× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1df0ee629d3ac419fcaa0c6c313a779af507ebeb24a0b86bbf6f259b107f0fe9
File name: installer.exe
Detection ratio: 0 / 58
Analysis date: 2016-08-31 17:18:35 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware 20160831
AegisLab 20160831
AhnLab-V3 20160831
Alibaba 20160831
ALYac 20160831
Antiy-AVL 20160831
Arcabit 20160831
Avast 20160831
AVG 20160831
Avira (no cloud) 20160831
AVware 20160831
Baidu 20160831
BitDefender 20160831
Bkav 20160831
CAT-QuickHeal 20160831
ClamAV 20160831
CMC 20160830
Comodo 20160831
CrowdStrike Falcon (ML) 20160725
Cyren 20160831
DrWeb 20160831
Emsisoft 20160831
ESET-NOD32 20160831
F-Prot 20160831
F-Secure 20160831
Fortinet 20160831
GData 20160831
Ikarus 20160831
Sophos ML 20160830
Jiangmin 20160831
K7AntiVirus 20160831
K7GW 20160831
Kaspersky 20160831
Kingsoft 20160831
Malwarebytes 20160831
McAfee 20160831
McAfee-GW-Edition 20160831
Microsoft 20160831
eScan 20160831
NANO-Antivirus 20160831
nProtect 20160831
Panda 20160831
Qihoo-360 20160831
Rising 20160831
Sophos AV 20160831
SUPERAntiSpyware 20160831
Symantec 20160831
Tencent 20160831
TheHacker 20160829
TotalDefense 20160831
TrendMicro 20160831
TrendMicro-HouseCall 20160831
VBA32 20160831
VIPRE 20160831
ViRobot 20160831
Yandex 20160831
Zillya 20160831
Zoner 20160831
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2007 - 2015 Akamai Technologies, Inc.

Product Akamai NetSession Client
Original name installer.exe
Internal name installer
File version 1.9.3.1
Description Akamai NetSession Client Installer
Signature verification Signed file, verified signature
Signing date 9:15 PM 9/10/2015
Signers
[+] Akamai Technologies, Inc.
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer Cybertrust Public SureCodeSign CA
Valid from 05:56 PM 10/28/2013
Valid to 05:56 PM 10/28/2015
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 50F8E92DD1450789A3C163A76B6694FBAA101F22
Serial number 01 00 00 00 00 01 42 00 1E 53 E2 F9 09 58
[+] Cybertrust Public SureCodeSign CA
Status Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer Baltimore CyberTrust Root
Valid from 05:23 PM 09/08/2010
Valid to 05:22 PM 09/08/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 4D1E3E932287010D833A823DB7B8300EDF99DB59
Serial number 07 27 37 0A
[+] DigiCert Baltimore Root
Status Valid
Issuer Baltimore CyberTrust Root
Valid from 06:46 PM 05/12/2000
Valid to 11:59 PM 05/12/2025
Valid usage Server Auth, Email Protection, Client Auth, Code Signing, OCSP Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint D4DE20D05E66FC53FE1A50882C78DB2852CAE474
Serial number 02 00 00 B9
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 12:00 AM 10/18/2012
Valid to 11:59 PM 12/29/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 12/21/2012
Valid to 11:59 PM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 01/01/1997
Valid to 11:59 PM 12/31/2020
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT RAR
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-02-17 14:55:21
Entry Point 0x0000B583
Number of sections 5
PE sections
Overlays
MD5 6a42dac72c167e9aaefadf39f23ff61b
File type application/x-rar
Offset 165888
Size 10301680
Entropy 8.00
PE imports
RegCreateKeyExW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
SetFileSecurityA
RegQueryValueExW
InitCommonControlsEx
GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW
GetDeviceCaps
DeleteDC
SelectObject
StretchBlt
GetObjectW
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetFilePointer
GetSystemTime
GetLastError
HeapFree
GetStdHandle
DosDateTimeToFileTime
ReadFile
FileTimeToSystemTime
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
GetExitCodeProcess
FindNextFileA
CompareStringW
HeapAlloc
SystemTimeToFileTime
IsDBCSLeadByte
GetCommandLineW
GetFileAttributesW
GetCurrentProcess
FileTimeToLocalFileTime
MoveFileW
OpenFileMappingW
SetFileAttributesA
GetDateFormatW
CreateDirectoryA
DeleteFileA
GetCPInfo
ExitProcess
MultiByteToWideChar
SetEnvironmentVariableW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CreateFileMappingW
GetTimeFormatW
WriteFile
SetFileAttributesW
CloseHandle
WideCharToMultiByte
MapViewOfFile
MoveFileExW
ExpandEnvironmentStringsW
FindNextFileW
SetEndOfFile
GetFileAttributesA
GetTempPathW
FindFirstFileA
FindFirstFileW
HeapReAlloc
GetModuleHandleW
GetFullPathNameA
FreeLibrary
GetCurrentDirectoryW
LoadLibraryW
SetCurrentDirectoryW
UnmapViewOfFile
FindResourceW
CreateFileW
GlobalAlloc
LocalFileTimeToFileTime
FindClose
Sleep
GetFileType
GetFullPathNameW
SetFileTime
CreateFileA
GetTickCount
GetLocaleInfoW
GetNumberFormatW
SetLastError
CompareStringA
VariantInit
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
SHGetMalloc
SHAutoComplete
SetFocus
MapWindowPoints
GetParent
UpdateWindow
EndDialog
LoadBitmapW
DefWindowProcW
GetWindowTextW
GetMessageW
ShowWindow
GetSystemMetrics
SetWindowPos
wvsprintfW
CharToOemBuffA
SetWindowLongW
IsWindow
SendMessageW
GetWindowRect
RegisterClassExW
CharUpperW
DialogBoxParamW
CharToOemBuffW
wvsprintfA
SendDlgItemMessageW
GetDlgItemTextW
PostMessageW
GetSysColor
SetDlgItemTextW
GetDC
ReleaseDC
DestroyIcon
TranslateMessage
IsWindowVisible
LoadStringW
SetWindowTextW
GetDlgItem
GetWindow
MessageBoxW
DispatchMessageW
GetClassNameW
PeekMessageW
CharUpperA
GetClientRect
OemToCharA
EnableWindow
CopyRect
WaitForInputIdle
OemToCharBuffA
LoadCursorW
LoadIconW
FindWindowExW
CreateWindowExW
GetWindowLongW
SetForegroundWindow
DestroyWindow
CharToOemA
CreateStreamOnHGlobal
OleUninitialize
CoCreateInstance
OleInitialize
CLSIDFromString
Number of PE resources by type
RT_ICON 7
RT_DIALOG 6
RT_STRING 6
RT_MANIFEST 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 23
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.9.3.1

