× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 251dd934f8bbc4f42554f71ae9d17452cb0c4b8e6892cd3548d8780349247300
Detection ratio: 0 / 64
Analysis date: 2017-08-13 01:07:01 UTC ( 1 year, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware 20170812
AegisLab 20170812
AhnLab-V3 20170812
Alibaba 20170811
ALYac 20170812
Antiy-AVL 20170812
Arcabit 20170812
Avast 20170813
AVG 20170813
Avira (no cloud) 20170812
AVware 20170812
Baidu 20170811
BitDefender 20170812
Bkav 20170812
CAT-QuickHeal 20170812
ClamAV 20170813
CMC 20170812
Comodo 20170813
CrowdStrike Falcon (ML) 20170804
Cylance 20170813
Cyren 20170813
DrWeb 20170813
Emsisoft 20170812
Endgame 20170721
ESET-NOD32 20170812
F-Prot 20170813
F-Secure 20170813
Fortinet 20170812
GData 20170813
Ikarus 20170812
Sophos ML 20170607
Jiangmin 20170813
K7AntiVirus 20170812
K7GW 20170812
Kaspersky 20170813
Kingsoft 20170813
Malwarebytes 20170813
MAX 20170812
McAfee 20170812
McAfee-GW-Edition 20170813
Microsoft 20170812
eScan 20170812
NANO-Antivirus 20170812
nProtect 20170813
Palo Alto Networks (Known Signatures) 20170813
Panda 20170812
Qihoo-360 20170813
Rising 20170813
SentinelOne (Static ML) 20170806
Sophos AV 20170813
SUPERAntiSpyware 20170812
Symantec 20170812
Symantec Mobile Insight 20170811
Tencent 20170813
TheHacker 20170810
TrendMicro 20170812
TrendMicro-HouseCall 20170812
Trustlook 20170813
VBA32 20170811
VIPRE 20170813
ViRobot 20170812
Webroot 20170813
WhiteArmor 20170731
Yandex 20170807
Zillya 20170811
ZoneAlarm by Check Point 20170812
Zoner 20170813
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2009-2016, Ivo Beltchev

Product Classic Shell
Original name ClassicShellSetup.exe
Internal name ClassicShellSetup
File version 4, 3, 1, 0
Description Adds classic shell features to Windows 7 and Windows 8
Signature verification Signed file, verified signature
Signers
[+] Ivaylo Beltchev
Status Valid
Issuer DigiCert SHA2 Assured ID Code Signing CA
Valid from 1:00 AM 8/11/2017
Valid to 1:00 PM 8/15/2018
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint FC86485FAEC338ED6834718053AB697BBD3A8BE3
Serial number 0D 0D 91 D7 1B 78 22 42 EE B5 35 11 76 0B 1D 6C
[+] DigiCert SHA2 Assured ID Code Signing CA
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 PM 10/22/2013
Valid to 1:00 PM 10/22/2028
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 92C1588E85AF2201CE7915E8538B492F605B80C6
Serial number 04 09 18 1B 5F D5 BB 66 75 53 43 B5 6F 95 50 08
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-08-11 06:39:13
Entry Point 0x00003AC0
Number of sections 5
PE sections
Overlays
MD5 39fdb0c3d837fdf614f5547d399f2452
File type data
Offset 7160320
Size 3384
Entropy 7.27
PE imports
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
InitCommonControlsEx
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
GetConsoleOutputCP
SetHandleCount
GetModuleFileNameW
WaitForSingleObject
GetExitCodeProcess
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
VirtualFree
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetLocaleInfoA
GetConsoleMode
HeapSize
GetCurrentProcessId
LCMapStringW
OpenProcess
LockResource
GetCommandLineW
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
DeleteFileW
GetProcAddress
GetStringTypeA
GetFileType
SetStdHandle
RaiseException
GetCPInfo
SetEnvironmentVariableW
TlsFree
SetFilePointer
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
GetOEMCP
TerminateProcess
GetConsoleCP
LCMapStringA
WriteConsoleA
VirtualAlloc
IsValidCodePage
LoadResource
FindResourceW
CreateFileW
CreateProcessW
TlsGetValue
Sleep
SetLastError
GetTickCount
TlsSetValue
CreateFileA
GetCurrentThreadId
GetVersion
LeaveCriticalSection
ExitProcess
HeapCreate
WriteConsoleW
InterlockedIncrement
CommandLineToArgvW
DoEnvironmentSubstW
GetWindowThreadProcessId
MessageBoxW
EndDialog
CharUpperW
DialogBoxParamW
FindWindowW
LoadStringW
GetDlgItemTextW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
Number of PE resources by type
RT_ICON 5
RT_STRING 3
MSI_FILE 3
RT_DIALOG 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 15
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
7109120

ImageVersion
0.0

ProductName
Classic Shell

FileVersionNumber
4.3.1.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

FileDescription
Adds classic shell features to Windows 7 and Windows 8

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
ClassicShellSetup.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
4, 3, 1, 0

TimeStamp
2017:08:11 07:39:13+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ClassicShellSetup

ProductVersion
4, 3, 1, 0

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

LegalCopyright
Copyright (C) 2009-2016, Ivo Beltchev

MachineType
Intel 386 or later, and compatibles

CompanyName
IvoSoft

CodeSize
50176

FileSubtype
0

ProductVersionNumber
4.3.1.0

EntryPoint
0x3ac0

ObjectFileType
Executable application

File identification
MD5 d54e320f536a9b8cd545c3a7267e0b6e
SHA1 0fadffe3bca6688a5eeecbc61760e5226c6524a6
SHA256 251dd934f8bbc4f42554f71ae9d17452cb0c4b8e6892cd3548d8780349247300
ssdeep
196608:ZMhS3g+ZbbtOPXWgtwiYCN2/qxiviXXGnIWIPPe9qjiZiU6XVM:qS3g+Zbs+Kw+8iPD6N

authentihash 0189635d63eba0267858356859accb4ac75153288c2713e978b4c3790e7518e4
imphash 846beeaaa47aac39313849b60d047ffe
File size 6.8 MB ( 7163704 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2017-08-11 15:44:29 UTC ( 1 year, 6 months ago )
Last submission 2018-05-17 03:23:31 UTC ( 9 months, 1 week ago )
File names ClassicShellSetup
ClassicShellSetup_4_3_1(3).exe
ClassicShellSetup.exe
251dd934f8bbc4f42554f71ae9d17452cb0c4b8e6892cd3548d8780349247300.file
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs