× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 25640664ca3ee4cb8501b3ec7bba9d49c494b357c87587b9c1a96cc175361cce
File name: zapSetupWeb_150_139_17085.exe
Detection ratio: 1 / 67
Analysis date: 2018-08-13 18:18:51 UTC ( 9 months, 1 week ago ) View latest
Antivirus Result Update
Jiangmin AdWare.TOVus.dq 20180813
Ad-Aware 20180813
AegisLab 20180813
AhnLab-V3 20180813
Alibaba 20180713
ALYac 20180813
Antiy-AVL 20180813
Arcabit 20180813
Avast 20180813
Avast-Mobile 20180813
AVG 20180813
Avira (no cloud) 20180813
AVware 20180813
Baidu 20180813
BitDefender 20180813
Bkav 20180813
CAT-QuickHeal 20180813
ClamAV 20180813
CMC 20180812
Comodo 20180813
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20180813
Cyren 20180813
DrWeb 20180813
eGambit 20180813
Emsisoft 20180813
Endgame 20180730
ESET-NOD32 20180813
F-Prot 20180813
F-Secure 20180813
Fortinet 20180813
GData 20180813
Ikarus 20180813
Sophos ML 20180717
K7AntiVirus 20180813
K7GW 20180813
Kaspersky 20180813
Kingsoft 20180813
Malwarebytes 20180813
MAX 20180813
McAfee 20180813
McAfee-GW-Edition 20180813
Microsoft 20180813
eScan 20180813
NANO-Antivirus 20180813
Palo Alto Networks (Known Signatures) 20180813
Panda 20180813
Qihoo-360 20180813
Rising 20180813
SentinelOne (Static ML) 20180701
Sophos AV 20180813
SUPERAntiSpyware 20180813
Symantec 20180813
Symantec Mobile Insight 20180812
TACHYON 20180813
Tencent 20180813
TheHacker 20180813
TotalDefense 20180813
TrendMicro 20180813
TrendMicro-HouseCall 20180813
Trustlook 20180813
VBA32 20180813
VIPRE 20180813
ViRobot 20180813
Webroot 20180813
Yandex 20180810
Zillya 20180812
ZoneAlarm by Check Point 20180813
Zoner 20180813
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 1998-2016, Check Point, LTD

Product ZoneAlarm
Original name Install.exe
Internal name Install
File version 15.0.139.17085
Description ZoneAlarm
Signature verification Signed file, verified signature
Signing date 9:23 PM 10/11/2016
Signers
[+] Check Point Software Technologies Ltd.
Status Valid
Issuer Symantec Class 3 SHA256 Code Signing CA
Valid from 1:00 AM 12/21/2015
Valid to 12:59 AM 12/21/2018
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 5240AB5B05D11B37900AC7712A3C6AE42F377C8C
Serial number 61 D7 31 45 AD E1 51 40 CE E8 B9 F5 2B A0 DF 43
[+] Symantec Class 3 SHA256 Code Signing CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 12/10/2013
Valid to 12:59 AM 12/10/2023
Valid usage Client Auth, Code Signing
Algorithm sha256RSA
Thumbprint 007790F6561DAD89B0BCD85585762495E358F8A5
Serial number 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT UTF-8, ZIP
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-10-11 20:18:08
Entry Point 0x00068023
Number of sections 7
PE sections
Overlays
MD5 ee70af0f6cf6d95adcc442621f2c129d
File type application/zip
Offset 1028608
Size 3979632
Entropy 8.00
PE imports
RegCreateKeyExW
RegCloseKey
GetSecurityDescriptorControl
CryptHashData
RegQueryValueExW
GetSecurityDescriptorLength
CryptCreateHash
GetFileSecurityW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorGroup
RegOpenKeyExW
SystemFunction036
GetSecurityDescriptorOwner
CryptReleaseContext
CryptAcquireContextA
GetSecurityDescriptorDacl
CryptGenRandom
CryptAcquireContextW
GetSecurityDescriptorSacl
CryptDestroyHash
RegSetValueExW
ConvertSecurityDescriptorToStringSecurityDescriptorW
CryptGetHashParam
MakeSelfRelativeSD
GetStdHandle
ReleaseMutex
InterlockedPopEntrySList
WaitForSingleObject
SetEndOfFile
HeapDestroy
EncodePointer
GetFileAttributesW
VerifyVersionInfoW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
UnhandledExceptionFilter
FreeEnvironmentStringsW
InitializeSListHead
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
GetOEMCP
LocalFree
FormatMessageW
GetExitCodeProcess
InterlockedPushEntrySList
InitializeCriticalSection
LoadResource
GetStringTypeExW
FindClose
TlsGetValue
FormatMessageA
SetLastError
CopyFileW
OutputDebugStringW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
VerSetConditionMask
LoadLibraryExA
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
GetLocalTime
SetFilePointerEx
FlushInstructionCache
MoveFileW
SetFilePointer
SetEnvironmentVariableW
MoveFileExW
GetSystemDirectoryW
SetUnhandledExceptionFilter
CreateMutexW
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
TerminateProcess
GetModuleHandleExW
SetCurrentDirectoryW
VirtualQuery
ReadConsoleW
GetCurrentThreadId
WriteConsoleW
GetSystemWow64DirectoryW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetWindowsDirectoryW
GetFileSize
CreateDirectoryA
DeleteFileA
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CompareStringW
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
ResetEvent
FindFirstFileW
IsValidLocale
FindFirstFileExW
GetUserDefaultLCID
SetEvent
CreateEventW
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
GetConsoleCP
GetEnvironmentStringsW
QueryPerformanceFrequency
WaitForSingleObjectEx
VirtualFree
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
SetDllDirectoryW
GetACP
GetModuleHandleW
FindResourceExW
IsValidCodePage
FindResourceW
CreateProcessW
Sleep
VirtualAlloc
SysFreeString
VariantClear
VariantInit
SysAllocString
SHFileOperationW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
CommandLineToArgvW
PathFindFileNameW
PathFileExistsW
PathFindOnPathW
PathFindFileNameA
PathIsDirectoryW
PathFileExistsA
CreateDialogParamW
SetTimer
MessageBoxW
LoadStringW
UpdateWindow
CloseDesktop
UnregisterClassW
SetWindowTextW
SetWindowLongW
GetDlgItem
ShowWindow
CreateDesktopW
DestroyWindow
Number of PE resources by type
RT_STRING 70
RT_ICON 8
RT_DIALOG 3
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 28
GERMAN 14
SPANISH MODERN 14
FRENCH 14
ITALIAN 14
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
343040

ImageVersion
1.0

ProductName
ZoneAlarm

FileVersionNumber
15.0.139.17085

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

BuildDate
Tue, 11 Oct 2016 17:01:32

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

LinkerVersion
14.0

FileTypeExtension
exe

OriginalFileName
Install.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
15.0.139.17085

TimeStamp
2016:10:11 21:18:08+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Install

SubsystemVersion
5.1

ProductVersion
15.0.139.17085

FileDescription
ZoneAlarm

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 1998-2016, Check Point, LTD

MachineType
Intel 386 or later, and compatibles

CompanyName
Check Point Software Technologies Ltd.

CodeSize
690688

FileSubtype
0

ProductVersionNumber
15.0.139.17085

EntryPoint
0x68023

ObjectFileType
Dynamic link library

File identification
MD5 cf4b4b379a94998afb6e15ed695195f3
SHA1 29fc51d124af7bda8b323f75ebb09f234f85fd96
SHA256 25640664ca3ee4cb8501b3ec7bba9d49c494b357c87587b9c1a96cc175361cce
ssdeep
98304:QrQx+A9cc3LCHiCBtc1GJPBGP/EIEjfpGRrwo5NDNb4fL+N:Cy+u3+CEC1mZwEHf4wonDNsfL+N

authentihash 5595487aeeaab9ffeb348faeb55352a436c0232c0d7517246d4c67ccbac6683c
imphash 06cf30b6f4a992148c082d1bf4f90452
File size 4.8 MB ( 5008240 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2016-10-23 15:56:28 UTC ( 2 years, 7 months ago )
Last submission 2018-02-03 11:54:14 UTC ( 1 year, 3 months ago )
File names zapSetupWeb_150_139_17085.exe
Install.exe
zapSetupWeb_150_139_17085.exe
zapSetupWeb_150_139_17085.exe
Install
zapSetupWeb_150_139_17085.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
DNS requests
UDP communications