× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 197eebe32e6d2ab6dc66d16e5f72a32872ca77c3135fa6d0990ebd5b28634d7b
File name: WDiff159Installer.exe
Detection ratio: 0 / 52
Analysis date: 2015-12-18 09:29:42 UTC ( 3 years, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware 20151219
AegisLab 20151219
Yandex 20151218
AhnLab-V3 20151218
Antiy-AVL 20151219
Arcabit 20151219
Avast 20151219
AVG 20151219
Avira (no cloud) 20151219
AVware 20151219
Baidu-International 20151218
BitDefender 20151219
Bkav 20151218
ByteHero 20151219
CAT-QuickHeal 20151219
CMC 20151217
Comodo 20151219
Cyren 20151219
DrWeb 20151219
Emsisoft 20151219
ESET-NOD32 20151219
F-Prot 20151219
F-Secure 20151218
Fortinet 20151219
GData 20151219
Ikarus 20151219
Jiangmin 20151219
K7AntiVirus 20151219
K7GW 20151219
Kaspersky 20151219
Malwarebytes 20151219
McAfee 20151219
McAfee-GW-Edition 20151219
Microsoft 20151219
eScan 20151219
NANO-Antivirus 20151219
nProtect 20151218
Panda 20151218
Rising 20151218
Sophos AV 20151219
SUPERAntiSpyware 20151219
Symantec 20151217
Tencent 20151219
TheHacker 20151218
TotalDefense 20151219
TrendMicro 20151219
TrendMicro-HouseCall 20151219
VBA32 20151218
VIPRE 20151219
ViRobot 20151219
Zillya 20151218
Zoner 20151219
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT NSIS, HLP
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-07-14 20:09:51
Entry Point 0x0000310B
Number of sections 5
PE sections
Overlays
MD5 89559cfa367977004d44ec84190edc02
File type data
Offset 48640
Size 780468
Entropy 8.00
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumValueA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SelectObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetBkColor
DeleteObject
SetTextColor
GetLastError
ReadFile
lstrlenA
lstrcmpiA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
ExitProcess
SetFileTime
GlobalUnlock
LoadLibraryA
DeleteFileA
GetModuleFileNameA
GetShortPathNameA
GetCurrentProcess
LoadLibraryExA
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
ExpandEnvironmentStringsA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GlobalLock
SetFileAttributesA
SetFilePointer
GetTempPathA
CreateThread
GetFileAttributesA
GetModuleHandleA
lstrcmpA
FindFirstFileA
lstrcpyA
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
RemoveDirectoryA
GetSystemDirectoryA
GetDiskFreeSpaceA
GetProcAddress
SetEnvironmentVariableA
GetFullPathNameA
FreeLibrary
MoveFileA
CreateProcessA
WriteFile
GlobalAlloc
SearchPathA
FindClose
Sleep
CreateFileA
GetTickCount
GetVersion
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
SHFileOperationA
CharPrevA
GetMessagePos
EndPaint
ReleaseDC
EndDialog
BeginPaint
ShowWindow
DefWindowProcA
GetClassInfoA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
PostQuitMessage
GetWindowRect
DispatchMessageA
ScreenToClient
SetDlgItemTextA
MessageBoxIndirectA
LoadImageA
GetDlgItemTextA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
SystemParametersInfoA
CreatePopupMenu
wsprintfA
DialogBoxParamA
SetClipboardData
IsWindowVisible
SendMessageA
DrawTextA
GetClientRect
SetTimer
GetDlgItem
SetForegroundWindow
CreateDialogParamA
EnableMenuItem
RegisterClassA
SendMessageTimeoutA
InvalidateRect
GetWindowLongA
FindWindowExA
CreateWindowExA
LoadCursorA
TrackPopupMenu
SetWindowTextA
FillRect
OpenClipboard
CharNextA
CallWindowProcA
GetSystemMenu
EmptyClipboard
EnableWindow
CloseClipboard
DestroyWindow
ExitWindowsEx
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
CoTaskMemFree
OleUninitialize
CoCreateInstance
OleInitialize
Number of PE resources by type
RT_ICON 7
RT_DIALOG 5
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 14
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:07:14 22:09:51+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
24064

LinkerVersion
6.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x310b

InitializedDataSize
164864

SubsystemVersion
4.0

ImageVersion
6.0

OSVersion
4.0

UninitializedDataSize
1024

File identification
MD5 782d06e02b6224dd9bc47135e60a0f4a
SHA1 67a3803971c3d6349ffded65bd3547fcf3408333
SHA256 197eebe32e6d2ab6dc66d16e5f72a32872ca77c3135fa6d0990ebd5b28634d7b
ssdeep
24576:Jll1q2f7ceYPze0lJ75MeVeR7eaQ8POo8aK7Sef:btf7ceYZ5MeVeRyapPOo8a4Sef

authentihash 4adc4049701c281851f4cbd7a68842d6be8e9172e36520339f8a491ab71e0c10
imphash b40f29cd171eb54c01b1dd2683c9c26b
File size 809.7 KB ( 829108 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID NSIS - Nullsoft Scriptable Install System (91.7%)
Win32 Executable MS Visual C++ (generic) (3.3%)
Win64 Executable (generic) (2.9%)
Win32 Dynamic Link Library (generic) (0.7%)
Win32 Executable (generic) (0.4%)
Tags
nsis peexe overlay

VirusTotal metadata
First submission 2013-11-12 01:05:53 UTC ( 5 years, 4 months ago )
Last submission 2018-08-23 08:18:06 UTC ( 7 months ago )
File names WDiff159Installer.exe
WDiff159Installer.exe
WDiff159Installer.exe
WDiff159Installer.exe
1041277
197EEBE32E6D2AB6DC66D16E5F72A32872CA77C3135FA6D0990EBD5B28634D7B.exe
197eebe32e6d2ab6dc66d16e5f72a32872ca77c3135fa6d0990ebd5b28634d7b
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.