× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1b9c0e6709b163e918477711c384705a8ef28eea776d58b86f49a98998ae8595
File name: setup.exe
Detection ratio: 5 / 42
Analysis date: 2012-04-03 15:21:07 UTC ( 2 years ago ) View latest
Antivirus Result Update
CAT-QuickHeal Rogue.FakeRean 20120403
McAfee Generic FakeAlert.kd 20120403
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Fake.O 20120402
NOD32 probably a variant of Win32/Adware.WintionalityChecker.AE 20120403
VIPRE Trojan.Win32.Fakeav.tri (v) 20120403
AVG 20120403
AhnLab-V3 20120403
AntiVir 20120403
Antiy-AVL 20120403
Avast 20120403
BitDefender 20120403
ByteHero 20120403
ClamAV 20120403
Commtouch 20120403
Comodo 20120403
DrWeb 20120403
Emsisoft 20120403
F-Prot 20120403
F-Secure 20120403
Fortinet 20120403
GData 20120403
Ikarus 20120403
Jiangmin 20120331
K7AntiVirus 20120402
Kaspersky 20120403
Microsoft 20120403
Norman 20120403
PCTools 20120326
Panda 20120403
Rising 20120401
SUPERAntiSpyware 20120402
Sophos 20120403
Symantec 20120403
TheHacker 20120403
TrendMicro 20120403
TrendMicro-HouseCall 20120403
VBA32 20120403
ViRobot 20120403
VirusBuster 20120403
eSafe 20120402
eTrust-Vet 20120403
nProtect 20120403
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT RAR
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-03-02 07:40:24
Entry Point 0x0000B4B5
Number of sections 5
PE sections
PE imports
RegOpenKeyExW, LookupPrivilegeValueW, OpenProcessToken, RegQueryValueExW, RegCreateKeyExW, RegSetValueExW, RegCloseKey, SetFileSecurityW, SetFileSecurityA, AdjustTokenPrivileges
InitCommonControlsEx, -
GetOpenFileNameW, CommDlgExtendedError, GetSaveFileNameW
GetDeviceCaps, GetObjectW, CreateCompatibleBitmap, SelectObject, StretchBlt, CreateCompatibleDC, DeleteObject, DeleteDC
DeleteFileW, DeleteFileA, CreateDirectoryA, CreateDirectoryW, FindClose, FindNextFileA, FindFirstFileA, FindNextFileW, FindFirstFileW, GetTickCount, WideCharToMultiByte, GlobalAlloc, GetVersionExW, GetFullPathNameA, GetFullPathNameW, GetModuleFileNameW, FindResourceW, GetModuleHandleW, HeapAlloc, GetProcessHeap, HeapFree, HeapReAlloc, CompareStringA, ExitProcess, GetLocaleInfoW, GetNumberFormatW, SetFileAttributesW, GetDateFormatW, GetTimeFormatW, FileTimeToSystemTime, FileTimeToLocalFileTime, ExpandEnvironmentStringsW, WaitForSingleObject, Sleep, GetTempPathW, MoveFileExW, UnmapViewOfFile, GetCommandLineW, MapViewOfFile, CreateFileMappingW, OpenFileMappingW, SetEnvironmentVariableW, GetProcAddress, LocalFileTimeToFileTime, SystemTimeToFileTime, GetSystemTime, MultiByteToWideChar, CompareStringW, IsDBCSLeadByte, GetCPInfo, SetCurrentDirectoryW, LoadLibraryW, FreeLibrary, SetFileAttributesA, GetFileAttributesW, GetFileAttributesA, WriteFile, GetStdHandle, ReadFile, GetCurrentDirectoryW, CreateFileW, CreateFileA, GetFileType, SetEndOfFile, SetFilePointer, MoveFileW, SetFileTime, GetCurrentProcess, CloseHandle, SetLastError, GetLastError, DosDateTimeToFileTime
SHChangeNotify, ShellExecuteExW, SHFileOperationW, SHGetFileInfoW, SHGetSpecialFolderLocation, SHGetMalloc, SHBrowseForFolderW, SHGetPathFromIDListW
SHAutoComplete
wvsprintfW, ReleaseDC, GetDC, SendMessageW, SetDlgItemTextW, SetFocus, EndDialog, DestroyIcon, SendDlgItemMessageW, GetDlgItemTextW, GetClassNameW, DialogBoxParamW, IsWindowVisible, WaitForInputIdle, SetForegroundWindow, GetSysColor, PostMessageW, LoadBitmapW, LoadIconW, CharToOemA, OemToCharA, FindWindowExW, wvsprintfA, GetParent, MapWindowPoints, CreateWindowExW, UpdateWindow, SetWindowTextW, LoadCursorW, RegisterClassExW, SetWindowLongW, GetWindowLongW, DefWindowProcW, PeekMessageW, GetMessageW, TranslateMessage, DispatchMessageW, DestroyWindow, GetClientRect, IsWindow, CharToOemBuffW, MessageBoxW, ShowWindow, GetDlgItem, EnableWindow, OemToCharBuffA, CharUpperA, CharToOemBuffA, LoadStringW, SetWindowPos, GetWindowTextW, GetSystemMetrics, GetWindow, CharUpperW, GetWindowRect, CopyRect
CreateStreamOnHGlobal, OleInitialize, CoCreateInstance, OleUninitialize, CLSIDFromString
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:03:02 08:40:24+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
72192

LinkerVersion
9.0

EntryPoint
0xb4b5

InitializedDataSize
90624

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 22d7cf7b0591e8c9688769d5f502ddf4
SHA1 67d0afa7bec979d8c9f4fc4d204ca5bf1aac0977
SHA256 1b9c0e6709b163e918477711c384705a8ef28eea776d58b86f49a98998ae8595
ssdeep
49152:DXqBek6D4JzHpo9PCEzePAtzWtuqU7LKiH6ObEo0t1lz:D1DHNCHPAOU7OiHdAv

File size 2.1 MB ( 2187394 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
VirusTotal metadata
First submission 2012-04-03 15:21:07 UTC ( 2 years ago )
Last submission 2012-04-03 18:30:34 UTC ( 2 years ago )
File names setup.exe
6CA2197482997DE8608A21233480C300BC2DB94C.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!