× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 177007a26b451aa5de471b0f77ce97ab0c18353d30d831b3e84d9202adfe9ce3
File name: eq32.exe
Detection ratio: 1 / 57
Analysis date: 2016-04-02 03:45:11 UTC ( 1 year, 9 months ago )
Antivirus Result Update
Zillya Worm.Luder.Win32.8272 20160401
Ad-Aware 20160402
AegisLab 20160402
AhnLab-V3 20160401
Alibaba 20160401
ALYac 20160402
Antiy-AVL 20160402
Arcabit 20160402
Avast 20160402
AVG 20160402
Avira (no cloud) 20160402
AVware 20160402
Baidu 20160402
Baidu-International 20160401
BitDefender 20160402
Bkav 20160401
CAT-QuickHeal 20160401
ClamAV 20160402
CMC 20160401
Comodo 20160401
Cyren 20160402
DrWeb 20160402
Emsisoft 20160402
ESET-NOD32 20160402
F-Prot 20160402
F-Secure 20160402
Fortinet 20160401
GData 20160402
Ikarus 20160401
Jiangmin 20160402
K7AntiVirus 20160401
K7GW 20160402
Kaspersky 20160402
Kingsoft 20160402
Malwarebytes 20160402
McAfee 20160402
McAfee-GW-Edition 20160402
Microsoft 20160402
eScan 20160402
NANO-Antivirus 20160401
nProtect 20160401
Panda 20160401
Qihoo-360 20160402
Rising 20160402
Sophos AV 20160401
SUPERAntiSpyware 20160402
Symantec 20160331
Tencent 20160402
TheHacker 20160330
TotalDefense 20160330
TrendMicro 20160402
TrendMicro-HouseCall 20160402
VBA32 20160401
VIPRE 20160402
ViRobot 20160402
Yandex 20160316
Zoner 20160402
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2002-2012, Pantaray Research Ltd.

