× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2696c35394ca9125098458fc080461b6c841d6d8fd263b40270d21a8823c65b0
File name: flux-setup.exe
Detection ratio: 2 / 56
Analysis date: 2016-12-06 00:39:44 UTC ( 2 years ago ) View latest
Antivirus Result Update
Sophos ML trojandownloader.win32.vb.bz 20161202
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20161206
Ad-Aware 20161206
AegisLab 20161205
AhnLab-V3 20161205
Alibaba 20161205
ALYac 20161205
Antiy-AVL 20161205
Arcabit 20161205
Avast 20161205
AVG 20161205
Avira (no cloud) 20161205
AVware 20161205
Baidu 20161205
BitDefender 20161205
Bkav 20161205
CAT-QuickHeal 20161205
ClamAV 20161205
CMC 20161205
Comodo 20161205
CrowdStrike Falcon (ML) 20161024
Cyren 20161206
DrWeb 20161206
Emsisoft 20161206
ESET-NOD32 20161206
F-Prot 20161206
F-Secure 20161206
Fortinet 20161206
GData 20161206
Ikarus 20161205
Jiangmin 20161205
K7AntiVirus 20161205
K7GW 20161206
Kaspersky 20161205
Kingsoft 20161206
Malwarebytes 20161205
McAfee 20161205
McAfee-GW-Edition 20161205
Microsoft 20161205
eScan 20161206
NANO-Antivirus 20161206
nProtect 20161205
Panda 20161205
Rising 20161206
Sophos AV 20161206
SUPERAntiSpyware 20161205
Symantec 20161206
Tencent 20161206
TheHacker 20161130
TrendMicro 20161206
TrendMicro-HouseCall 20161206
Trustlook 20161206
VBA32 20161205
VIPRE 20161206
ViRobot 20161205
WhiteArmor 20161125
Yandex 20161205
Zillya 20161205
Zoner 20161205
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 1:25 AM 12/6/2016
Signers
[+] F.lux Software LLC
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer COMODO RSA Code Signing CA
Valid from 1:00 AM 5/4/2016
Valid to 12:59 AM 5/5/2018
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 36E504701938FEA480DB816490D6EAE042EB7907
Serial number 24 35 A0 BA F9 68 73 B0 3D 50 C3 25 6E FE B5 C0
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 5/9/2013
Valid to 12:59 AM 5/9/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 1/19/2010
Valid to 12:59 AM 1/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT NSIS
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-04-02 03:20:05
Entry Point 0x000030FB
Number of sections 5
PE sections
Overlays
MD5 8768b5ec22f9e42ebaca78e0acec69dd
File type data
Offset 53760
Size 443136
Entropy 8.00
PE imports
RegDeleteKeyA
RegCloseKey
RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SelectObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetBkColor
DeleteObject
SetTextColor
GetLastError
ReadFile
lstrlenA
lstrcmpiA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
GetTickCount
SetFileTime
GlobalUnlock
GetModuleFileNameA
RemoveDirectoryA
GetShortPathNameA
GetCurrentProcess
LoadLibraryExA
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GlobalLock
SetFileAttributesA
GetModuleHandleA
GetTempPathA
CreateThread
GetFileAttributesA
SetFilePointer
lstrcmpA
FindFirstFileA
WriteFile
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
GetSystemDirectoryA
GetDiskFreeSpaceA
ExpandEnvironmentStringsA
GetFullPathNameA
FreeLibrary
MoveFileA
CreateProcessA
GlobalAlloc
SearchPathA
FindClose
Sleep
CreateFileA
ExitProcess
GetVersion
GetProcAddress
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
SHFileOperationA
CharPrevA
GetMessagePos
EndPaint
SystemParametersInfoA
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
GetClassInfoA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
ScreenToClient
SetDlgItemTextA
MessageBoxIndirectA
LoadImageA
GetDlgItemTextA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
FindWindowExA
DrawTextA
CreatePopupMenu
wsprintfA
DialogBoxParamA
SetClipboardData
IsWindowVisible
SendMessageA
CloseClipboard
GetClientRect
SetTimer
GetDlgItem
CreateDialogParamA
SetWindowTextA
EnableMenuItem
RegisterClassA
InvalidateRect
GetWindowLongA
SendMessageTimeoutA
CreateWindowExA
LoadCursorA
TrackPopupMenu
DestroyWindow
FillRect
ShowWindow
CharNextA
CallWindowProcA
GetSystemMenu
EmptyClipboard
EnableWindow
SetForegroundWindow
OpenClipboard
ExitWindowsEx
SetCursor
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_ICON 7
RT_DIALOG 5
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 14
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:04:02 04:20:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
23552

LinkerVersion
6.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x30fb

InitializedDataSize
120320

SubsystemVersion
4.0

ImageVersion
6.0

OSVersion
4.0

UninitializedDataSize
1024

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Execution parents
PE resource-wise parents
Overlay parents
Compressed bundles
File identification
MD5 ec85b2e9cbc4a1b6487c630d47f34cfe
SHA1 ae1fb71ea418fd73c16c069e31a20ccd2f7b5152
SHA256 2696c35394ca9125098458fc080461b6c841d6d8fd263b40270d21a8823c65b0
ssdeep
12288:sy/4EdJu9QBrRyxb2RU9x+8xy04N69SjuqwAhk/2I8qC:J/44BBtyxSRwly0UjYB2I8qC

authentihash efbd3929ddc2a458c11127825da7efe457ecd40ce497411b0d1505571cd41328
imphash b76363e9cb88bf9390860da8e50999d2
File size 485.3 KB ( 496896 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
nsis peexe overlay signed via-tor

VirusTotal metadata
First submission 2016-12-06 00:39:44 UTC ( 2 years ago )
Last submission 2018-12-11 18:04:53 UTC ( 3 days, 11 hours ago )
File names flux-setup_v3.12.exe
flux-setup.exe
flux-setup.exe
flux-setup (1).exe
flux-setup.exe.b58i3ad.partial
1 (17).exe
flux-setup(1).exe
8140916.tmpscan
flux 3.12-setup-nightmode.bluelightfilter.exe
unconfirmed 960833.crdownload
flux-setup_3.12.exe
flux-setup(28).exe
flux-setup.exe
flux-setup(32).exe
flux-312setup.exe
tmp_24717-2696c35394ca9125098458fc080461b6c841d6d8fd263b40270d21asthsfthxfgh1334630517.exe
flux-setup.exe
output.105789433.txt
unconfirmed 64733.crdownload
Giam tia sang xanh man hinh.exe
flux-setup(29).exe
flux-setup.exe
flux-setup ccm.exe
flux-setup.exe
1e30916.tmpscan
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Deleted files
Created mutexes
Runtime DLLs