× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2ac9402b6685a47a406352df158771c45dcf688f97c182dc6b57fcf2a93893bb
Detection ratio: 1 / 67
Analysis date: 2017-10-30 10:10:25 UTC ( 1 year, 4 months ago )
Antivirus Result Update
eGambit Unsafe.AI_Score_93% 20171030
Ad-Aware 20171030
AegisLab 20171030
AhnLab-V3 20171030
Alibaba 20170911
ALYac 20171028
Antiy-AVL 20171030
Arcabit 20171030
Avast 20171030
Avast-Mobile 20171029
AVG 20171030
Avira (no cloud) 20171030
AVware 20171030
Baidu 20171030
BitDefender 20171030
Bkav 20171029
CAT-QuickHeal 20171030
ClamAV 20171030
CMC 20171029
Comodo 20171030
CrowdStrike Falcon (ML) 20171016
Cybereason 20170628
Cylance 20171030
Cyren 20171030
DrWeb 20171030
Emsisoft 20171030
Endgame 20171024
ESET-NOD32 20171030
F-Prot 20171030
F-Secure 20171030
Fortinet 20171030
GData 20171030
Ikarus 20171029
Sophos ML 20170914
Jiangmin 20171030
K7AntiVirus 20171030
K7GW 20171030
Kaspersky 20171030
Kingsoft 20171030
Malwarebytes 20171030
MAX 20171030
McAfee 20171030
McAfee-GW-Edition 20171030
Microsoft 20171030
eScan 20171030
NANO-Antivirus 20171030
nProtect 20171030
Palo Alto Networks (Known Signatures) 20171030
Panda 20171029
Qihoo-360 20171030
Rising 20171030
SentinelOne (Static ML) 20171019
Sophos AV 20171030
SUPERAntiSpyware 20171030
Symantec 20171030
Symantec Mobile Insight 20171027
Tencent 20171030
TheHacker 20171028
TrendMicro 20171030
TrendMicro-HouseCall 20171030
Trustlook 20171030
VBA32 20171027
VIPRE 20171030
ViRobot 20171030
Webroot 20171030
WhiteArmor 20171024
Yandex 20171027
Zillya 20171027
ZoneAlarm by Check Point 20171030
Zoner 20171030
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© 2016 AO Kaspersky Lab. Tüm Hakları Saklıdır.

