× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 26e778c9cb90e753c0dc61acb16a5765a5fe985c948436d67ea8537ab17ba5cf
File name: k7a21dex.exe
Detection ratio: 0 / 71
Analysis date: 2018-12-30 03:13:45 UTC ( 1 month, 3 weeks ago )
Antivirus Result Update
Acronis 20181227
Ad-Aware 20181230
AegisLab 20181229
AhnLab-V3 20181229
Alibaba 20180921
ALYac 20181230
Antiy-AVL 20181229
Arcabit 20181229
Avast 20181230
Avast-Mobile 20181229
AVG 20181230
Avira (no cloud) 20181229
Babable 20180918
Baidu 20181207
BitDefender 20181230
Bkav 20181227
CAT-QuickHeal 20181229
ClamAV 20181230
CMC 20181229
Comodo 20181230
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181230
Cyren 20181230
DrWeb 20181230
eGambit 20181230
Emsisoft 20181230
Endgame 20181108
ESET-NOD32 20181229
F-Prot 20181230
F-Secure 20181230
Fortinet 20181230
GData 20181230
Ikarus 20181229
Sophos ML 20181128
Jiangmin 20181230
K7AntiVirus 20181230
K7GW 20181229
Kaspersky 20181229
Kingsoft 20181230
Malwarebytes 20181230
MAX 20181230
McAfee 20181229
McAfee-GW-Edition 20181229
Microsoft 20181229
eScan 20181229
NANO-Antivirus 20181229
Palo Alto Networks (Known Signatures) 20181230
Panda 20181229
Qihoo-360 20181230
Rising 20181229
SentinelOne (Static ML) 20181223
Sophos AV 20181229
SUPERAntiSpyware 20181226
Symantec 20181229
Symantec Mobile Insight 20181225
TACHYON 20181229
Tencent 20181230
TheHacker 20181225
TotalDefense 20181229
Trapmine 20181205
TrendMicro 20181229
TrendMicro-HouseCall 20181229
Trustlook 20181230
VBA32 20181229
VIPRE 20181230
ViRobot 20181230
Webroot 20181230
Yandex 20181229
Zillya 20181228
ZoneAlarm by Check Point 20181230
Zoner 20181230
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2007 - CANON INC.

