× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 25a0995f597cbac19b1e3e0cb623ccdd92eee708eb37ac9512606d98421c5469
File name: tenorshare-iphone-data-recovery-trial261.exe
Detection ratio: 0 / 56
Analysis date: 2017-01-11 23:33:06 UTC ( 6 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware 20170111
AegisLab 20170111
AhnLab-V3 20170111
Alibaba 20170111
ALYac 20170112
Antiy-AVL 20170112
Arcabit 20170112
Avast 20170111
AVG 20170112
Avira (no cloud) 20170111
AVware 20170111
Baidu 20170111
BitDefender 20170111
CAT-QuickHeal 20170111
ClamAV 20170111
CMC 20170111
Comodo 20170111
CrowdStrike Falcon (ML) 20161024
Cyren 20170111
DrWeb 20170111
Emsisoft 20170111
ESET-NOD32 20170111
F-Prot 20170111
F-Secure 20170111
Fortinet 20170111
GData 20170111
Ikarus 20170111
Sophos ML 20170111
Jiangmin 20170111
K7AntiVirus 20170111
K7GW 20170111
Kaspersky 20170111
Kingsoft 20170112
Malwarebytes 20170111
McAfee 20170108
McAfee-GW-Edition 20170111
Microsoft 20170111
eScan 20170111
NANO-Antivirus 20170111
nProtect 20170111
Panda 20170111
Qihoo-360 20170112
Rising 20170111
Sophos AV 20170111
SUPERAntiSpyware 20170111
Symantec 20170111
Tencent 20170112
TheHacker 20170111
TotalDefense 20170111
TrendMicro-HouseCall 20170111
Trustlook 20170112
VBA32 20170110
VIPRE 20170111
ViRobot 20170111
WhiteArmor 20170111
Yandex 20170111
Zillya 20170111
Zoner 20170111
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 11:29 AM 11/24/2016
Signers
[+] Tenorshare Co.
Status Valid
Issuer Symantec Class 3 SHA256 Code Signing CA
Valid from 1:00 AM 5/8/2015
Valid to 12:59 AM 6/7/2018
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 49DE5C951646DF99480A98AE51028E3FBA0D355E
Serial number 10 FC 1E 4B BB CF BB B7 AE 84 4E A4 50 CA F1 F3
[+] Symantec Class 3 SHA256 Code Signing CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 12/10/2013
Valid to 12:59 AM 12/10/2023
Valid usage Client Auth, Code Signing
Algorithm sha256RSA
Thumbprint 007790F6561DAD89B0BCD85585762495E358F8A5
Serial number 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT NSIS
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-08-05 00:46:33
Entry Point 0x000030E2
Number of sections 5
PE sections
Overlays
MD5 004d5c9db059841a9c3f0a4fb4dee18c
File type data
Offset 139264
Size 19315312
Entropy 8.00
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumValueA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SelectObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetBkColor
DeleteObject
SetTextColor
GetLastError
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
GetTickCount
SetFileTime
GlobalUnlock
LoadLibraryA
DeleteFileA
GetModuleFileNameA
GetShortPathNameA
GetCurrentProcess
LoadLibraryExA
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
ExpandEnvironmentStringsA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GlobalLock
SetFileAttributesA
SetFilePointer
GetTempPathA
CreateThread
lstrcmpiA
GetModuleHandleA
lstrcmpA
ReadFile
lstrcpyA
FindFirstFileA
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
RemoveDirectoryA
GetSystemDirectoryA
GetDiskFreeSpaceA
GetProcAddress
SetEnvironmentVariableA
GetFullPathNameA
FreeLibrary
MoveFileA
CreateProcessA
WriteFile
GlobalAlloc
SearchPathA
FindClose
Sleep
CreateFileA
ExitProcess
GetVersion
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
SHFileOperationA
CharPrevA
GetMessagePos
EndPaint
ReleaseDC
EndDialog
BeginPaint
ShowWindow
DefWindowProcA
GetClassInfoA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
PostQuitMessage
GetWindowRect
DispatchMessageA
ScreenToClient
SetDlgItemTextA
MessageBoxIndirectA
LoadImageA
GetDlgItemTextA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
SystemParametersInfoA
CreatePopupMenu
wsprintfA
DialogBoxParamA
SetClipboardData
IsWindowVisible
SendMessageA
DrawTextA
GetClientRect
SetTimer
GetDlgItem
SetForegroundWindow
CreateDialogParamA
EnableMenuItem
RegisterClassA
SendMessageTimeoutA
InvalidateRect
GetWindowLongA
FindWindowExA
CreateWindowExA
LoadCursorA
TrackPopupMenu
SetWindowTextA
FillRect
OpenClipboard
CharNextA
CallWindowProcA
GetSystemMenu
EmptyClipboard
EnableWindow
CloseClipboard
DestroyWindow
ExitWindowsEx
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
CoTaskMemFree
OleUninitialize
CoCreateInstance
OleInitialize
Number of PE resources by type
RT_DIALOG 10
RT_ICON 6
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 18
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:08:05 01:46:33+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
24576

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
162816

SubsystemVersion
4.0

EntryPoint
0x30e2

OSVersion
4.0

ImageVersion
6.0

UninitializedDataSize
1024

Compressed bundles
File identification
MD5 58f300f25c0512343af4a5596f3406fb
SHA1 79d1c6665edb6d6ae0f082b659c52f8dc9b9f9c0
SHA256 25a0995f597cbac19b1e3e0cb623ccdd92eee708eb37ac9512606d98421c5469
ssdeep
393216:vF8m/zE1Cuj7bXPF7+xalZImmynlxVjR6+fTmmuD8OGhhwAGSjJJ:vGDj9QQBJRzmfEhqFyJ

authentihash 23ddfb2d789949e47be0071adfa3a4f3318a7cd8d9badfb071220903b1c98f38
imphash e160ef8e55bb9d162da4e266afd9eef3
File size 18.6 MB ( 19454576 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID NSIS - Nullsoft Scriptable Install System (95.1%)
Win64 Executable (generic) (3.1%)
Win32 Dynamic Link Library (generic) (0.7%)
Win32 Executable (generic) (0.5%)
Generic Win/DOS Executable (0.2%)
Tags
nsis peexe signed overlay

VirusTotal metadata
First submission 2016-11-24 10:40:36 UTC ( 8 months ago )
Last submission 2017-04-26 20:52:44 UTC ( 3 months ago )
File names 25A0995F597CBAC19B1E3E0CB623CCDD92EEE708EB37AC9512606D98421C5469.exe
935735
UltDatatrialzlib(ts)..exe
tenorshare-iphone-data-recovery.exe
tenorshare-iphone-data-recovery-trial261.exe
tenorshare-iphone-data-recovery-trial261.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Runtime DLLs