7VBk+u09t/W0Gif4cNRaTmyWKYBMFXKL29Gbi6j:iBqoW0Gy4cNyWKYC4F

imphash c75ba63e94ae700b698a06eb05c59f2e
File size 2.0 MB ( 2119888 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe signed

VirusTotal metadata
First submission 2014-03-05 14:38:08 UTC ( 1 year, 5 months ago )
Last submission 2014-03-10 12:22:34 UTC ( 1 year, 5 months ago )
File names PCPerformerSetup.exe
vti-rescan
PC Performer
PC Performer.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.