× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2dd134fdbf7c1a6ae016bd63164cfb301b9e51dbc9715c0bc043418b2eaa5d2f
File name: Setup
Detection ratio: 37 / 58
Analysis date: 2017-02-21 05:41:23 UTC ( 1 year, 9 months ago )
Antivirus Result Update
AegisLab Troj.Ransom.W32.Foreign.ajtn!c 20170221
Antiy-AVL Trojan[Ransom]/Win32.Foreign.ajtn 20170221
Avast Win32:PUP-gen [PUP] 20170221
AVG Generic32.VGQ 20170221
Avira (no cloud) TR/Rogue.kdz.12125.5 20170220
AVware Trojan.Win32.Generic!BT 20170221
Bkav W32.HfsAdware.8F8F 20170220
CAT-QuickHeal TrojanRansom.Foreign 20170220
CMC Trojan-Ransom.Win32.Foreign!O 20170220
Comodo UnclassifiedMalware 20170221
DrWeb Adware.InstallCore.97 20170221
Endgame malicious (moderate confidence) 20170217
ESET-NOD32 a variant of Win32/Toolbar.Funmoods.D potentially unwanted 20170221
Fortinet Riskware/Funmoods 20170221
GData Win32.Application.InstallCore.IO 20170221
Ikarus Trojan-Ransom.Win32.Foreign 20170220
Sophos ML trojan.win32.dorv.b!rfn 20170203
Jiangmin Trojan/Foreign.csw 20170221
K7AntiVirus Adware ( 004b98c21 ) 20170220
K7GW Adware ( 004b98c21 ) 20170220
Kaspersky Trojan-Ransom.Win32.Foreign.ajtn 20170221
Kingsoft Win32.Troj.Undef.(kcloud) 20170221
Malwarebytes PUP.Optional.InstallCore 20170221
McAfee Ransom.dx 20170221
McAfee-GW-Edition Ransom.dx 20170221
NANO-Antivirus Trojan.Win32.Foreign.crswqg 20170221
nProtect Trojan/W32.Foreign.2316208 20170221
Qihoo-360 HEUR/Malware.QVM05.Gen 20170221
Sophos AV Mal/Generic-S 20170221
Tencent Win32.Trojan.Foreign.Ua 20170221
TrendMicro TROJ_SPNR.3AJH13 20170221
TrendMicro-HouseCall TROJ_SPNR.3AJH13 20170221
VBA32 Downware.InstallCore 20170220
VIPRE Trojan.Win32.Generic!BT 20170221
Webroot Pua.Funmoods 20170221
Yandex Trojan.Foreign!4NHpm9pVQ+U 20170220
Zillya Trojan.Foreign.Win32.4383 20170220
Ad-Aware 20170221
AhnLab-V3 20170221
Alibaba 20170221
ALYac 20170221
Arcabit 20170221
Baidu 20170221
BitDefender 20170221
ClamAV 20170221
CrowdStrike Falcon (ML) 20170130
Cyren 20170221
Emsisoft 20170221
F-Prot 20170221
F-Secure 20170221
Microsoft 20170220
eScan 20170221
Panda 20170220
Rising None
SUPERAntiSpyware 20170220
TheHacker 20170220
TotalDefense 20170220
Trustlook 20170221
ViRobot 20170221
WhiteArmor 20170215
Zoner 20170221
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright

