× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1efc502813386abe75de435aef7bdaed9ec8efee1804dcafdf916da81c32f0de
File name: 737090
Detection ratio: 0 / 58
Analysis date: 2016-03-25 10:33:06 UTC ( 1 year, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware 20160325
AegisLab 20160325
Yandex 20160316
AhnLab-V3 20160325
Alibaba 20160323
ALYac 20160325
Antiy-AVL 20160325
Arcabit 20160325
Avast 20160325
AVG 20160325
Avira (no cloud) 20160325
AVware 20160325
Baidu 20160324
Baidu-International 20160325
BitDefender 20160325
Bkav 20160324
ByteHero 20160325
CAT-QuickHeal 20160325
ClamAV 20160325
CMC 20160322
Comodo 20160325
Cyren 20160325
DrWeb 20160325
Emsisoft 20160325
ESET-NOD32 20160325
F-Prot 20160325
F-Secure 20160325
Fortinet 20160325
GData 20160325
Ikarus 20160325
Jiangmin 20160325
K7AntiVirus 20160325
K7GW 20160323
Kaspersky 20160325
Kingsoft 20160325
Malwarebytes 20160325
McAfee 20160325
McAfee-GW-Edition 20160325
Microsoft 20160325
eScan 20160325
NANO-Antivirus 20160325
nProtect 20160325
Panda 20160325
Qihoo-360 20160325
Rising 20160325
Sophos AV 20160325
SUPERAntiSpyware 20160325
Symantec 20160325
Tencent 20160325
TheHacker 20160325
TotalDefense 20160325
TrendMicro 20160325
TrendMicro-HouseCall 20160325
VBA32 20160324
VIPRE 20160325
ViRobot 20160325
Zillya 20160324
Zoner 20160325
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
(C)Qihu 360 Software Co., Ltd. All rights reserved.

Product 360 Total Security Online Installer
Original name 360Installer.exe
Internal name 360Installer
File version 6, 6, 0, 1037
Description 360 Total Security Online Installer
Signature verification Signed file, verified signature
Signing date 9:18 AM 9/11/2015
Signers
[+] QIHU 360 SOFTWARE CO. LIMITED
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 3/26/2013
Valid to 12:59 AM 3/26/2016
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint BA6C679D8DFCBF7ABCE2289064382135F2FD6063
Serial number 5D 8B 3C DB A4 AB C4 78 E5 1C 42 33 7F 2F F6 55
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] COMODO Time Stamping Signer
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 5/5/2015
Valid to 12:59 AM 1/1/2016
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint DF946A5E503015777FD22F46B5624ECD27BEE376
Serial number 00 9F EA C8 11 B0 F1 62 47 A5 FC 20 D8 05 23 AC E6
[+] UTN-USERFirst-Object
Status Valid
Issuer AddTrust External CA Root
Valid from 9:09 AM 6/7/2005
Valid to 11:48 AM 5/30/2020
Valid usage All
Algorithm sha1RSA
Thumbrint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] The USERTrust Network?
Status Valid
Issuer AddTrust External CA Root
Valid from 11:48 AM 5/30/2000
Valid to 11:48 AM 5/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbrint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-09-03 12:02:54
Entry Point 0x00032AB7
Number of sections 4
PE sections
Overlays
MD5 57bf59d39c6af119ec6018e6dbc6c573
File type data
Offset 1339904
Size 6264
Entropy 7.40
PE imports
RegCreateKeyExW
DuplicateTokenEx
RegDeleteValueW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegQueryInfoKeyW
RegQueryValueExA
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegOpenKeyExA
SetTokenInformation
RegOpenKeyW
RegDeleteKeyW
GetLengthSid
ConvertStringSidToSidW
RegEnumKeyExA
CreateProcessAsUserW
InitCommonControlsEx
_TrackMouseEvent
GetDeviceCaps
OffsetViewportOrgEx
CreateRectRgn
DeleteDC
CreateFontIndirectW
RestoreDC
SelectObject
EnumFontFamiliesW
CreateDIBSection
SaveDC
SetViewportOrgEx
CreateCompatibleBitmap
CombineRgn
BitBlt
CreateFontW
CreateCompatibleDC
DeleteObject
StretchBlt
GetAdaptersInfo
GetIpAddrTable
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
ReleaseMutex
WaitForSingleObject
DebugBreak
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LoadLibraryExW
GetLogicalDrives
FreeEnvironmentStringsW
HeapSize
SetStdHandle
GetCPInfo
LoadLibraryW
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
FormatMessageW
InitializeCriticalSection
OutputDebugStringW
FindClose
TlsGetValue
GetFullPathNameW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
OpenThread
LoadResource
RemoveDirectoryW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
lstrcmpiW
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointerEx
FlushInstructionCache
GetPrivateProfileStringW
LeaveCriticalSection
SetFilePointer
CreateThread
SetEnvironmentVariableW
MoveFileExW
GetSystemDirectoryW
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
IsProcessorFeaturePresent
ExitThread
TerminateProcess
FindAtomW
WriteConsoleA
GlobalAlloc
LocalFileTimeToFileTime
GetDiskFreeSpaceExW
SetEndOfFile
GetVersion
GetProcAddress
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
DeviceIoControl
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoA
GetFileSize
GetModuleHandleW
GetStartupInfoW
DeleteFileW
GetUserDefaultLCID
AddAtomW
GetProcessHeap
GetTempFileNameW
lstrcpyW
GetFileSizeEx
GetModuleFileNameW
lstrcmpA
FindNextFileW
FreeConsole
FindFirstFileW
IsValidLocale
GlobalLock
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
GetLocaleInfoW
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
FindResourceW
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
CreateProcessW
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
WideCharToMultiByte
GetAtomNameW
InterlockedCompareExchange
RaiseException
TlsFree
GetModuleHandleA
ReadFile
DeleteAtom
CloseHandle
GetACP
GetCurrentThreadId
FreeResource
IsValidCodePage
HeapCreate
GetTempPathW
VirtualFree
Sleep
VirtualAlloc
VarUI4FromStr
SysFreeString
SysAllocString
SetupIterateCabinetW
SHCreateDirectoryExW
Shell_NotifyIconW
ShellExecuteW
Ord(165)
ShellExecuteExW
SHAppBarMessage
SHGetSpecialFolderPathW
StrCmpW
SHSetValueW
PathCombineW
PathFindFileNameW
SHGetValueA
PathFileExistsW
PathRemoveFileSpecW
StrStrIW
PathAppendW
SHSetValueA
PathIsPrefixW
PathIsRelativeW
SHGetValueW
MapWindowPoints
RedrawWindow
GetMonitorInfoW
wvsprintfW
GetForegroundWindow
GetClassInfoExW
EndPaint
GetWindow
EndDialog
PostQuitMessage
OffsetRect
DefWindowProcW
FindWindowW
keybd_event
KillTimer
BeginPaint
GetMessageW
ShowWindow
SetWindowPos
GetParent
GetWindowThreadProcessId
GetSystemMetrics
MonitorFromWindow
MessageBoxW
PeekMessageW
GetWindowRect
InflateRect
EnableWindow
GetDC
IsRectEmpty
DialogBoxParamW
GetWindowDC
TranslateMessage
IsWindowEnabled
CharLowerW
PostMessageW
SetActiveWindow
DispatchMessageW
CreateDialogParamW
ReleaseDC
UpdateLayeredWindow
GetDlgCtrlID
MoveWindow
SendMessageW
UnregisterClassA
DestroyWindow
GetWindowLongW
IsWindowVisible
LoadStringW
SetWindowTextW
SetWindowLongW
GetDlgItem
AllowSetForegroundWindow
SystemParametersInfoW
BringWindowToTop
IsWindow
IsIconic
ScreenToClient
InvalidateRect
LoadImageW
SetTimer
CallWindowProcW
GetClassNameW
GetKeyboardState
IsDialogMessageW
GetActiveWindow
AttachThreadInput
CopyRect
GetWindowTextW
LoadCursorW
LoadIconW
SendMessageTimeoutW
CreateWindowExW
RegisterClassExW
SetForegroundWindow
GetClientRect
CharNextW
SetWindowRgn
SetFocus
SetCursor
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
HttpQueryInfoW
InternetConnectW
InternetCloseHandle
InternetGetConnectedState
HttpSendRequestW
InternetOpenW
HttpOpenRequestW
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoCreateInstance
CoCreateGuid
CoTaskMemRealloc
CLSIDFromProgID
CoTaskMemFree
URLDownloadToCacheFileW
URLDownloadToFileW
Number of PE resources by type
PNG 16
RT_DIALOG 12
RT_ICON 8
RT_STRING 6
RT_BITMAP 4
RT_GROUP_ICON 2
DLL 1
RT_MANIFEST 1
FILE 1
RT_RCDATA 1
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 54
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.6.0.1037

