× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1ae31d648d88014f62cbb57df82c4dc736fdafdbcecf0a26ccc977c38a64c4bd
File name: Setup
Detection ratio: 0 / 67
Analysis date: 2018-09-11 00:23:38 UTC ( 4 months, 1 week ago )
Antivirus Result Update
Ad-Aware 20180910
AegisLab 20180910
AhnLab-V3 20180910
Alibaba 20180713
Antiy-AVL 20180911
Arcabit 20180910
Avast 20180910
Avast-Mobile 20180910
AVG 20180910
Avira (no cloud) 20180910
AVware 20180910
Babable 20180907
Baidu 20180910
BitDefender 20180910
Bkav 20180906
CAT-QuickHeal 20180909
ClamAV 20180910
CMC 20180910
Comodo 20180910
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20180911
Cyren 20180910
DrWeb 20180910
eGambit 20180911
Emsisoft 20180910
Endgame 20180730
ESET-NOD32 20180910
F-Prot 20180910
F-Secure 20180910
Fortinet 20180910
GData 20180910
Ikarus 20180910
Sophos ML 20180717
Jiangmin 20180910
K7AntiVirus 20180910
K7GW 20180910
Kaspersky 20180910
Kingsoft 20180911
Malwarebytes 20180910
MAX 20180911
McAfee 20180910
McAfee-GW-Edition 20180910
Microsoft 20180910
eScan 20180910
NANO-Antivirus 20180910
Palo Alto Networks (Known Signatures) 20180911
Panda 20180910
Qihoo-360 20180911
Rising 20180911
SentinelOne (Static ML) 20180830
Sophos AV 20180910
SUPERAntiSpyware 20180907
Symantec 20180910
Symantec Mobile Insight 20180905
TACHYON 20180910
Tencent 20180911
TheHacker 20180907
TotalDefense 20180910
TrendMicro 20180910
TrendMicro-HouseCall 20180910
Trustlook 20180911
VBA32 20180910
VIPRE 20180910
ViRobot 20180910
Webroot 20180911
Yandex 20180910
Zillya 20180910
ZoneAlarm by Check Point 20180910
Zoner 20180910
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2004 Macrovision Corporation

