× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 32d88a8502c45b8f12e338790a39f117aff87e34f64807e8b273ea2fe22c36ac
File name:
Detection ratio: 0 / 56
Analysis date: 2016-03-02 17:18:03 UTC ( 2 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware 20160302
AegisLab 20160302
Yandex 20160301
AhnLab-V3 20160302
Alibaba 20160302
ALYac 20160302
Antiy-AVL 20160302
Arcabit 20160302
Avast 20160302
AVG 20160302
Avira (no cloud) 20160302
AVware 20160302
Baidu-International 20160302
BitDefender 20160302
Bkav 20160302
ByteHero 20160302
CAT-QuickHeal 20160302
ClamAV 20160302
CMC 20160301
Comodo 20160302
Cyren 20160302
DrWeb 20160302
Emsisoft 20160229
ESET-NOD32 20160302
F-Prot 20160302
F-Secure 20160302
Fortinet 20160302
GData 20160302
Ikarus 20160302
Jiangmin 20160302
K7AntiVirus 20160302
K7GW 20160302
Kaspersky 20160302
Malwarebytes 20160302
McAfee 20160302
McAfee-GW-Edition 20160302
Microsoft 20160302
eScan 20160302
NANO-Antivirus 20160302
nProtect 20160302
Panda 20160302
Qihoo-360 20160302
Rising 20160302
Sophos AV 20160302
SUPERAntiSpyware 20160302
Symantec 20160301
Tencent 20160302
TheHacker 20160301
TotalDefense 20160302
TrendMicro 20160302
TrendMicro-HouseCall 20160302
VBA32 20160302
VIPRE 20160302
ViRobot 20160302
Zillya 20160302
Zoner 20160302
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2007-2010, DRPU Software Pvt. Ltd.. All rights reserved.

