× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 16792d31eb61c4c8af8cbbae7f08a4379390837d4458432b1ca069b9fc5b7ff8
File name: MessengerSetup_1-4-3.exe
Detection ratio: 1 / 66
Analysis date: 2018-01-12 09:00:15 UTC ( 6 days, 1 hour ago ) View latest
Antivirus Result Update
Zillya Adware.AddLyrics.Win32.8327 20180111
Ad-Aware 20180112
AegisLab 20180112
AhnLab-V3 20180112
Alibaba 20180112
ALYac 20180112
Antiy-AVL 20180112
Arcabit 20180112
Avast 20180112
Avast-Mobile 20180112
AVG 20180112
Avira (no cloud) 20180112
AVware 20180103
Baidu 20180112
BitDefender 20180112
Bkav 20180112
CAT-QuickHeal 20180112
ClamAV 20180112
CMC 20180111
Comodo 20180112
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20180112
Cyren 20180112
DrWeb 20180112
eGambit 20180112
Emsisoft 20180112
Endgame 20171130
ESET-NOD32 20180112
F-Prot 20180112
F-Secure 20180112
Fortinet 20180112
GData 20180112
Sophos ML 20170914
Jiangmin 20180112
K7AntiVirus 20180112
K7GW 20180112
Kaspersky 20180112
Kingsoft 20180112
Malwarebytes 20180112
MAX 20180112
McAfee 20180112
McAfee-GW-Edition 20180112
Microsoft 20180112
eScan 20180112
NANO-Antivirus 20180112
nProtect 20180112
Palo Alto Networks (Known Signatures) 20180112
Panda 20180111
Qihoo-360 20180112
Rising 20180112
SentinelOne (Static ML) 20171224
Sophos AV 20180112
SUPERAntiSpyware 20180112
Symantec 20180112
Symantec Mobile Insight 20180111
Tencent 20180112
TheHacker 20180108
TotalDefense 20180112
TrendMicro 20180112
TrendMicro-HouseCall 20180112
Trustlook 20180112
VBA32 20180111
VIPRE 20180112
ViRobot 20180112
Webroot 20180112
Yandex 20180111
ZoneAlarm by Check Point 20180112
Zoner 20180112
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT NSIS, maxorder, appended, packed, ZIP
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-12-05 22:50:52
Entry Point 0x000030FA
Number of sections 5
PE sections
Overlays
MD5 505fc633c1bbd3515d69d432f76c404b
File type data
Offset 69120
Size 29356416
Entropy 8.00
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
RegDeleteValueA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SetBkMode
CreateBrushIndirect
CreateFontIndirectA
SelectObject
SetBkColor
DeleteObject
SetTextColor
GetLastError
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
ExitProcess
SetFileTime
GlobalUnlock
LoadLibraryA
GetModuleFileNameA
GetShortPathNameA
GetCurrentProcess
LoadLibraryExA
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GlobalLock
SetFileAttributesA
SetFilePointer
GetTempPathA
CreateThread
lstrcmpiA
GetModuleHandleA
lstrcmpA
ReadFile
WriteFile
FindFirstFileA
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
RemoveDirectoryA
GetSystemDirectoryA
GetDiskFreeSpaceA
ExpandEnvironmentStringsA
GetFullPathNameA
FreeLibrary
MoveFileA
CreateProcessA
GlobalAlloc
SearchPathA
FindClose
Sleep
CreateFileA
GetTickCount
GetVersion
GetProcAddress
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
SHFileOperationA
EmptyClipboard
GetMessagePos
EndPaint
CharPrevA
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
SetWindowTextA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
ScreenToClient
SetDlgItemTextA
MessageBoxIndirectA
LoadImageA
GetDlgItemTextA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
FindWindowExA
SystemParametersInfoA
CreatePopupMenu
wsprintfA
DialogBoxParamA
SetClipboardData
IsWindowVisible
GetClassInfoA
SetForegroundWindow
GetClientRect
CreateWindowExA
GetDlgItem
CreateDialogParamA
DrawTextA
EnableMenuItem
RegisterClassA
InvalidateRect
GetWindowLongA
SendMessageTimeoutA
SetTimer
LoadCursorA
TrackPopupMenu
SendMessageA
FillRect
ShowWindow
OpenClipboard
CharNextA
CallWindowProcA
GetSystemMenu
EnableWindow
CloseClipboard
DestroyWindow
ExitWindowsEx
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_ICON 7
RT_DIALOG 3
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 12
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2009:12:05 23:50:52+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
24064

LinkerVersion
6.0

EntryPoint
0x30fa

InitializedDataSize
164864

SubsystemVersion
4.0

ImageVersion
6.0

OSVersion
4.0

UninitializedDataSize
1024

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
PE resource-wise parents
Compressed bundles
File identification
MD5 967cf0e5204e309ab45510724249bc6f
SHA1 d25763429e705f227ed51d203838bb8c81785a5a
SHA256 16792d31eb61c4c8af8cbbae7f08a4379390837d4458432b1ca069b9fc5b7ff8
ssdeep
786432:ug1tDlDSnC6r2Lgs3Omga5GiWbn0Ac5/kGJNdL4K2LIQJjxG:ugTdyCU+gs3Oi5G30Ac5/kG55N

authentihash 2299e4c19da1c48e94eff2a9651346541b69cc97fc2bd0b757b29fb8b45bcdf4
imphash 7fa974366048f9c551ef45714595665e
File size 28.1 MB ( 29425536 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID NSIS - Nullsoft Scriptable Install System (94.8%)
Win32 Executable MS Visual C++ (generic) (3.4%)
Win32 Dynamic Link Library (generic) (0.7%)
Win32 Executable (generic) (0.5%)
Generic Win/DOS Executable (0.2%)
Tags
nsis peexe overlay software-collection

VirusTotal metadata
First submission 2015-06-14 15:49:47 UTC ( 2 years, 7 months ago )
Last submission 2018-01-16 05:43:52 UTC ( 2 days, 4 hours ago )
File names MessengerSetup.exe
MessengerSetup.exe
test.exe
messenger-for-desktop-1-4-3-multi-win.exe
MessengerSetup.exe
MessengerSetup_2.exe
file.exe
MessengerSetup.exe
MessengerSetup.exe
MessengerSetup_1.4.3.exe
Messenger.exe
messengersetup.exe
MessengerSetup.exe
f70c326a-1202-11e5-9941-bc4b8a296a5b(1).exe
MessengerSetup.exe
FBmessenger.exe
MessengerSetup_1-4-3.exe
filename
5026b834628b22564e12edc44bd40dc5cb6a47aa9c8785ac4df9f40f817b419ba797f1dc88588b5202a713ec2d4000622378ffde23195ce22db521c29185d566
MessengerSetup-1.4.3.exe
setupMessengerSetup.exe
messenger-for-desktop.exe
messenger-for-desktop.exe
MessengerSetup (1).exe
Facebook Messenger v1.4.3.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!