Product InstallShield (R)
Original name Setup.exe
Internal name Setup
File version 10.50.132
Description Setup.exe
Signature verification Signed file, verified signature
Signing date 5:13 PM 10/7/2006
Signers
[+] Amplify, LLC
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2004 CA
Valid from 1:00 AM 9/21/2006
Valid to 12:59 AM 11/6/2008
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 295F30D349FA55DBDD05480B9AF6AF2552693E0E
Serial number 42 94 3F F2 64 FB D2 FB 38 BC 24 18 E4 42 C7 E9
[+] VeriSign Class 3 Code Signing 2004 CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 7/16/2004
Valid to 12:59 AM 7/16/2014
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 197A4AEBDB25F0170079BB8C73CB2D655E0018A4
Serial number 41 91 A1 5A 39 78 DF CF 49 65 66 38 1D 4C 75 C2
[+] VeriSign Class 3 Public Primary CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 1/29/1996
Valid to 12:59 AM 8/2/2028
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm md2RSA
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
Counter signers
[+] VeriSign Time Stamping Services Signer
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2008
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 817E78267300CB0FE5D631357851DB366123A690
Serial number 0D E9 2B F0 D4 D8 29 88 18 32 05 09 5E 9A 76 88
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
PEiD InstallShield Custom
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-03-24 08:07:36
Entry Point 0x0000CE02
Number of sections 4
PE sections
Overlays
MD5 444ae0abba8694153c1c2245216dcf04
File type data
Offset 114688
Size 2512280
Entropy 7.96
PE imports
GetTokenInformation
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
OpenProcessToken
RegQueryValueA
FreeSid
RegQueryValueExA
AllocateAndInitializeSid
OpenThreadToken
RegSetValueExA
EqualSid
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExA
GetObjectA
CreateFontIndirectA
GetTextExtentPoint32A
DeleteObject
LPtoDP
ReleaseMutex
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
HeapDestroy
DebugBreak
DeleteCriticalSection
GetCurrentProcess
lstrcatA
SetErrorMode
FindResourceExA
WideCharToMultiByte
GetStringTypeA
WriteFile
HeapReAlloc
GetStringTypeW
SetEvent
MoveFileA
InitializeCriticalSection
LoadResource
FindClose
InterlockedDecrement
SetLastError
CopyFileA
ExitProcess
GetModuleFileNameA
GetPrivateProfileStringA
MultiByteToWideChar
CreateMutexA
SetFilePointer
CreateThread
GlobalAlloc
SearchPathA
GetVersion
InterlockedIncrement
HeapFree
EnterCriticalSection
lstrcmpiA
FreeLibrary
QueryPerformanceCounter
GetTickCount
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetProcAddress
CompareStringW
lstrcmpA
FindFirstFileA
lstrcpyA
CompareStringA
GetTempFileNameA
CreateFileMappingA
FindNextFileA
GlobalLock
CreateEventA
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
UnmapViewOfFile
GetSystemInfo
lstrlenA
GlobalFree
GlobalUnlock
VirtualQuery
RemoveDirectoryA
GetShortPathNameA
SizeofResource
WritePrivateProfileStringA
LockResource
lstrlenW
GetCommandLineA
GetCurrentThread
GetTempPathA
GetSystemDefaultLangID
QueryPerformanceFrequency
MapViewOfFile
GetModuleHandleA
ReadFile
CloseHandle
lstrcpynA
GetCurrentThreadId
FindResourceA
CreateProcessA
HeapCreate
Sleep
IsBadReadPtr
OpenEventA
ResetEvent
LZCopy
LZClose
LZOpenFileA
LoadRegTypeLib
SysStringLen
SysAllocStringLen
RegisterTypeLib
VariantClear
SysAllocString
VariantCopy
LoadTypeLib
SysFreeString
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc
GetMessageA
SetWindowRgn
ReleaseDC
EndDialog
CreateDialogIndirectParamA
KillTimer
ShowWindow
SetWindowPos
IsDialogMessageA
GetWindowRect
DispatchMessageA
SetDlgItemTextA
MoveWindow
MessageBoxA
PeekMessageA
TranslateMessage
CharUpperA
SetActiveWindow
GetDC
SystemParametersInfoA
SetWindowTextA
LoadStringA
SendMessageA
SetForegroundWindow
GetDlgItem
CharLowerBuffA
ScreenToClient
wsprintfA
SetTimer
LoadIconA
CharNextA
GetDesktopWindow
PostThreadMessageA
MsgWaitForMultipleObjects
GetWindowTextA
DialogBoxIndirectParamA
DestroyWindow
VerInstallFileA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
CoRegisterClassObject
CoInitialize
CoTaskMemAlloc
CoRevokeClassObject
CoCreateGuid
CoCreateInstance
CoMarshalInterThreadInterfaceInStream
StringFromCLSID
CoUninitialize
CoGetInterfaceAndReleaseStream
GetRunningObjectTable
CoReleaseMarshalData
CoTaskMemFree
StringFromGUID2
Number of PE resources by type
RT_STRING 33
RT_ICON 4
RT_DIALOG 2
RT_MANIFEST 1
TYPELIB 1
PUBLICKEY 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
ENGLISH US 4
TURKISH DEFAULT 4
SWEDISH 1
PORTUGUESE 1
CZECH DEFAULT 1
FRENCH 1
CHINESE SIMPLIFIED 1
SLOVENIAN DEFAULT 1
INDONESIAN DEFAULT 1
DUTCH 1
ITALIAN 1
CATALAN DEFAULT 1
FINNISH DEFAULT 1
SERBIAN CYRILLIC 1
PORTUGUESE BRAZILIAN 1
SPANISH 1
FRENCH CANADIAN 1
KOREAN 1
BASQUE DEFAULT 1
HUNGARIAN DEFAULT 1
GERMAN 1
BULGARIAN DEFAULT 1
POLISH DEFAULT 1
JAPANESE DEFAULT 1
DANISH DEFAULT 1
SLOVAK DEFAULT 1
GREEK DEFAULT 1
NORWEGIAN BOKMAL 1
CHINESE TRADITIONAL 1
THAI DEFAULT 1
SERBIAN DEFAULT 1
ROMANIAN 1
RUSSIAN 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
45568

ImageVersion
0.0

ProductName
InstallShield (R)

FileVersionNumber
10.50.0.132

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
Setup.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
10.50.132

TimeStamp
2005:03:24 09:07:36+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Setup

ProductVersion
10.5

FileDescription
Setup.exe

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) 2004 Macrovision Corporation

MachineType
Intel 386 or later, and compatibles

CompanyName
Macrovision Corporation

CodeSize
68096

FileSubtype
0

ProductVersionNumber
10.50.0.0

EntryPoint
0xce02

ObjectFileType
Executable application

File identification
MD5 c4fc1bcd4e5a9bd8b426253489a7a35a
SHA1 8c4053549bd22712c754da2c495b26265f29bb63
SHA256 1ae31d648d88014f62cbb57df82c4dc736fdafdbcecf0a26ccc977c38a64c4bd
ssdeep
49152:z2YB5f6HatqX+1UDiUBRsEFL6weWP3pgP6223Owb9PhhD6+I2YBne+vDIt2d:z2Y7fvc+YRsuTP6y28b9PhhQ2YRecIId

authentihash ede185e1f75f888d20dc276a1db4825dd9f96c73881f6e8085b485c0b2d20e2c
imphash 348de7abc22f8c467ae13e6daf358f64
File size 2.5 MB ( 2626968 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (47.9%)
Win32 Executable MS Visual C++ (generic) (18.2%)
Win64 Executable (generic) (16.1%)
Windows screen saver (7.6%)
Win32 Dynamic Link Library (generic) (3.8%)
Tags
peexe installshield signed overlay

VirusTotal metadata
First submission 2016-03-03 19:36:07 UTC ( 2 years, 10 months ago )
Last submission 2016-03-03 19:36:07 UTC ( 2 years, 10 months ago )
File names Setup.exe
Setup
1360565921-clipmarks.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs