× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 22d50637278d7255b4307ce8800ce6b832ac9f10dd20f9748348863b43e53190
File name: setup.exe
Detection ratio: 0 / 57
Analysis date: 2015-05-18 17:20:09 UTC ( 6 days, 7 hours ago )
Probably harmless! There are strong indicators suggesting that this file is safe to use.
Antivirus Result Update
ALYac 20150518
AVG 20150518
AVware 20150518
Ad-Aware 20150518
AegisLab 20150518
Agnitum 20150518
AhnLab-V3 20150518
Alibaba 20150518
Antiy-AVL 20150518
Avast 20150518
Avira 20150518
Baidu-International 20150518
BitDefender 20150518
Bkav 20150518
ByteHero 20150518
CAT-QuickHeal 20150518
CMC 20150518
ClamAV 20150518
Comodo 20150518
Cyren 20150518
DrWeb 20150518
ESET-NOD32 20150518
Emsisoft 20150518
F-Prot 20150517
F-Secure 20150518
Fortinet 20150518
GData 20150518
Ikarus 20150518
Jiangmin 20150516
K7AntiVirus 20150518
K7GW 20150518
Kaspersky 20150518
Kingsoft 20150518
Malwarebytes 20150518
McAfee 20150518
McAfee-GW-Edition 20150517
MicroWorld-eScan 20150518
Microsoft 20150518
NANO-Antivirus 20150518
Norman 20150518
Panda 20150518
Qihoo-360 20150518
Rising 20150518
SUPERAntiSpyware 20150518
Sophos 20150518
Symantec 20150518
Tencent 20150518
TheHacker 20150518
TotalDefense 20150518
TrendMicro 20150518
TrendMicro-HouseCall 20150518
VBA32 20150517
VIPRE 20150518
ViRobot 20150518
Zillya 20150515
Zoner 20150518
nProtect 20150518
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
© Microsoft Corporation. All rights reserved.

Publisher 6 Wunderkinder GmbH
Original name setup.exe
Internal name setup.exe
File version 10.0.30319.1 built by: RTMRel
Description Setup
Signature verification Certificate out of its validity period
Signers
[+] 6 Wunderkinder GmbH
Status Certificate out of its validity period
Valid from 1:27 PM 12/17/2012
Valid to 1:27 PM 12/18/2014
Valid usage Code Signing
Algorithm SHA1
Thumbprint 7AD37EFB2E64401963DE44D29173330709B4157E
Serial number 11 21 5C 40 67 E1 24 A0 0A 61 8B C2 46 CD 01 80 CD 7E
[+] GlobalSign CodeSigning CA - G2
Status Valid
Valid from 10:00 AM 4/13/2011
Valid to 10:00 AM 4/13/2019
Valid usage Code Signing
Algorithm SHA1
Thumbprint 9000401777DD2B43393D7B594D2FF4CBA4516B38
Serial number 04 00 00 00 00 01 2F 4E E1 35 5C
[+] GlobalSign
Status Valid
Valid from 12:00 PM 9/1/1998
Valid to 12:00 PM 1/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm SHA1
Thumbprint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-03-18 11:21:36
Link date 11:21 AM 3/18/2010
Entry Point 0x0002E541
Number of sections 4
PE sections
Overlays
MD5 f94a240639af0bf65bdcb888975bdd68
File type data
Offset 478208
Size 2976
Entropy 7.36
PE imports
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
GetDeviceCaps
GetTextMetricsW
DeleteDC
CreateFontIndirectW
SelectObject
GetTextExtentPoint32W
GetStockObject
EnumFontFamiliesExW
GetObjectW
CreateCompatibleDC
DeleteObject
GetStdHandle
WaitForSingleObject
GetFileAttributesW
GetExitCodeProcess
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
ExitProcess
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
InterlockedExchange
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
FormatMessageW
BeginUpdateResourceW
LoadResource
FindClose
TlsGetValue
BeginUpdateResourceA
SetLastError
GetEnvironmentVariableA
CopyFileW
UpdateResourceW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
UpdateResourceA
HeapSetInformation
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
CreateThread
GetSystemDirectoryW
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
TerminateProcess
GlobalAlloc
GetDiskFreeSpaceExW
SetEndOfFile
GetVersion
InterlockedIncrement
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
EndUpdateResourceW
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
FreeLibrary
GetWindowsDirectoryW
OpenProcess
DeleteFileA
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
GetTempFileNameW
GetTimeFormatW
WriteFile
ExpandEnvironmentStringsW
FindNextFileW
GetEnvironmentVariableW
FindFirstFileW
IsValidLocale
GetProcAddress
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
GetCurrentThreadId
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
InitializeCriticalSection
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
CompareStringW
GetEnvironmentStringsW
lstrlenW
Process32NextW
SwitchToThread
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
InterlockedCompareExchange
Process32FirstW
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
FindResourceW
Sleep
FindResourceA
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetMalloc
ShellExecuteA
GetComputerObjectNameW
SetFocus
CreateDialogIndirectParamW
DrawTextW
SetClassLongW
ShowWindow
ShowScrollBar
MessageBoxW
PeekMessageW
GetWindowRect
EnableWindow
MoveWindow
MessageBoxA
TranslateMessage
SetDlgItemTextW
DispatchMessageW
CreateDialogParamW
ReleaseDC
SendMessageW
SendDlgItemMessageW
GetSystemMetrics
SendMessageA
SetWindowTextW
GetDlgItem
SystemParametersInfoW
ScreenToClient
LoadImageW
IsDialogMessageW
GetClientRect
GetDialogBaseUnits
LoadCursorW
LoadIconW
GetFocus
GetDC
MsgWaitForMultipleObjects
SetForegroundWindow
DestroyWindow
ExitWindowsEx
SetCursor
InternetCrackUrlW
InternetCombineUrlW
Ord(78)
Ord(150)
Ord(8)
Ord(92)
CoUninitialize
CoInitialize
PE exports
Number of PE resources by type
Struct(43) 92
RT_ICON 11
RT_DIALOG 3
Struct(44) 3
Struct(40) 3
Struct(45) 2
RT_GROUP_ICON 2
RT_MANIFEST 1
Struct(41) 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 101
ENGLISH US 18
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
10.0

