× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2f8f927b3b6b9d3eec75b27850e039be76583eb829e2b29c48e38b88e2bf676d
File name: setup_m
Detection ratio: 1 / 56
Analysis date: 2015-05-05 13:59:19 UTC ( 3 years, 10 months ago )
Antivirus Result Update
Symantec WS.Reputation.1 20150505
Ad-Aware 20150505
AegisLab 20150505
Yandex 20150504
AhnLab-V3 20150505
Alibaba 20150505
ALYac 20150505
Antiy-AVL 20150505
Avast 20150505
AVG 20150505
AVware 20150505
Baidu-International 20150505
BitDefender 20150505
Bkav 20150505
ByteHero 20150505
CAT-QuickHeal 20150505
ClamAV 20150505
CMC 20150505
Comodo 20150505
Cyren 20150505
DrWeb 20150505
Emsisoft 20150505
ESET-NOD32 20150505
F-Prot 20150505
F-Secure 20150505
Fortinet 20150505
GData 20150505
Ikarus 20150505
Jiangmin 20150504
K7AntiVirus 20150505
K7GW 20150505
Kaspersky 20150505
Kingsoft 20150505
Malwarebytes 20150505
McAfee 20150505
McAfee-GW-Edition 20150505
Microsoft 20150505
eScan 20150505
NANO-Antivirus 20150505
Norman 20150505
nProtect 20150504
Panda 20150505
Qihoo-360 20150505
Rising 20150505
Sophos AV 20150505
SUPERAntiSpyware 20150505
Tencent 20150505
TheHacker 20150504
TotalDefense 20150430
TrendMicro 20150505
TrendMicro-HouseCall 20150505
VBA32 20150505
VIPRE 20150505
ViRobot 20150505
Zillya 20150505
Zoner 20150505
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 2003 Liberalsoft. All rights reserved.

Publisher Liberalsoft
Product Liberalsoft LiberalInstaller
Original name setup.exe
Internal name setup_m
File version 1.2.2.810
Description LiberalInstaller Include Application(s)
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0007FF00
Number of sections 3
PE sections
PE imports
LoadLibraryA
ExitProcess
GetProcAddress
ImageList_DrawEx
CoInitialize
LoadTypeLib
SHGetMalloc
Number of PE resources by type
RT_BITMAP 21
RT_RCDATA 14
RT_STRING 13
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_ICON 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 62
JAPANESE DEFAULT 7
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
2.25

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.2.2.810

UninitializedDataSize
364544

LanguageCode
Japanese

FileFlagsMask
0x003f

CharacterSet
Windows, Japan (Shift - JIS X-0208)

InitializedDataSize
12288

FileOS
Win32

EntryPoint
0x7ff00

MIMEType
application/octet-stream

LegalCopyright
Copyright 2003 Liberalsoft. All rights reserved.

FileVersion
1.2.2.810

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
setup_m

ProductVersion
1.0.0.0

FileDescription
LiberalInstaller Include Application(s)

OSVersion
1.0

OriginalFilename
setup.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Liberalsoft

CodeSize
159744

ProductName
Liberalsoft LiberalInstaller

ProductVersionNumber
1.2.2.810

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 6b93a0d07819a276a71ecfba66f7e2aa
SHA1 406563ba0bba8d966c28d949aefddae9fa3380a3
SHA256 2f8f927b3b6b9d3eec75b27850e039be76583eb829e2b29c48e38b88e2bf676d
ssdeep
98304:wtegUePNxRePSExDuU7HbWYbtk93bWiQSO5pyBMP:MeghPNXePxDZ7HbRkV6i7a

authentihash 7cb88097aa7ff16afb62e321c4187f17db9141b2f754261a9270bd8b025b3b71
imphash 7e957f07e5a0fcf641c7ab2c573b10f6
File size 3.7 MB ( 3922408 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (41.1%)
Win32 EXE Yoda's Crypter (35.7%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Win16/32 Executable Delphi generic (2.7%)
Tags
peexe upx

VirusTotal metadata
First submission 2011-02-10 20:32:48 UTC ( 8 years, 1 month ago )
Last submission 2013-03-21 14:59:26 UTC ( 6 years ago )
File names 1174839
756323
6b93a0d07819a276a71ecfba66f7e2aa_INF30B5.tmp
6b93a0d07819a276a71ecfba66f7e2aa.406563ba0bba8d966c28d949aefddae9fa3380a3
6b93a0d07819a276a71ecfba66f7e2aa
187098
406563ba0bba8d966c28d949aefddae9fa3380a3
6b93a0d07819a276a71ecfba66f7e2aa
setup.exe
setup_m
hsp30rc2.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!