Product QSetup Installation Suite
File version 11.0.0.0
Signature verification Signed file, verified signature
Signing date 8:50 AM 4/1/2016
Signers
[+] PAS-Products (Frank Dunkel)
Status Valid
Issuer COMODO RSA Code Signing CA
Valid from 1:00 AM 5/4/2015
Valid to 12:59 AM 5/4/2016
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 1893CA6D5F92472A263AFBAE72D7240D798DCD07
Serial number 00 AE 87 D1 7E E8 03 08 79 5B 31 3E 88 45 F0 75 36
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 5/9/2013
Valid to 12:59 AM 5/9/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE?
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 1/19/2010
Valid to 12:59 AM 1/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] COMODO SHA-1 Time Stamping Signer
Status Valid
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 12/31/2015
Valid to 7:40 PM 7/9/2019
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 03A5B14663EB12023091B84A6D6A68BC871DE66B
Serial number 16 88 F0 39 25 5E 63 8E 69 14 39 07 E6 33 0B
[+] UTN-USERFirst-Object
Status Valid
Issuer AddTrust External CA Root
Valid from 9:09 AM 6/7/2005
Valid to 11:48 AM 5/30/2020
Valid usage All
Algorithm sha1RSA
Thumbrint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] The USERTrust Network?
Status Valid
Issuer AddTrust External CA Root
Valid from 11:48 AM 5/30/2000
Valid to 11:48 AM 5/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbrint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
Packers identified
PEiD BobSoft Mini Delphi -> BoB / BobSoft
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x000286F8
Number of sections 8
PE sections
Overlays
MD5 a060d9b39cb9b0fde9c21dbace4c1668
File type data
Offset 197632
Size 10502976
Entropy 8.00
PE imports
RegOpenKeyExA
LookupAccountNameA
RegQueryValueExA
RegCloseKey
GetUserNameA
InitCommonControls
GetDeviceCaps
LineTo
SelectObject
GetTextExtentPoint32A
MoveToEx
CreatePen
GetTextMetricsA
CreateSolidBrush
DeleteObject
CreateFontA
GetStdHandle
FileTimeToDosDateTime
GetFileAttributesA
GetDriveTypeA
GetLocalTime
DeleteCriticalSection
GetLocaleInfoA
LocalAlloc
SetErrorMode
SetFileAttributesA
GetTempPathA
GetCPInfo
WriteFile
GetDiskFreeSpaceA
GetFullPathNameA
GetExitCodeProcess
LocalFree
MoveFileA
GetEnvironmentVariableA
FindClose
TlsGetValue
FormatMessageA
GetStringTypeExA
DeviceIoControl
InitializeCriticalSection
GlobalFindAtomA
ExitProcess
GetModuleFileNameA
RaiseException
EnumCalendarInfoA
LoadLibraryExA
GetPrivateProfileStringA
UnhandledExceptionFilter
GetModuleHandleA
GlobalAddAtomA
MulDiv
GetSystemDirectoryA
TerminateProcess
VirtualQuery
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
SetCurrentDirectoryA
EnterCriticalSection
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
GetFileSize
OpenProcess
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetProcAddress
FindFirstFileA
GetComputerNameA
FindNextFileA
CopyFileA
GetFileType
TlsSetValue
CreateFileA
LeaveCriticalSection
GetLastError
DosDateTimeToFileTime
GlobalDeleteAtom
lstrlenA
GetThreadLocale
IsDBCSLeadByte
RemoveDirectoryA
WinExec
FileTimeToLocalFileTime
WritePrivateProfileStringA
GetCurrentProcessId
SetFileTime
WideCharToMultiByte
GetShortPathNameA
GetCommandLineA
QueryPerformanceFrequency
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
GetVersion
CreateProcessA
VirtualFree
Sleep
VirtualAlloc
SysReAllocStringLen
SysFreeString
SysAllocStringLen
ShellExecuteA
SetFocus
GetMessageA
EnableWindow
ReleaseDC
PostQuitMessage
EnumWindows
KillTimer
RegisterWindowMessageA
DefWindowProcA
ShowWindow
SetWindowPos
GetWindowThreadProcessId
GetSystemMetrics
GetWindowRect
DispatchMessageA
EndPaint
LoadStringA
PostMessageA
DrawIcon
MessageBoxA
PeekMessageA
SetWindowLongA
TranslateMessage
GetWindow
GetSysColor
SetActiveWindow
GetDC
SystemParametersInfoA
BeginPaint
FindWindowA
UnregisterClassA
IsWindowVisible
SendMessageA
GetClientRect
SetTimer
EnableMenuItem
RegisterClassA
GetWindowLongA
CreateWindowExA
LoadCursorA
LoadIconA
GetActiveWindow
CharNextA
GetDesktopWindow
GetSystemMenu
GetFocus
FillRect
GetWindowTextA
GetKeyboardType
CharToOemA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetSetOptionA
InternetGetLastResponseInfoA
Number of PE resources by type
RT_STRING 6
RT_ICON 2
RT_RCDATA 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 9
HEBREW DEFAULT 3
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
2.25

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
11.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

LastCompile
22/01/2012 11:22:20

CharacterSet
Windows, Latin1

InitializedDataSize
34816

EntryPoint
0x286f8

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2002-2012, Pantaray Research Ltd.

FileVersion
11.0.0.0

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
11.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Pantaray Research Ltd.

CodeSize
161792

ProductName
QSetup Installation Suite

ProductVersionNumber
10.1.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 f8a10020c1b30d6e4793baa8dc136ced
SHA1 c4d7eef6b189fca5ebc2e01fd8521df321f3fe5c
SHA256 177007a26b451aa5de471b0f77ce97ab0c18353d30d831b3e84d9202adfe9ce3
ssdeep
196608:dIDHz1yncpZvktaGFCBfx0r2kGTSrgEJy023iGsnvFwkUPoEhU5lIRnr:doHzjcFCFer2orvJypcv2G0hr

authentihash e87b35969b8b9845ec54648f7bb5bebe0e03f0fef5d6b0f3d5a5fb30c943d369
imphash c1a1896c511e1df507cce3e5f7bec89d
File size 10.2 MB ( 10700608 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (49.2%)
Win32 Executable Delphi generic (16.2%)
Windows screen saver (14.9%)
Win32 Dynamic Link Library (generic) (7.5%)
Win32 Executable (generic) (5.1%)
Tags
bobsoft peexe signed overlay

VirusTotal metadata
First submission 2016-04-01 07:55:01 UTC ( 1 year, 9 months ago )
Last submission 2016-04-01 07:55:01 UTC ( 1 year, 9 months ago )
File names eq32.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Searched windows
Runtime DLLs
UDP communications