× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 28788b04ac88c220a6a5ab9be9de68be7656fd2850e9bc9c3abf08f47711e8a4
File name: InstallBlock.exe
Detection ratio: 1 / 63
Analysis date: 2017-08-29 00:41:11 UTC ( 2 months, 3 weeks ago )
Antivirus Result Update
CMC Trojan-Downloader.Win32.Agent!O 20170828
Ad-Aware 20170829
AegisLab 20170828
AhnLab-V3 20170828
Alibaba 20170828
ALYac 20170828
Antiy-AVL 20170829
Arcabit 20170829
Avast 20170829
AVG 20170829
Avira (no cloud) 20170828
AVware 20170829
Baidu 20170828
BitDefender 20170829
Bkav 20170829
CAT-QuickHeal 20170828
ClamAV 20170829
Comodo 20170828
CrowdStrike Falcon (ML) 20170804
Cylance 20170829
Cyren 20170828
DrWeb 20170828
Emsisoft 20170828
Endgame 20170821
ESET-NOD32 20170828
F-Prot 20170828
F-Secure 20170828
Fortinet 20170828
Ikarus 20170828
Sophos ML 20170822
Jiangmin 20170828
K7AntiVirus 20170828
K7GW 20170828
Kaspersky 20170828
Kingsoft 20170829
Malwarebytes 20170828
MAX 20170828
McAfee 20170826
McAfee-GW-Edition 20170828
Microsoft 20170828
eScan 20170829
NANO-Antivirus 20170828
Palo Alto Networks (Known Signatures) 20170829
Panda 20170828
Qihoo-360 20170829
Rising 20170829
SentinelOne (Static ML) 20170806
Sophos AV 20170828
SUPERAntiSpyware 20170829
Symantec 20170828
Symantec Mobile Insight 20170828
Tencent 20170829
TheHacker 20170828
TotalDefense 20170828
TrendMicro 20170828
TrendMicro-HouseCall 20170828
Trustlook 20170829
VBA32 20170828
VIPRE 20170828
ViRobot 20170828
Webroot 20170829
WhiteArmor 20170817
Yandex 20170828
Zillya 20170828
ZoneAlarm by Check Point 20170829
Zoner 20170829
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Setup Engine Copyright © 2004-2006 Indigo Rose Corporation

Product Setup Factory 7.0 Runtime
Original name suf70_launch.exe
Internal name suf70_launch
File version 7.0.6.1
Description Setup Application
Comments Created with Setup Factory 7.0
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-01-29 20:17:00
Entry Point 0x00001E64
Number of sections 4
PE sections
Overlays
MD5 03e58cc53058b394295683f1351ff27f
File type data
Offset 69632
Size 3651133
Entropy 7.96
PE imports
GetLastError
GetEnvironmentVariableA
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
GetStartupInfoA
LoadLibraryA
lstrlenA
GetFileAttributesA
GetExitCodeProcess
LCMapStringA
HeapReAlloc
HeapDestroy
ExitProcess
TlsAlloc
GetVersionExA
GetEnvironmentStringsW
GetTempPathA
RemoveDirectoryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
GetCurrentProcess
_lwrite
GetEnvironmentStrings
lstrcatA
CreateDirectoryA
DeleteFileA
GetCurrentDirectoryA
UnhandledExceptionFilter
InterlockedDecrement
_llseek
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
_lread
GetModuleHandleA
_lclose
WideCharToMultiByte
lstrcmpiA
GetStringTypeA
_lcreat
lstrcpyA
_lopen
CloseHandle
GetACP
GetDiskFreeSpaceA
GetStringTypeW
GetCurrentThreadId
GetOEMCP
TerminateProcess
CreateProcessA
SetHandleCount
InitializeCriticalSection
HeapCreate
WriteFile
VirtualFree
TlsGetValue
GetFileType
MultiByteToWideChar
TlsSetValue
HeapAlloc
GetVersion
InterlockedIncrement
VirtualAlloc
SetCurrentDirectoryA
SetLastError
LeaveCriticalSection
wsprintfA
LoadCursorA
DispatchMessageA
MessageBoxA
PeekMessageA
MsgWaitForMultipleObjects
TranslateMessage
SetCursor
Number of PE resources by type
RT_ICON 9
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 12
PE resources
ExifTool file metadata
CodeSize
20480

SubsystemVersion
4.0

Comments
Created with Setup Factory 7.0

InitializedDataSize
49152

ImageVersion
0.0

ProductName
Setup Factory 7.0 Runtime

FileVersionNumber
7.0.6.1

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
suf70_launch.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
7.0.6.1

TimeStamp
2007:01:29 21:17:00+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
suf70_launch

ProductVersion
7.0.6.1

FileDescription
Setup Application

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Setup Engine Copyright 2004-2006 Indigo Rose Corporation

MachineType
Intel 386 or later, and compatibles

LegalTrademarks
Setup Factory is a trademark of Indigo Rose Corporation.

FileSubtype
0

ProductVersionNumber
7.0.6.1

EntryPoint
0x1e64

ObjectFileType
Executable application

Execution parents
Compressed bundles
File identification
MD5 0efc392e9faae15cdc4319c05e7486e9
SHA1 af85612c365db60590ec5fef5180304ca06558bf
SHA256 28788b04ac88c220a6a5ab9be9de68be7656fd2850e9bc9c3abf08f47711e8a4
ssdeep
49152:gavH52OM+Xw+3XJmYtUtXg8AiclyERU6b+ErNFllAOv6QmC/u+lhi8iLV1/Qcfqs:gavA+3dutXJclyCUE1lwCEzL//Qcfqij

authentihash 3a2bf6d969c788c827b0f02a21ea4c39f9c85cbf18455c8516b6109395280773
imphash 3b86905964e83a3ff26be77499d69a6f
File size 3.5 MB ( 3720765 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (44.9%)
Win32 Executable MS Visual C++ (generic) (17.0%)
Win64 Executable (generic) (15.1%)
Win32 EXE Yoda's Crypter (14.5%)
Win32 Dynamic Link Library (generic) (3.6%)
Tags
peexe armadillo overlay

VirusTotal metadata
First submission 2009-01-15 23:46:50 UTC ( 8 years, 10 months ago )
Last submission 2017-07-09 16:36:48 UTC ( 4 months, 1 week ago )
File names 38617
11555389
InstallBlock_2.07.EXE
output.11555389.txt
suf70_launch.exe
octet-stream
InstallBlock1.0.2.exe
InstallBlock 2.07 Setup.exe
InstallBlock2.exe
41d4df313d7748eec65238089c472e003f33a729.EXE
InstallBlock.exe
InstallBlock (ngăn cài đặt phần mềm lạ).exe
InstallBlock(www.pkgames.net).exe
smona131160908839107759259
0efc392e9faae15cdc4319c05e7486e9
smona_28788b04ac88c220a6a5ab9be9de68be7656fd2850e9bc9c3abf08f47711e8a4.bin
1332417904-download.exe
InstallBlock 2.07.exe
InstallBlock207.exe
file-3154404_exe
InstallBlock.exe
installblock.exe
suf70_launch
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!