× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 18704a6de03552f5d531f0e8ddf5cd5dc536179c9e1f7146b9fa2475cb1d4dbf
File name: Advanced Renamer 3.84.exe
Detection ratio: 0 / 67
Analysis date: 2018-10-26 12:45:40 UTC ( 6 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware 20181026
AegisLab 20181026
AhnLab-V3 20181026
Alibaba 20180921
ALYac 20181026
Antiy-AVL 20181026
Arcabit 20181026
Avast 20181026
Avast-Mobile 20181026
AVG 20181026
Avira (no cloud) 20181026
Babable 20180918
Baidu 20181026
BitDefender 20181026
Bkav 20181025
CAT-QuickHeal 20181025
ClamAV 20181026
CMC 20181026
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181026
Cyren 20181026
DrWeb 20181026
eGambit 20181026
Emsisoft 20181026
Endgame 20180730
ESET-NOD32 20181026
F-Prot 20181026
F-Secure 20181026
Fortinet 20181026
GData 20181026
Ikarus 20181026
Sophos ML 20180717
Jiangmin 20181026
K7AntiVirus 20181026
K7GW 20181025
Kaspersky 20181026
Kingsoft 20181026
Malwarebytes 20181026
MAX 20181026
McAfee 20181026
McAfee-GW-Edition 20181026
Microsoft 20181026
eScan 20181026
NANO-Antivirus 20181026
Palo Alto Networks (Known Signatures) 20181026
Panda 20181026
Qihoo-360 20181026
Rising 20181026
SentinelOne (Static ML) 20181011
Sophos AV 20181026
SUPERAntiSpyware 20181022
Symantec 20181026
Symantec Mobile Insight 20181026
TACHYON 20181026
Tencent 20181026
TheHacker 20181025
TotalDefense 20181026
TrendMicro 20181026
TrendMicro-HouseCall 20181026
Trustlook 20181026
VBA32 20181026
ViRobot 20181026
Webroot 20181026
Yandex 20181026
Zillya 20181024
ZoneAlarm by Check Point 20181026
Zoner 20181025
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © Hulubulu Software by Kim Jensen

Product Advanced Renamer
File version
Description Advanced Renamer Setup
Comments This installation was built with Inno Setup.
Signature verification Signed file, verified signature
Signing date 10:32 AM 10/8/2018
Signers
[+] Kim Jensen
Status Valid
Issuer COMODO RSA Code Signing CA
Valid from 01:00 AM 01/31/2018
Valid to 12:59 AM 02/01/2020
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint CAB40A8FA72A2748FBB327FE3EE497DDA900DC1F
Serial number 6A 5F 9B 52 6D 99 80 F2 C6 4F 98 15 82 E0 2E 3C
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 05/09/2013
Valid to 11:59 PM 05/08/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] Sectigo (formerly Comodo CA)
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 01:00 AM 01/19/2010
Valid to 12:59 AM 01/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] COMODO SHA-1 Time Stamping Signer
Status Valid
Issuer UTN-USERFirst-Object
Valid from 01:00 AM 12/31/2015
Valid to 06:40 PM 07/09/2019
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 03A5B14663EB12023091B84A6D6A68BC871DE66B
Serial number 16 88 F0 39 25 5E 63 8E 69 14 39 07 E6 33 0B
[+] Sectigo (UTN Object)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 06:31 PM 07/09/1999
Valid to 06:40 PM 07/09/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
Packers identified
F-PROT INNO, appended
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0000AAD0
Number of sections 8
PE sections
Overlays
MD5 f9ec713a1bdc003fd64303419ad79220
File type data
Offset 58368
Size 11294464
Entropy 8.00
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
CreateDirectoryA
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
LoadLibraryA
GetACP
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetLocaleInfoA
LocalAlloc
LockResource
IsDBCSLeadByte
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
CloseHandle
GetSystemDirectoryA
GetFullPathNameA
LocalFree
CreateProcessA
GetModuleFileNameA
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
GetVersion
FindResourceA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 4
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
DUTCH 4
ENGLISH US 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
This installation was built with Inno Setup.

LinkerVersion
2.25

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Advanced Renamer Setup

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Unicode

InitializedDataSize
17920

EntryPoint
0xaad0

MIMEType
application/octet-stream

LegalCopyright
Copyright Hulubulu Software by Kim Jensen

TimeStamp
1992:06:20 00:22:17+02:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
3.84

UninitializedDataSize
0

OSVersion
1.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Hulubulu Software

CodeSize
41984

ProductName
Advanced Renamer

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 e4039054634c58b05f63410e26212755
SHA1 1ae722af6dcd3e2265f6b0a66607e3004014cd52
SHA256 18704a6de03552f5d531f0e8ddf5cd5dc536179c9e1f7146b9fa2475cb1d4dbf
ssdeep
196608:zzj1pD2XAdlO1U8wr5u89UH0qrjMq2QGgc6t+YckQR2SLhJqnQAI7+NWewS:zP2XAdlOS55u89g0qrjMq2QG16IY82Sm

authentihash 7fc62833002c3403f1eb934b22cf6be208c0cbbbb80a839569640a5b4747f0d5
imphash 2fb819a19fe4dee5c03e8c6a79342f79
File size 10.8 MB ( 11352832 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (76.6%)
Win32 Executable Delphi generic (9.9%)
Win32 Dynamic Link Library (generic) (4.5%)
Win32 Executable (generic) (3.1%)
Win16/32 Executable Delphi generic (1.4%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2018-10-08 09:20:34 UTC ( 7 months, 2 weeks ago )
Last submission 2019-05-19 06:56:42 UTC ( 2 days ago )
File names 18704A6DE03552F5D531F0E8DDF5CD5DC536179C9E1F7146B9FA2475CB1D4DBF.exe
advanced_renamer384_setup.exe
AdvancedRenamer_3.84.0.0.exe
Advanced_Renamer_v3.84.exe
advanced_renamer_setup (1).exe
advanced_renamer_setup.exe
advanced_renamer_setup.exe
advanced_renamer_setup3.84.exe
advanced_renamer_setup(2).exe
advanced_renamer_setup.exe
advanced_renamer_setup.exe
Advanced Renamer 3.84.exe
advanced_renamer_setup.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Runtime DLLs