Product Setup©
Internal name Setup
File version 2.2.1.515
Description Setup
Signature verification Signed file, verified signature
Signing date 3:46 PM 2/25/2013
Signers
[+] Funmoods
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer COMODO Code Signing CA 2
Valid from 1:00 AM 2/18/2013
Valid to 12:59 AM 2/19/2014
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 7E3D88714E0F25F6FFA9CFF657CDFC226F7C49A0
Serial number 00 F7 10 0A E2 86 D6 D9 AE 97 78 9C 22 F1 56 C8 8F
[+] COMODO Code Signing CA 2
Status Valid
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 8/24/2011
Valid to 11:48 AM 5/30/2020
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint B64771392538D1EB7A9281998791C14AFD0C5035
Serial number 10 70 9D 4F F5 54 08 D7 30 60 01 D8 EA 91 75 BB
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbprint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
Counter signers
[+] COMODO Time Stamping Signer
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 5/10/2010
Valid to 12:59 AM 5/11/2015
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 3DBB6DB5085C6DD5A1CA7F9CF84ECB1A3910CAC8
Serial number 47 8A 8E FB 59 E1 D8 3F 0C E1 42 D2 A2 87 07 BE
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
Packers identified
PEiD BobSoft Mini Delphi -> BoB / BobSoft
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x000679F4
Number of sections 8
PE sections
Overlays
MD5 021b8363cff63520de5a285650e839f3
File type data
Offset 2311168
Size 5040
Entropy 7.39
PE imports
RegCreateKeyExW
LookupPrivilegeValueA
RegCloseKey
RegQueryValueExA
AdjustTokenPrivileges
RegEnumKeyW
RegQueryValueExW
SetSecurityDescriptorDacl
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
DuplicateToken
RegOpenKeyExW
GetFileSecurityA
RegOpenKeyExA
SetFileSecurityA
DuplicateTokenEx
IsValidSid
GetSecurityDescriptorDacl
RegDeleteValueW
OpenThreadToken
GetUserNameA
GetLengthSid
CreateProcessAsUserW
RegEnumValueW
RegSetValueExW
InitializeSecurityDescriptor
GetStdHandle
GetFileAttributesA
WaitForSingleObject
GetFileAttributesW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
GetFullPathNameA
GetTempPathA
WideCharToMultiByte
WriteFile
GetDiskFreeSpaceA
SetFileAttributesA
SetEvent
LocalFree
ResumeThread
GetExitCodeProcess
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
TlsGetValue
MoveFileW
SetFileAttributesW
GetStringTypeExA
GetEnvironmentVariableW
SetLastError
GetSystemTime
CopyFileW
RemoveDirectoryW
CopyFileA
ExitProcess
GetModuleFileNameA
EnumCalendarInfoA
GetVolumeInformationA
LoadLibraryExA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetSystemPowerStatus
FormatMessageA
GetModuleHandleA
CreateThread
GetSystemDirectoryW
CreatePipe
ExitThread
TerminateProcess
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
HeapFree
EnterCriticalSection
PeekNamedPipe
FreeLibrary
GetTickCount
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetWindowsDirectoryW
GetFileSize
OpenProcess
CreateDirectoryA
DeleteFileA
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GlobalReAlloc
GetModuleFileNameW
ExpandEnvironmentStringsW
FindFirstFileA
ResetEvent
FindFirstFileW
GlobalLock
GetTimeZoneInformation
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
DosDateTimeToFileTime
GetShortPathNameW
lstrlenA
GlobalFree
FindNextFileW
GetThreadLocale
GlobalUnlock
VirtualQuery
GetShortPathNameA
CreateProcessW
SizeofResource
LockResource
SetFileTime
GetCPInfo
GetCommandLineA
GetCurrentThread
GetSystemDefaultLangID
RaiseException
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
FreeResource
VirtualFree
Sleep
FindResourceA
VirtualAlloc
CompareStringA
SafeArrayCreate
VariantCopy
VariantInit
VariantChangeTypeEx
SafeArrayGetLBound
VarI4FromStr
VarBstrFromDate
VariantCopyInd
VarBoolFromStr
SafeArrayGetUBound
VarNeg
SysFreeString
SafeArrayGetElement
SafeArrayPtrOfIndex
VarBstrFromCy
VarR8FromStr
VarBstrFromBool
VarCyFromStr
SafeArrayRedim
VarNot
SysAllocStringLen
VariantClear
SysReAllocStringLen
VarDateFromStr
SafeArrayPutElement
ShellExecuteExW
GetWindowThreadProcessId
GetSystemMetrics
LoadStringA
PostMessageA
CharNextA
WaitForInputIdle
EnumWindows
MessageBoxA
GetKeyboardType
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
Number of PE resources by type
RT_STRING 8
RT_RCDATA 4
RT_ICON 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 13
HEBREW DEFAULT 4
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
2.25

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.2.1.515

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
1889280

EntryPoint
0x679f4

MIMEType
application/octet-stream

FileVersion
2.2.1.515

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Setup

ProductVersion
2.2.1.515

FileDescription
Setup

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Setup

CodeSize
420864

ProductName
Setup

ProductVersionNumber
2.2.1.515

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 0118396440bdff42d187ecc1a5b26e12
SHA1 22913ee2361b15e3dcd398c9692fce7795c63418
SHA256 2dd134fdbf7c1a6ae016bd63164cfb301b9e51dbc9715c0bc043418b2eaa5d2f
ssdeep
49152:MWkqgaCRB30TDEZVSUtP+7xwypGZdqxSDN+srmoDSIpV0uuF:Bk7aQ3lLax+Zd8SDN+ydnuF

authentihash 482603fda8718ed6f8899de52e57867ef4635347ffaf0cfbef74b07c45b315df
imphash 1c1872ef546fb0b87d575588992f46d0
File size 2.2 MB ( 2316208 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Delphi generic (37.4%)
Windows screen saver (34.5%)
Win32 Executable (generic) (11.9%)
Win16/32 Executable Delphi generic (5.4%)
Generic Win/DOS Executable (5.2%)
Tags
bobsoft peexe signed overlay

VirusTotal metadata
First submission 2013-02-26 16:57:29 UTC ( 5 years, 9 months ago )
Last submission 2015-07-27 09:02:08 UTC ( 3 years, 4 months ago )
File names 46037-2
FunMoodsSetup.exe
020313_f.exe
Setup
2dd134fdbf7c1a6ae016bd63164cfb301b9e51dbc9715c0bc043418b2eaa5d2f.exe
130313_f.exe
9787515
050313_f.exe
FunMoodsSetup.exe_
110313_f.exe
vti-rescan
040313_f.ex
040313_f.exe
output.9787515.txt
FunMoodsSetup_2.2.1.515_signed.exe
FunMoodsSetup_2.2.1.515.2.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
UDP communications