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
1026560

EntryPoint
0x32ab7

OriginalFileName
360Installer.exe

MIMEType
application/octet-stream

LegalCopyright
(C)Qihu 360 Software Co., Ltd. All rights reserved.

FileVersion
6, 6, 0, 1037

TimeStamp
2015:09:03 13:02:54+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
360Installer

ProductVersion
6, 6, 0, 1037

FileDescription
360 Total Security Online Installer

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
QIHU 360 SOFTWARE CO. LIMITED

CodeSize
312320

ProductName
360 Total Security Online Installer

ProductVersionNumber
6.6.0.1037

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 3919f23dcbc5a7c77b7dfe047ddfc1e3
SHA1 0a6da7a90769ef64ed960d05e290a3f004319c37
SHA256 1efc502813386abe75de435aef7bdaed9ec8efee1804dcafdf916da81c32f0de
ssdeep
24576:QKWzB1H0eyXVQ1zj1SqdAGFQZIxaK545UJoe5W:cP0ekwzjYq+ZIza5UJoe0

authentihash 02b036714753f9c194c7b3433a902f64c014e082690f7bce8511d62ac6a807a4
imphash 003a67c9611475e4a761ddb4962b0233
File size 1.3 MB ( 1346168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (76.4%)
Win32 Executable (generic) (12.4%)
Generic Win/DOS Executable (5.5%)
DOS Executable Generic (5.5%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2015-09-18 04:46:56 UTC ( 1 year, 10 months ago )
Last submission 2016-04-10 02:03:48 UTC ( 1 year, 3 months ago )
File names VirusShare_3919f23dcbc5a7c77b7dfe047ddfc1e3
360TS_Setup_Mini_OG_DS_PAD1W.exe
737090
VirusShare_3919f23dcbc5a7c77b7dfe047ddfc1e3
VirusShare_3919f23dcbc5a7c77b7dfe047ddfc1e3
82066197
360Installer.exe
1EFC502813386ABE75DE435AEF7BDAED9EC8EFEE1804DCAFDF916DA81C32F0DE.exe
360Installer
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
DNS requests
UDP communications