Product Kaspersky Anti-Virus
Original name Setup.exe
Internal name Setup
File version 17.0.0.611
Description Kaspersky Anti-Virus [17.0.0.611.0.584.0]
Signature verification Signed file, verified signature
Signing date 11:55 AM 10/3/2016
Signers
[+] Kaspersky Lab
Status Valid
Issuer DigiCert High Assurance Code Signing CA-1
Valid from 1:00 AM 10/8/2015
Valid to 1:00 PM 10/24/2018
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F
Serial number 0F 66 8F B0 F0 F0 02 B7 74 C7 DD BD 76 9E E5 B1
[+] DigiCert High Assurance Code Signing CA-1
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 1:00 PM 2/11/2011
Valid to 1:00 PM 2/10/2026
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint E308F829DC77E80AF15EDD4151EA47C59399AB46
Serial number 02 C4 D1 E5 8A 4A 68 0C 56 8D A3 04 7E 7E 4D 5F
[+] DigiCert High Assurance EV Root CA
Status Valid
Issuer GTE CyberTrust Global Root
Valid from 6:38 PM 8/19/2015
Valid to 6:37 PM 8/10/2018
Valid usage All
Algorithm sha1RSA
Thumbprint AC3E88CA4B0EB46C7558A6F07637F3C64C81E5D3
Serial number 07 27 CF 61
[+] DigiCert Global Root
Status Valid
Issuer GTE CyberTrust Global Root
Valid from 1:29 AM 8/13/1998
Valid to 12:59 AM 8/14/2018
Valid usage Email Protection, Client Auth, Server Auth, Code Signing
Algorithm md5RSA
Thumbprint 97817950D81C9670CC34D809CF794431367EF474
Serial number 01 A5
Counter signers
[+] DigiCert Timestamp Responder
Status Valid
Issuer DigiCert Assured ID CA-1
Valid from 1:00 AM 10/22/2014
Valid to 1:00 AM 10/22/2024
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 614D271D9102E30169822487FDE5DE00A352B01D
Serial number 03 01 9A 02 3A FF 58 B1 6B D6 D5 EA E6 17 F0 66
[+] DigiCert Assured ID CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2021
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing
Algorithm sha1RSA
Thumbrint 19A09B5A36F4DD99727DF783C17A51231A56C117
Serial number 06 FD F9 03 96 03 AD EA 00 0A EB 3F 27 BB BA 1B
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbrint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-06-27 21:52:20
Entry Point 0x0000E9DF
Number of sections 5
PE sections
Overlays
MD5 b247c506b2ee62417434f4e657579d61
File type data
Offset 2583040
Size 17440
Entropy 7.20
PE imports
GetStdHandle
EncodePointer
GetFileAttributesW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
FormatMessageW
InitializeCriticalSection
LoadResource
InterlockedDecrement
MoveFileW
SetLastError
TlsGetValue
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetVersionExA
HeapSetInformation
EnumSystemLocalesA
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
FlushInstructionCache
SetFilePointer
GetSystemDirectoryW
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetSystemDirectoryA
DecodePointer
TerminateProcess
SetCurrentDirectoryW
VirtualQuery
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CreateFileMappingW
RemoveDirectoryW
IsValidLocale
GetUserDefaultLCID
CreateFileW
GetFileType
TlsSetValue
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
HeapCreate
GetSystemInfo
GetConsoleCP
GetEnvironmentStringsW
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetCommandLineW
WideCharToMultiByte
HeapSize
InterlockedCompareExchange
RaiseException
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
FindResourceExW
IsValidCodePage
UnmapViewOfFile
GetTempPathW
Sleep
VirtualAlloc
UuidCreateSequential
PE exports
Number of PE resources by type
RT_ICON 5
SZIP 4
DOWNLOADER.INI 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL DEFAULT 6
NEUTRAL 5
TURKISH DEFAULT 1
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
LegalTrademarks
Tescilli ticari markalar ve hizmet markalar kendi sahiplerine aittir

SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
17.0.0.611

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Kaspersky Anti-Virus [17.0.0.611.0.584.0]

CharacterSet
Unicode

InitializedDataSize
2460672

EntryPoint
0xe9df

OriginalFileName
Setup.exe

MIMEType
application/octet-stream

LegalCopyright
2016 AO Kaspersky Lab. T m Haklar Sakl d r.

FileVersion
17.0.0.611

TimeStamp
2016:06:27 22:52:20+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Setup

ProductVersion
17.0.0.611

UninitializedDataSize
0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Kaspersky Lab

CodeSize
121344

ProductName
Kaspersky Anti-Virus

ProductVersionNumber
17.0.0.611

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
File identification
MD5 c176a64274552c173bb3cf53e632e432
SHA1 8022d99051d73a59e53c04da9f0c25c9f5e96e95
SHA256 2ac9402b6685a47a406352df158771c45dcf688f97c182dc6b57fcf2a93893bb
ssdeep
49152:XRcWAkMb9HnIYI8LFFOoGnuX6X1LfgEKcYPv2qS31lQZG/cZU8:X/MhHnIY3JGO21LfgEKcdqSlz/Q

authentihash 6f8c60b924fbb1a929da5c21c66dde72265de86750ac387c2326c880733c153c
imphash 8f1c432cd73af8856ff3881d4e330a21
File size 2.5 MB ( 2600480 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2016-10-19 09:18:52 UTC ( 2 years, 5 months ago )
Last submission 2017-10-30 10:10:25 UTC ( 1 year, 4 months ago )
File names kav17.0.0.611abtr_11566.exe
kav17.0.0.611abtr_11566.exe
kav17.0.0.611abtr_11566.exe
kav17.0.0.611abtr_11566.exe
kav17.0.0.611abtr_11566.exe
kav17.0.0.611abtr_11566.exe
Setup
kav17.0.0.611abtr_11566.exe
kav17.0.0.611abtr_11566.exe
Setup.exe
kav17.0.0.611abtr_11566.exe
kav17.0.0.611abtr_11566.exe
kav17.0.0.611abtr_11566.exe
kav17.0.0.611abtr_11566.exe
kav17.0.0.611abtr_11566.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created mutexes
Searched windows
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.