Product UpdateWrapper
Original name UPWCore.exe
Internal name UPWCore.exe
File version 2, 1, 0, 6
Description Self-extracting executable file for UpdateWrapper
Signature verification Signed file, verified signature
Signing date 2:56 AM 8/7/2007
Signers
[+] Canon Inc.
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2004 CA
Valid from 1:00 AM 7/19/2007
Valid to 12:59 AM 7/19/2008
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint B2E1EB7202DE001EB621FD7D0CA0B29CFE66186C
Serial number 2F 56 2B AF CF 59 67 EA D5 6E E0 0C 10 26 27 A8
[+] VeriSign Class 3 Code Signing 2004 CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 7/16/2004
Valid to 12:59 AM 7/16/2014
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 197A4AEBDB25F0170079BB8C73CB2D655E0018A4
Serial number 41 91 A1 5A 39 78 DF CF 49 65 66 38 1D 4C 75 C2
[+] VeriSign Class 3 Public Primary CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 1/29/1996
Valid to 12:59 AM 8/2/2028
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm md2RSA
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 1:00 AM 6/15/2007
Valid to 12:59 AM 6/15/2012
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-11-24 02:40:45
Entry Point 0x0001D4CB
Number of sections 4
PE sections
Overlays
MD5 44e6d1fb029ef372517b0a9dbb9c78e6
File type data
Offset 5574656
Size 5472
Entropy 7.20
PE imports
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegQueryValueA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
SetMapMode
SaveDC
TextOutA
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetTextColor
GetObjectA
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
ExtTextOutA
PtVisible
ScaleViewportExtEx
SelectObject
SetWindowExtEx
SetViewportExtEx
Escape
SetBkColor
DeleteObject
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
HeapDestroy
DuplicateHandle
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetFileTime
GetTempPathA
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
EnumResourceLanguagesA
HeapReAlloc
GetStringTypeW
GetFullPathNameA
SetEvent
LocalFree
ResumeThread
GetLogicalDriveStringsA
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
InterlockedDecrement
FormatMessageA
SetLastError
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
GetVolumeInformationA
SetThreadPriority
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
CreateThread
SetFileAttributesA
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
MulDiv
ExitThread
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetSystemDirectoryA
FreeLibrary
GetStartupInfoA
UnlockFile
GetFileSize
GlobalDeleteAtom
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GlobalLock
GetProcessHeap
CompareStringW
GlobalReAlloc
lstrcmpA
FindFirstFileA
lstrcpyA
CompareStringA
GetTempFileNameA
CreateFileMappingA
FindNextFileA
lstrcmpW
GetProcAddress
GetTimeZoneInformation
CreateEventA
GlobalFindAtomA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
DosDateTimeToFileTime
LCMapStringW
UnmapViewOfFile
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
IsDBCSLeadByte
LockFile
RemoveDirectoryA
GetShortPathNameA
FileTimeToLocalFileTime
GetEnvironmentStrings
CompareFileTime
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
SetFileTime
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
SuspendThread
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
GetACP
CopyFileA
GetVersion
FreeResource
SizeofResource
CreateProcessA
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
VariantChangeType
VariantInit
VariantClear
SHGetSpecialFolderPathA
PathFindFileNameA
PathFindExtensionA
PathIsUNCA
PathStripToRootA
MapWindowPoints
GetForegroundWindow
SetMenuItemBitmaps
DestroyMenu
PostQuitMessage
GetMessagePos
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
GrayStringA
GetMessageTime
SetActiveWindow
GetDC
GetCursorPos
DrawTextA
GetDlgCtrlID
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
GetNextDlgTabItem
CallNextHookEx
GetWindowTextLengthA
GetTopWindow
GetActiveWindow
GetWindowTextA
DestroyWindow
GetMessageA
GetParent
UpdateWindow
SetPropA
GetClassInfoExA
ShowWindow
GetPropA
GetDesktopWindow
EnableWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
GetWindowPlacement
EnableMenuItem
RegisterClassA
TabbedTextOutA
GetWindowLongA
CreateWindowExA
CopyRect
GetSysColorBrush
PtInRect
IsDialogMessageA
SetFocus
CharPrevA
BeginPaint
RegisterWindowMessageA
DefWindowProcA
SendDlgItemMessageA
GetSystemMetrics
IsIconic
GetWindowRect
PostMessageA
DrawIcon
SetWindowLongA
RemovePropA
SetWindowTextA
CheckMenuItem
GetSubMenu
GetLastActivePopup
GetDlgItem
GetMenuCheckMarkDimensions
ClientToScreen
GetClassLongA
CreateDialogIndirectParamA
LoadCursorA
LoadIconA
SetWindowsHookExA
GetMenuItemCount
GetMenuState
GetMenuItemID
SetForegroundWindow
ReleaseDC
EndDialog
GetCapture
DrawTextExA
GetWindowThreadProcessId
UnhookWindowsHookEx
MessageBoxA
AdjustWindowRectEx
GetSysColor
GetKeyState
SystemParametersInfoA
IsWindowVisible
WinHelpA
wsprintfA
ValidateRect
CallWindowProcA
GetClassNameA
GetFocus
ModifyMenuA
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
OpenPrinterA
DocumentPropertiesA
ClosePrinter
GetFileTitleA
Number of PE resources by type
RT_ICON 8
RT_DIALOG 3
BINARY 2
RT_MANIFEST 1
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
JAPANESE DEFAULT 14
NEUTRAL 2
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
5369856

ImageVersion
0.0

ProductName
UpdateWrapper

FileVersionNumber
2.1.0.6

UninitializedDataSize
0

LanguageCode
German

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
UPWCore.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2, 1, 0, 6

TimeStamp
2006:11:24 03:40:45+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
UPWCore.exe

ProductVersion
2, 1, 0, 6

FileDescription
Self-extracting executable file for UpdateWrapper

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright (C) 2007 - CANON INC.

MachineType
Intel 386 or later, and compatibles

CompanyName
CANON INC.

CodeSize
200704

FileSubtype
0

ProductVersionNumber
2.1.0.6

EntryPoint
0x1d4cb

ObjectFileType
Executable application

File identification
MD5 bf178e36aff211ee5f0eb74f878fb610
SHA1 514b6bd770c1c14b75bcbb80fdc963af69681d5d
SHA256 26e778c9cb90e753c0dc61acb16a5765a5fe985c948436d67ea8537ab17ba5cf
ssdeep
98304:4hYSYvlW3CAlJtJkWj40NW9eyQ/3WU5o7twW2mIqNC7JD0+uUiCpDdPRSIMml:4hYSIlStY046/3fy2dmZCdDqY6ml

authentihash 553336476c716696218254ace355c7139f05054424c2aa54b14f433cadb503a9
imphash 48c2e8b4df3fae8788370c396b29b8cb
File size 5.3 MB ( 5580128 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2009-07-19 01:43:14 UTC ( 9 years, 7 months ago )
Last submission 2016-03-09 19:57:17 UTC ( 2 years, 11 months ago )
File names 17051492
k7a21dex_photostitch 3.1.20.exe
k7a21dex_photostitch 3.1.20.exe
k7a21dex.exe
k7a21dex__canon photostitch 3.1.22.46.exe
output.17051492.txt
octet-stream
UPWCore.exe
PhotoStitch_Updater_k7a21dex.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.