× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1d28fd81887f8a0fdacae0ec57a8681bcea7ecaa00d30f996eee8929f6c29764
File name: file-1169657_exe
Detection ratio: 0 / 55
Analysis date: 2016-07-31 03:13:46 UTC ( 2 years ago )
Antivirus Result Update
Ad-Aware 20160731
AegisLab 20160731
AhnLab-V3 20160730
Alibaba 20160730
ALYac 20160731
Antiy-AVL 20160802
Arcabit 20160731
Avast 20160731
AVG 20160731
Avira (no cloud) 20160730
AVware 20160802
Baidu 20160730
BitDefender 20160731
Bkav 20160727
CAT-QuickHeal 20160730
ClamAV 20160731
CMC 20160728
Comodo 20160730
Cyren 20160731
DrWeb 20160731
Emsisoft 20160731
ESET-NOD32 20160730
F-Prot 20160731
F-Secure 20160731
Fortinet 20160731
GData 20160731
Ikarus 20160730
Jiangmin 20160731
K7AntiVirus 20160730
K7GW 20160731
Kaspersky 20160731
Kingsoft 20160731
Malwarebytes 20160731
McAfee 20160731
McAfee-GW-Edition 20160730
Microsoft 20160731
eScan 20160731
NANO-Antivirus 20160731
nProtect 20160729
Panda 20160730
Qihoo-360 20160731
Sophos AV 20160731
SUPERAntiSpyware 20160730
Symantec 20160731
Tencent 20160731
TheHacker 20160729
TotalDefense 20160731
TrendMicro 20160731
TrendMicro-HouseCall 20160731
VBA32 20160729
VIPRE 20160731
ViRobot 20160730
Yandex 20160730
Zillya 20160730
Zoner 20160731
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 9:31 PM 8/20/2008
Signers
[+] Hewlett Packard
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2004 CA
Valid from 1:00 AM 8/27/2007
Valid to 12:59 AM 9/5/2009
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint E8B332AD4EE0475596466C6FF7E01DCC18CA4775
Serial number 45 62 43 07 0B 32 AB 65 36 43 BA 67 B6 52 95 3C
[+] VeriSign Class 3 Code Signing 2004 CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 7/16/2004
Valid to 12:59 AM 7/16/2014
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 197A4AEBDB25F0170079BB8C73CB2D655E0018A4
Serial number 41 91 A1 5A 39 78 DF CF 49 65 66 38 1D 4C 75 C2
[+] VeriSign Class 3 Public Primary CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 1/29/1996
Valid to 12:59 AM 8/2/2028
Valid usage Email Protection, Client Auth, Code Signing, Server Auth
Algorithm md2RSA
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 1:00 AM 6/15/2007
Valid to 12:59 AM 6/15/2012
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT maxorder, appended, 7Z, Unicode, UTF-8
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-07-17 23:39:50
Entry Point 0x0001A534
Number of sections 4
PE sections
Overlays
MD5 62e14078e1e68e9f07ae0f1ba686e9a6
File type data
Offset 228864
Size 19603336
Entropy 8.00
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetStdHandle
GetConsoleOutputCP
WaitForSingleObject
FindFirstFileW
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
SetHandleCount
SetStdHandle
GetTempPathA
GetCPInfo
GetStringTypeA
GetTempPathW
GetSystemTimeAsFileTime
EnumResourceLanguagesA
HeapReAlloc
GetStringTypeW
GetFullPathNameA
GetOEMCP
LocalFree
FormatMessageW
InitializeCriticalSection
FindClose
InterlockedDecrement
FormatMessageA
GetFullPathNameW
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetUserDefaultLangID
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
SetFileAttributesW
CreateThread
SetFileAttributesA
SetUnhandledExceptionFilter
TerminateProcess
WriteConsoleA
SetCurrentDirectoryW
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
SetCurrentDirectoryA
WriteConsoleW
CloseHandle
CreateToolhelp32Snapshot
AreFileApisANSI
HeapFree
EnterCriticalSection
OpenProcess
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
Process32Next
GetStartupInfoA
GetFileSize
Process32First
CreateDirectoryA
DeleteFileA
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
GetProcessHeap
RemoveDirectoryW
FreeEnvironmentStringsW
FindNextFileW
ResetEvent
FindNextFileA
DuplicateHandle
GetProcAddress
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
lstrlenA
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
RemoveDirectoryA
GetEnvironmentStrings
GetCurrentProcessId
SetFileTime
GetCommandLineW
GetCurrentDirectoryA
HeapSize
GetCommandLineA
RaiseException
TlsFree
GetModuleHandleA
ReadFile
FindFirstFileA
GetACP
CreateProcessA
WideCharToMultiByte
HeapCreate
WriteFile
VirtualFree
Sleep
VirtualAlloc
VariantClear
SysAllocString
SHGetPathFromIDListW
SHCreateDirectoryExA
SHCreateDirectoryExW
ShellExecuteExA
SHBrowseForFolderW
EndDialog
KillTimer
ShowWindow
CharLowerA
MessageBoxW
PostMessageA
CharUpperW
DialogBoxParamW
CharLowerW
SetWindowLongA
DialogBoxParamA
CharUpperA
SetWindowTextA
LoadStringA
SendMessageA
LoadStringW
SetWindowTextW
GetDlgItem
GetWindowLongA
GetWindowTextLengthA
SetTimer
GetWindowTextW
GetWindowTextLengthW
GetWindowTextA
DestroyWindow
CoTaskMemFree
OleInitialize
Number of PE resources by type
RT_STRING 53
RT_DIALOG 2
RT_ICON 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 60
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
80896

ImageVersion
0.0

ProductName
HP Webpack

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
7zS.sfx

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0

TimeStamp
2008:07:18 00:39:50+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
7zS.sfx

ProductVersion
1.0

FileDescription
HP Webpack

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Hewlett-Packard Company

MachineType
Intel 386 or later, and compatibles

CompanyName
Hewlett-Packard Company

CodeSize
146944

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x1a534

ObjectFileType
Executable application

File identification
MD5 12af1e1223474aa6bbf106d3f6ca2bee
SHA1 4420b53e7311d5171c529b20ba35143ec4302535
SHA256 1d28fd81887f8a0fdacae0ec57a8681bcea7ecaa00d30f996eee8929f6c29764
ssdeep
393216:jaALA0RyeSUnuhv/VMHpaq4ChhjUe05XvxPBQtAWp:+ALA0o4nuhv/K8chsrpQtBp

authentihash 9786e05c1825c9cd54f8c8be44a6750867b345d7d1a0e89b924e5db88c42f091
imphash aca1d87df3b100dd5428cd87d4791049
File size 18.9 MB ( 19832200 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2009-11-06 23:00:06 UTC ( 8 years, 9 months ago )
Last submission 2010-06-19 17:54:20 UTC ( 8 years, 2 months ago )
File names file-1169657_exe
hp_photosmart_essential_3.50_t__r
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs