× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1d18e85c2559afd67392543bf497983ad08d9aafc7b05ef02349fa4c8dc1a6f1
File name: setupempdrv03.exe
Detection ratio: 0 / 44
Analysis date: 2012-11-15 20:16:41 UTC ( 5 years, 9 months ago ) View latest
Antivirus Result Update
Yandex 20121114
AhnLab-V3 20121115
AntiVir 20121115
Antiy-AVL 20121115
Avast 20121115
AVG 20121115
BitDefender 20121115
ByteHero 20121113
CAT-QuickHeal 20121115
ClamAV 20121115
Commtouch 20121115
Comodo 20121115
DrWeb 20121115
Emsisoft 20121115
eSafe 20121115
ESET-NOD32 20121115
F-Prot 20121115
F-Secure 20121115
Fortinet 20121115
GData 20121115
Ikarus 20121115
Jiangmin 20121115
K7AntiVirus 20121115
Kaspersky 20121115
Kingsoft 20121112
McAfee 20121115
McAfee-GW-Edition 20121115
Microsoft 20121115
eScan 20121115
Norman 20121115
nProtect 20121115
Panda 20121115
PCTools 20121115
Rising 20121114
Sophos AV 20121115
SUPERAntiSpyware 20121115
Symantec 20121115
TheHacker 20121113
TotalDefense 20121115
TrendMicro 20121115
TrendMicro-HouseCall 20121115
VBA32 20121115
VIPRE 20121115
ViRobot 20121115
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Certificate out of its validity period
Signers
[+] CHENGDU YIWO Tech Development Co.
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2004 CA
Valid from 1:00 AM 8/14/2008
Valid to 12:59 AM 8/15/2011
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 249B402EF4DEFBD80C492F2191BDFE04E2A2C496
Serial number 6C F2 F2 7C 3D F2 FB 0E 37 83 AA D5 45 78 AA 7E
[+] VeriSign Class 3 Code Signing 2004 CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 7/16/2004
Valid to 12:59 AM 7/16/2014
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 197A4AEBDB25F0170079BB8C73CB2D655E0018A4
Serial number 41 91 A1 5A 39 78 DF CF 49 65 66 38 1D 4C 75 C2
[+] VeriSign Class 3 Public Primary CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 1/29/1996
Valid to 12:59 AM 8/2/2028
Valid usage Email Protection, Client Auth, Code Signing, Server Auth
Algorithm md2RSA
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-10-17 10:17:25
Entry Point 0x00001455
Number of sections 4
PE sections
Overlays
MD5 3306be9412f0e79f6765679841592c45
File type data
Offset 81920
Size 4488
Entropy 7.26
PE imports
CloseServiceHandle
OpenServiceA
CreateServiceA
ControlService
StartServiceA
DeleteService
OpenSCManagerA
GetLastError
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
LoadLibraryA
GetSystemWindowsDirectoryA
GetOEMCP
QueryPerformanceCounter
HeapDestroy
ExitProcess
VirtualProtect
GetVersionExA
GetModuleFileNameA
RtlUnwind
lstrcmpiW
FreeEnvironmentStringsA
HeapAlloc
GetStartupInfoA
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetSystemInfo
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
InterlockedExchange
WriteFile
GetCurrentProcess
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
LocalFree
TerminateProcess
LCMapStringA
HeapCreate
VirtualQuery
VirtualFree
GetEnvironmentStringsW
GetFileType
GetTickCount
GetCurrentThreadId
VirtualAlloc
CommandLineToArgvW
Number of PE resources by type
RT_ICON 16
RT_GROUP_ICON 2
RT_DIALOG 1
RT_STRING 1
RT_MENU 1
RT_ACCELERATOR 1
Number of PE resources by language
CHINESE SIMPLIFIED 22
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2008:10:17 11:17:25+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16384

LinkerVersion
7.1

FileTypeExtension
exe

InitializedDataSize
61440

SubsystemVersion
4.0

EntryPoint
0x1455

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 780fb595e5e11355a8313f644329e3eb
SHA1 2a4714ff389bb2391f9c57ce9da6064ac2aed8ee
SHA256 1d18e85c2559afd67392543bf497983ad08d9aafc7b05ef02349fa4c8dc1a6f1
ssdeep
768:IHzUABktgA6DOAsjWXkGjAni8CZi8Ky2lc+ZU9QZU9omWbo:IHzTBktWDOAWWUfniNiVlRzI2o

authentihash 80baf7e2e55764d5d8f38b3734aa2ff873951a333d03f9f4b7686081c991a8e5
imphash f2d2f49859db935147acc83ff8a8366c
File size 84.4 KB ( 86408 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2009-03-11 13:41:57 UTC ( 9 years, 5 months ago )
Last submission 2016-03-15 22:39:42 UTC ( 2 years, 5 months ago )
File names is-g225b.tmp
file-658249_exe
smona124058761518756924779
setupempdrv03.exe
is-eq7kl.tmp
setupempdrv03.exe
is-llvv5.tmp
is-gt9vd.tmp
is-v2d6e.tmp
is-6muns.tmp
smona130775572734556715158
is-ehrde.tmp
is-k9mt6.tmp
0067518a_180c_crypt_io_copy.tmp
smona_1d18e85c2559afd67392543bf497983ad08d9aafc7b05ef02349fa4c8dc1a6f1.bin
is-cgpn5.tmp
2d0cdf8488485e56519a01d0d1497e0025766173.exe
is-4e9a6.tmp
is-f065k.tmp
is-q8rdb.tmp
75.vir
is-tqoin.tmp
is-pbj7a.tmp
is-dl5lt.tmp
is-kttug.tmp
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!