ImageVersion
10.0

FileVersionNumber
10.0.30319.1

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
155136

FileOS
Win32

EntryPoint
0x2e541

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
10.0.30319.1 built by: RTMRel

TimeStamp
2010:03:18 11:21:36+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
setup.exe

ProductVersion
10.0.30319.1

FileDescription
Setup

OSVersion
5.0

OriginalFilename
setup.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
322048

FileSubtype
0

ProductVersionNumber
10.0.30319.1

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
Compressed bundles
File identification
MD5 b96bbd6ac30857f4c98d81e8b32bab27
SHA1 9d5b86bc2eb0ac2bea97d1d43a7745b1abfa690c
SHA256 22d50637278d7255b4307ce8800ce6b832ac9f10dd20f9748348863b43e53190
ssdeep
6144:MqIpd/w8ylWKxavR+dJ1oMBClrbMAo+nhmuFfvY0SHZvuD3DojDuUlXKoEleOl:M7IRWDvFa+nhmuF3Y0scDeDuUlXKoDA

authentihash 4eab0bc98f8d6de23cc2651f5c82628fc2fb564107e62e0dac168a850c19aee1
imphash cfa06eb8ecb157d3e1e5170182639085
File size 469.9 KB ( 481184 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (48.1%)
Win32 Executable MS Visual C++ (generic) (34.9%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Generic Win/DOS Executable (2.2%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2013-01-05 16:12:48 UTC ( 2 years, 4 months ago )
Last submission 2015-04-24 17:15:57 UTC ( 1 month ago )
File names setup.exe
SETUP WUNDERLIST.exe
wunderlist-2-0-6-es-en-br-fr-de-it-win.exe
file-5079869_
samples_analysis_platform
wunderlist-2-0-6-es-en-br-fr-de-it-win.exe
setup(1).exe
octet-stream
setup.exe
przypominacz.exe
setup.exe.1
b96bbd6ac30857f4c98d81e8b32bab27
wunderlist-2-0-6-es-en-br-fr-de-it-win.exe
wunderlist-5714-jetelecharge.exe
setup.exe
b96bbd6ac30857f4c98d81e8b32bab27.exe
B96BBD6AC30857F4C98D81E8B32BAB27.bin
setup (1).exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!