× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2242b262e5fcd10a6dfc0e7de763a24180391b3c51dce6ed4f0f74f94c0e9521
File name: gifoptsetup101.exe
Detection ratio: 1 / 55
Analysis date: 2016-07-25 02:03:28 UTC ( 1 year, 3 months ago )
Antivirus Result Update
CMC RiskTool.Win32.Shutdown!O 20160715
Ad-Aware 20160725
AegisLab 20160725
AhnLab-V3 20160724
Alibaba 20160725
ALYac 20160725
Antiy-AVL 20160725
Arcabit 20160725
Avast 20160725
AVG 20160724
Avira (no cloud) 20160724
AVware 20160725
Baidu 20160723
BitDefender 20160725
Bkav 20160723
CAT-QuickHeal 20160723
ClamAV 20160725
Comodo 20160725
Cyren 20160725
DrWeb 20160725
Emsisoft 20160725
ESET-NOD32 20160724
F-Prot 20160725
F-Secure 20160725
Fortinet 20160725
GData 20160725
Ikarus 20160724
Jiangmin 20160725
K7AntiVirus 20160724
K7GW 20160725
Kaspersky 20160725
Kingsoft 20160725
Malwarebytes 20160725
McAfee 20160721
McAfee-GW-Edition 20160725
Microsoft 20160725
eScan 20160725
NANO-Antivirus 20160725
nProtect 20160722
Panda 20160724
Qihoo-360 20160725
Sophos AV 20160724
SUPERAntiSpyware 20160724
Symantec 20160725
Tencent 20160725
TheHacker 20160724
TotalDefense 20160725
TrendMicro 20160725
TrendMicro-HouseCall 20160725
VBA32 20160723
VIPRE 20160725
ViRobot 20160725
Yandex 20160724
Zillya 20160724
Zoner 20160725
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT INNO, Aspack
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0000BED8
Number of sections 8
PE sections
Overlays
MD5 36dd441f7487909ef63769716d83d9ff
File type data
Offset 61440
Size 558322
Entropy 8.00
PE imports
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
InitCommonControls
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetFileAttributesA
ExitProcess
GetVersionExA
GetModuleFileNameA
RtlUnwind
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCPInfo
GetCommandLineA
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
WriteFile
CloseHandle
GetTempFileNameA
GetFullPathNameA
LocalFree
CreateProcessA
InitializeCriticalSection
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
GetVersion
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
GetSystemMetrics
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
CharNextA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 2
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 9
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
46592

LinkerVersion
2.25

FileTypeExtension
exe

InitializedDataSize
16384

SubsystemVersion
4.0

EntryPoint
0xbed8

OSVersion
1.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 e6f5970df4626833add6bfc79e376018
SHA1 c797675e168781bff34d7c45d970d1f7b28053ef
SHA256 2242b262e5fcd10a6dfc0e7de763a24180391b3c51dce6ed4f0f74f94c0e9521
ssdeep
12288:EoCmZt/ZL4sYzX5y9JGfNWsiQrGTzJ/9+OCX7Rqhg:EoHv/BlY75y9JGfNWsiQrGR0SK

authentihash 87c637f53a11700241ef3cf77a8cdad81ddb0f2a932d795d13e78fe30d714136
imphash 0c97c38021e73ae3921565566bcfaa66
File size 605.2 KB ( 619762 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (82.8%)
Win32 Executable Delphi generic (10.7%)
Win32 Executable (generic) (3.4%)
Generic Win/DOS Executable (1.5%)
DOS Executable Generic (1.5%)
Tags
peexe aspack overlay

VirusTotal metadata
First submission 2007-09-25 21:55:36 UTC ( 10 years, 1 month ago )
Last submission 2015-11-01 16:51:58 UTC ( 1 year, 11 months ago )
File names smona_2242b262e5fcd10a6dfc0e7de763a24180391b3c51dce6ed4f0f74f94c0e9521.bin
smona132703363301443044007
5EC3B948F26A8DD074CF09B655DDC500CDB05D90.exe
smona130918209669715997559
gifoptsetup101.exe
smona131958797611899006023
setup.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Opened mutexes
Opened service managers
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.