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Akamai NetSession Client Installer

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
179200

EntryPoint
0xb583

OriginalFileName
installer.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2007 - 2015 Akamai Technologies, Inc.

FileVersion
1.9.3.1

TimeStamp
2012:02:17 15:55:21+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
installer

ProductVersion
1.9.3.1

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Akamai Technologies, Inc.

CodeSize
73216

ProductName
Akamai NetSession Client

ProductVersionNumber
1.9.3.1

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Overlay parents
File identification
MD5 78f2e300767ea8e0fb860586b8de36af
SHA1 b5cc40686d45460f85734829eec8994a688832c9
SHA256 1df0ee629d3ac419fcaa0c6c313a779af507ebeb24a0b86bbf6f259b107f0fe9
ssdeep
196608:DyPcfe8nIlwgcoHlCsm2m3H+/m4IlQHzJdhm1sOdrEDqEdozWgK:GPMnIWKIv2m3H+/m4kQHd96rE3dXgK

authentihash 808f4fd684cb892f26fab0b1a4fff6f4f26f43e93fe488574bbf9e167f2d07c2
imphash 553ef6236c6cb4268814330cd1e93c7d
File size 10.0 MB ( 10467568 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID WinRAR Self Extracting archive (4.x-5.x) (91.4%)
Win32 Executable MS Visual C++ (generic) (3.4%)
Win64 Executable (generic) (3.0%)
Win32 Dynamic Link Library (generic) (0.7%)
Win32 Executable (generic) (0.5%)
Tags
revoked-cert peexe signed overlay

VirusTotal metadata
First submission 2015-09-21 20:25:47 UTC ( 3 years, 4 months ago )
Last submission 2018-07-23 11:12:49 UTC ( 6 months, 4 weeks ago )
File names d2b9d2.tmpscan
Akamai_NetSession_Installer.exe
informatica_akamai_download_manager.exe
hp_download_manager[1].exe
cisco_dlm_installer.exe
installer.exe.lblzrc9.partial
Adobe_Captivate_9_English_Windows-AkamaiDLM.exe
Adobe_Presenter_11_English_Windows-AkamaiDLM.txt
installer.exe.e5boiox.partial
unconfirmed 860205.crdownload
hp_download_manager.exe.9up2ebf.partial
installer
filename
akamai dl mgr installer.exe
hp_download_manager.exe.c4prlc5.partial
installer.exe.9ysri79.partial
unconfirmed 379691.crdownload
Adobe Presenter 11-AkamaiDLM.exe
VirusShare_78f2e300767ea8e0fb860586b8de36af.bin
aHP_Download_Manager.exe
installer_no_upload.exe
Adobe_Director_12_Japanese_Windows-AkamaiDLM.exe
8f9accdd-9d6f-2fda-fca7-2acd7810b587_1d26ec1296a0cce
BlackBerry Push Service Low Level API v1.1.0.exe
installer[1].exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs