× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1bdf629b35f988a9eb1fd74f53fbce99a009f384d644d5ec3444b2e12bc8893c
File name: googledrivesync.exe
Detection ratio: 0 / 54
Analysis date: 2015-11-05 09:54:44 UTC ( 3 years, 5 months ago )
Antivirus Result Update
Ad-Aware 20151106
AegisLab 20151105
Yandex 20151106
AhnLab-V3 20151105
Alibaba 20151106
Antiy-AVL 20151106
Arcabit 20151106
Avast 20151106
AVG 20151105
Avira (no cloud) 20151106
AVware 20151106
Baidu-International 20151105
BitDefender 20151106
Bkav 20151105
ByteHero 20151106
CAT-QuickHeal 20151105
ClamAV 20151103
CMC 20151102
Comodo 20151106
Cyren 20151106
DrWeb 20151106
Emsisoft 20151106
ESET-NOD32 20151106
F-Prot 20151106
F-Secure 20151106
Fortinet 20151105
GData 20151106
Ikarus 20151106
Jiangmin 20151105
K7AntiVirus 20151105
K7GW 20151106
Kaspersky 20151106
Malwarebytes 20151106
McAfee 20151106
McAfee-GW-Edition 20151106
Microsoft 20151106
eScan 20151106
NANO-Antivirus 20151106
nProtect 20151106
Panda 20151105
Rising 20151105
Sophos AV 20151106
SUPERAntiSpyware 20151106
Symantec 20151105
Tencent 20151106
TheHacker 20151103
TotalDefense 20151105
TrendMicro 20151106
TrendMicro-HouseCall 20151106
VBA32 20151105
VIPRE 20151106
ViRobot 20151106
Zillya 20151105
Zoner 20151106
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright 2007-2010 Google Inc.

Publisher Google Inc
Product Google Update
Original name GoogleUpdateSetup.exe
Internal name Google Update Setup
File version 1.3.28.15
Description Google Update Setup
Signature verification Signed file, verified signature
Signing date 2:41 AM 9/4/2015
Signers
[+] Google Inc
Status Valid
Issuer None
Valid from 1:00 AM 1/29/2014
Valid to 12:59 AM 1/30/2016
Valid usage Code Signing
Algorithm SHA1
Thumbprint FCAC7E666CC54341CA213BECF2EB463F2B62ADB0
Serial number 29 12 C7 0C 9A 2B 8A 3E F6 F6 07 46 62 D6 8B 8D
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer None
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer None
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm SHA1
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer None
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer None
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer None
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm MD5
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-09-04 01:32:07
Entry Point 0x0000544C
Number of sections 5
PE sections
Overlays
MD5 3dc4d25994a14cb176caa6671bb05050
File type data
Offset 914432
Size 15440
Entropy 4.68
PE imports
GetStdHandle
WaitForSingleObject
HeapDestroy
EncodePointer
VerifyVersionInfoW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
LocalFree
FormatMessageW
LoadResource
TlsGetValue
SetLastError
CopyFileW
OutputDebugStringW
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
VerSetConditionMask
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetModuleHandleExW
VirtualQuery
GetCurrentThreadId
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
GetOEMCP
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
lstrcmpiW
RtlUnwind
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GetTempFileNameW
CreateFileMappingW
RemoveDirectoryW
GetTempPathW
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
GetEnvironmentStringsW
SizeofResource
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
FindResourceExW
IsValidCodePage
UnmapViewOfFile
FindResourceW
CreateProcessW
Sleep
SHGetFolderPathW
Ord(680)
PathQuoteSpacesW
PathAppendW
wvsprintfW
CharLowerBuffW
MessageBoxW
CharNextA
CoInitializeEx
CoUninitialize
Number of PE resources by type
RT_STRING 47
RT_ICON 6
B 1
GOOGLEUPDATE 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 9
NEUTRAL 3
HEBREW DEFAULT 1
SWEDISH 1
UKRAINIAN DEFAULT 1
HUNGARIAN DEFAULT 1
VIETNAMESE DEFAULT 1
ESTONIAN DEFAULT 1
TAMIL DEFAULT 1
FRENCH 1
SLOVENIAN DEFAULT 1
INDONESIAN DEFAULT 1
GUJARATI DEFAULT 1
DUTCH 1
MARATHI DEFAULT 1
ITALIAN 1
URDU PAKISTAN 1
CATALAN DEFAULT 1
PORTUGUESE BRAZILIAN 1
KANNADA DEFAULT 1
FARSI DEFAULT 1
FINNISH DEFAULT 1
HINDI DEFAULT 1
KOREAN 1
MALAY MALAYSIA 1
CZECH DEFAULT 1
TELUGU DEFAULT 1
LITHUANIAN 1
GERMAN 1
ICELANDIC DEFAULT 1
BULGARIAN DEFAULT 1
POLISH DEFAULT 1
JAPANESE DEFAULT 1
DANISH DEFAULT 1
SWAHILI DEFAULT 1
SLOVAK DEFAULT 1
BENGALI DEFAULT 1
GREEK DEFAULT 1
TURKISH DEFAULT 1
LATVIAN DEFAULT 1
NORWEGIAN BOKMAL 1
CHINESE TRADITIONAL 1
THAI DEFAULT 1
SERBIAN DEFAULT 1
ARABIC SAUDI ARABIA 1
ROMANIAN 1
RUSSIAN 1
MALAYALAM DEFAULT 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.3.28.15

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Google Update Setup

CharacterSet
Unicode

InitializedDataSize
838144

EntryPoint
0x544c

OriginalFileName
GoogleUpdateSetup.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2007-2010 Google Inc.

FileVersion
1.3.28.15

LanguageId
en

TimeStamp
2015:09:04 02:32:07+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Google Update Setup

ProductVersion
1.3.28.15

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Google Inc.

CodeSize
75264

ProductName
Google Update

ProductVersionNumber
1.3.28.15

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 651e6301c924bc63943adbdd507b4535
SHA1 43a1101cf691e9450fdab797e94cb9b02ceba587
SHA256 1bdf629b35f988a9eb1fd74f53fbce99a009f384d644d5ec3444b2e12bc8893c
ssdeep
24576:uXomBs1WhjKcohDdd00pC0IKfulkBWeQGX6sO:C74seWoAKfulkBWeQTN

authentihash 5b6aee45fcdc39a7dc5ab7eb8e4433c9ddc1314b35f9acc9449120320e3e57a5
imphash 052db2c45a89e808d566f853dbe2ce3e
File size 908.1 KB ( 929872 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2015-10-09 06:35:29 UTC ( 3 years, 6 months ago )
Last submission 2015-10-09 06:35:29 UTC ( 3 years, 6 months ago )
File names Google Update Setup
GoogleUpdateSetup.exe
googledrivesync.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Opened mutexes
Runtime DLLs