× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2adf5b3507c28ddb104f0be240dc79c9b9a4417109a7b2703f3c28eb0d29b086
File name: 400345
Detection ratio: 0 / 68
Analysis date: 2018-09-09 00:25:17 UTC ( 4 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware 20180908
AegisLab 20180908
AhnLab-V3 20180908
Alibaba 20180713
ALYac 20180908
Antiy-AVL 20180906
Arcabit 20180908
Avast 20180908
Avast-Mobile 20180908
AVG 20180908
Avira (no cloud) 20180908
AVware 20180908
Babable 20180907
Baidu 20180906
BitDefender 20180908
Bkav 20180906
CAT-QuickHeal 20180908
ClamAV 20180908
CMC 20180908
Comodo 20180908
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20180909
Cyren 20180908
DrWeb 20180908
eGambit 20180909
Emsisoft 20180908
Endgame 20180730
ESET-NOD32 20180908
F-Prot 20180908
F-Secure 20180908
Fortinet 20180908
GData 20180908
Ikarus 20180908
Sophos ML 20180717
Jiangmin 20180909
K7AntiVirus 20180908
K7GW 20180908
Kaspersky 20180908
Kingsoft 20180909
Malwarebytes 20180908
MAX 20180909
McAfee 20180909
McAfee-GW-Edition 20180909
Microsoft 20180908
eScan 20180908
NANO-Antivirus 20180908
Palo Alto Networks (Known Signatures) 20180909
Panda 20180908
Qihoo-360 20180909
Rising 20180908
SentinelOne (Static ML) 20180830
Sophos AV 20180908
SUPERAntiSpyware 20180907
Symantec 20180908
Symantec Mobile Insight 20180905
TACHYON 20180909
Tencent 20180909
TheHacker 20180907
TotalDefense 20180908
TrendMicro 20180908
TrendMicro-HouseCall 20180908
Trustlook 20180909
VBA32 20180907
VIPRE 20180908
ViRobot 20180908
Webroot 20180909
Yandex 20180908
Zillya 20180908
ZoneAlarm by Check Point 20180908
Zoner 20180908
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 1988-2011 AVAST Software a.s.

Product avast! BackUp
Internal name bootstrapper.exe
File version 2.22.2.334
Signature verification Signed file, verified signature
Signing date 2:00 PM 11/14/2013
Signers
[+] AVAST Software a.s.
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer GlobalSign CodeSigning CA - G2
Valid from 10:47 AM 7/4/2011
Valid to 10:47 AM 7/4/2014
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 3EF12851559BC28A9A118D0971844ABAD3607514
Serial number 11 21 99 FB 57 A8 EF 0D 2D 6B 25 BB 68 D8 8D F2 45 B5
[+] GlobalSign CodeSigning CA - G2
Status Valid
Issuer GlobalSign Root CA
Valid from 11:00 AM 4/13/2011
Valid to 11:00 AM 4/13/2019
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 9000401777DD2B43393D7B594D2FF4CBA4516B38
Serial number 04 00 00 00 00 01 2F 4E E1 35 5C
[+] GlobalSign Root CA - R1
Status Valid
Issuer GlobalSign Root CA
Valid from 1:00 PM 9/1/1998
Valid to 1:00 PM 1/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbprint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT appended, 7Z, UTF-8
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-10-02 01:23:33
Entry Point 0x00019C3B
Number of sections 4
PE sections
Overlays
MD5 baaa80898b27e6583517dd03a8fcb90e
File type data
Offset 288768
Size 13114896
Entropy 8.00
PE imports
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
GetStdHandle
GetConsoleOutputCP
WaitForSingleObject
VerifyVersionInfoW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
GetSystemDefaultLCID
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
FormatMessageW
InitializeCriticalSection
TlsGetValue
SetLastError
GetUserDefaultUILanguage
RemoveDirectoryW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
VerSetConditionMask
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointerEx
GetModuleHandleA
GetSystemDefaultUILanguage
SetUnhandledExceptionFilter
TerminateProcess
WriteConsoleA
GetVersion
SetCurrentDirectoryW
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetTempFileNameW
GetModuleFileNameW
IsValidLocale
GetProcAddress
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
GetSystemInfo
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
CreateProcessW
GetCurrentDirectoryW
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
InterlockedCompareExchange
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
WriteFile
VirtualFree
Sleep
VirtualAlloc
CommandLineToArgvW
MessageBoxW
Ord(92)
Ord(113)
Ord(159)
Ord(141)
Ord(88)
Ord(70)
Ord(169)
Ord(31)
Ord(118)
Ord(32)
Ord(8)
Ord(160)
Number of PE resources by type
RT_VERSION 8
RT_ICON 7
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 8
ITALIAN NEUTRAL 1
ENGLISH NEUTRAL 1
GERMAN NEUTRAL 1
PORTUGUESE BRAZILIAN 1
JAPANESE DEFAULT 1
SPANISH MODERN 1
FRENCH NEUTRAL 1
DUTCH NEUTRAL 1
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
ProductVersionNumber
2.22.2.0

UninitializedDataSize
0

InitializedDataSize
109056

ImageVersion
0.0

ProductName
avast! BackUp

FileVersionNumber
2.22.2.334

LanguageCode
Unknown (0007)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2,22,2,334

TimeStamp
2013:10:02 02:23:33+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
bootstrapper.exe

ProductVersion
2,22,2,0

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2005-2013 - Mozy, Inc.

MachineType
Intel 386 or later, and compatibles

CompanyName
avast!

CodeSize
178688

FileSubtype
0

BuildNumber
20081203_0

EntryPoint
0x19c3b

ObjectFileType
Executable application

File identification
MD5 ccd5f3728bbaea652c87c86dba0c1f06
SHA1 9a6fd7a5d2b70413d66112afb3dc2fce74bb96e9
SHA256 2adf5b3507c28ddb104f0be240dc79c9b9a4417109a7b2703f3c28eb0d29b086
ssdeep
196608:nlLX1QzqEnj+aMleNZi80fbplaiLT+gsk7jSPlDTF/kbOjeH757va7zwbu+J57i7:nlRJAJMl8MjpvLT+beOKU78bu+H2kw/

authentihash 10f3aa94fafdf0be2db8b13249bf625db46697b523e60609dbf9dcf446b81504
imphash fe19353c357d2da93606c9374e8ef81d
File size 12.8 MB ( 13403664 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2014-01-31 09:17:23 UTC ( 4 years, 11 months ago )
Last submission 2018-04-27 05:58:26 UTC ( 8 months, 3 weeks ago )
File names 141493470660627-avast_backup_setup.exe
avast_backup_setup.exe
avast-backup-2.22.2.334.exe
2ADF5B3507C28DDB104F0BE240DC79C9B9A4417109A7B2703F3C28EB0D29B086
400345
bootstrapper.exe
avast_backup_setup.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files