Product DRPU Setup Creator(Demo)
Original name Application.EXE
Internal name Application
File version 0, 0, 0, 0
Description Application
Comments
Signature verification Signed file, verified signature
Signing date 1:01 PM 12/23/2010
Signers
[+] DRPU Software Private Limited
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Code Signing CA - G2
Valid from 1:00 AM 9/2/2010
Valid to 12:59 AM 9/1/2012
Valid usage Code Signing, 1.3.6.1.4.1.311.2.1.22
Algorithm sha1RSA
Thumbprint F651AA689E0CF8531C815D7DBDD99437F9B01E7E
Serial number 13 1C 6D 44 2A 94 CF 46 15 E7 FB 18 5B CC EB 2E
[+] Thawte Code Signing CA - G2
Status Valid
Issuer thawte Primary Root CA
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 808D62642B7D1C4A9A83FD667F7A2A9D243FB1C7
Serial number 47 97 4D 78 73 A5 BC AB 0D 2F B3 70 19 2F CE 5E
[+] thawte
Status Valid
Issuer thawte Primary Root CA
Valid from 1:00 AM 11/17/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 91C6D6EE3E8AC86384E548C299295C756C817B81
Serial number 34 4E D5 57 20 D5 ED EC 49 F4 2F CE 37 DB 2B 6D
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 1:00 AM 6/15/2007
Valid to 12:59 AM 6/15/2012
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-06-07 12:33:32
Entry Point 0x000261EC
Number of sections 4
PE sections
Overlays
MD5 8163c3d05900d07585a760f6f679c4a0
File type data
Offset 6309888
Size 5288
Entropy 7.35
PE imports
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegSetValueExA
RegQueryValueA
RegQueryValueExA
GetUserNameA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
GetFileTitleA
SetMapMode
SaveDC
TextOutA
GetTextMetricsA
GetClipBox
GetObjectA
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetBkMode
DeleteObject
SetTextColor
GetDeviceCaps
CreateFontA
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
ExtTextOutA
PtVisible
ScaleViewportExtEx
SelectObject
GetTextExtentPoint32A
SetWindowExtEx
CreateSolidBrush
Escape
SetBkColor
SetViewportExtEx
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
GetFileAttributesA
GetDriveTypeA
lstrcmpW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
ExpandEnvironmentStringsA
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetFileTime
GetTempPathA
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
EnumResourceLanguagesA
HeapReAlloc
GetStringTypeW
GetFullPathNameA
FreeLibrary
LocalFree
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
InterlockedDecrement
FormatMessageA
SetLastError
VerLanguageNameA
GetModuleFileNameW
GlobalFindAtomA
ExitProcess
GetVersionExA
GetModuleFileNameA
GetVolumeInformationA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
MulDiv
GetSystemDirectoryA
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
UnlockFile
GetFileSize
GlobalDeleteAtom
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GlobalLock
GetProcessHeap
CompareStringW
GetFileSizeEx
GlobalReAlloc
lstrcmpA
FindFirstFileA
CompareStringA
GetComputerNameA
FindNextFileA
GetDiskFreeSpaceExA
DuplicateHandle
GetProcAddress
GetTimeZoneInformation
CopyFileA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
LocalReAlloc
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GlobalGetAtomNameA
GetEnvironmentStringsW
GlobalUnlock
LockFile
FileTimeToLocalFileTime
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
GetCurrentDirectoryA
HeapSize
IsDebuggerPresent
GetCommandLineA
GetCurrentThread
GetSystemDefaultLangID
RaiseException
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
GetACP
GetModuleHandleW
FreeResource
SizeofResource
WideCharToMultiByte
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
VariantChangeType
VariantClear
VariantInit
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetFolderPathA
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
PathFindExtensionA
PathIsUNCA
PathStripToRootA
PathFindFileNameA
PathRemoveFileSpecA
PathFileExistsA
MapWindowPoints
GetForegroundWindow
RedrawWindow
SetMenuItemBitmaps
DestroyMenu
PostQuitMessage
GetMessagePos
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
GrayStringA
GetMessageTime
SetActiveWindow
GetMenuItemID
GetCursorPos
DrawTextA
GetDlgCtrlID
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
GetNextDlgTabItem
CallNextHookEx
GetWindowTextLengthA
ClientToScreen
GetActiveWindow
GetTopWindow
GetWindowTextA
PtInRect
GetMessageA
GetParent
UpdateWindow
SetPropA
GetClassInfoExA
ShowWindow
GetPropA
GetDesktopWindow
EnableWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
GetWindowPlacement
EnableMenuItem
RegisterClassA
TabbedTextOutA
GetWindowLongA
CreateWindowExA
CopyRect
GetSysColorBrush
DestroyWindow
IsDialogMessageA
SetFocus
BeginPaint
KillTimer
RegisterWindowMessageA
DefWindowProcA
SendDlgItemMessageA
GetSystemMetrics
IsIconic
GetWindowRect
PostMessageA
DrawIcon
SetWindowLongA
RemovePropA
SetWindowTextA
CheckMenuItem
GetSubMenu
GetLastActivePopup
SetTimer
GetDlgItem
GetMenuCheckMarkDimensions
ScreenToClient
GetClassLongA
GetCapture
LoadCursorA
LoadIconA
SetWindowsHookExA
GetMenuItemCount
GetMenuState
GetSystemMenu
GetDC
SetForegroundWindow
ReleaseDC
EndDialog
CreateDialogIndirectParamA
DrawTextExA
GetWindowThreadProcessId
UnhookWindowsHookEx
SetDlgItemTextA
MoveWindow
MessageBoxA
AdjustWindowRectEx
GetSysColor
GetKeyState
SystemParametersInfoA
IsWindowVisible
WinHelpA
InvalidateRect
ValidateRect
CallWindowProcA
GetClassNameA
GetFocus
ModifyMenuA
SetMenu
SetCursor
OpenPrinterA
DocumentPropertiesA
ClosePrinter
GdiplusShutdown
GdipCreateFromHDC
GdipLoadImageFromStream
GdipDisposeImage
GdipAlloc
GdipFree
GdipCloneImage
GdiplusStartup
GdipDrawImageRectI
GdipDeleteGraphics
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
Number of PE resources by type
RT_CURSOR 17
RT_GROUP_CURSOR 16
RT_STRING 13
RT_DIALOG 6
RT_ICON 5
RT_BITMAP 5
IDR_EXE 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 65
NEUTRAL 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.6.0.1

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
6068224

EntryPoint
0x261ec

OriginalFileName
Application.EXE

MIMEType
application/octet-stream

LegalCopyright
Copyright 2007-2010, DRPU Software Pvt. Ltd.. All rights reserved.

FileVersion
0, 0, 0, 0

TimeStamp
2010:06:07 13:33:32+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Application

ProductVersion
0, 0, 0, 0

FileDescription
Application

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
DRPU Software Pvt. Ltd.

CodeSize
240640

ProductName
DRPU Setup Creator(Demo)

ProductVersionNumber
4.6.0.1

Warning
Possibly corrupt Version resource

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 985dee21cbe6fb2752c8ffeccfcb6f76
SHA1 abcf40bf0fec806781c4f917d6d4b4d934b7a1ff
SHA256 32d88a8502c45b8f12e338790a39f117aff87e34f64807e8b273ea2fe22c36ac
ssdeep
196608:bBCPG/odP7yXbue8q4qRFIclJKn50smTBKZAmr2B:xgdP7yXbj45clJKkTBKg

authentihash 3c2c83ee0fab0a416555480455c0f1bcc36c6dd5f7bef8b0bc57a595d32e2d20
imphash 6b0cc74be1d49faadd8a7b89d935abc2
File size 6.0 MB ( 6315176 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2011-03-06 11:53:50 UTC ( 7 years, 1 month ago )
Last submission 2017-09-03 01:02:48 UTC ( 7 months, 3 weeks ago )
File names smona131565011804283498603
32d88a8502c45b8f12e338790a39f117aff87e34f64807e8b273ea2fe22c36ac
file-4997597_exe
file-2000143_swat
Setup_product_5172.exe
985DEE21CBE6FB2752C8FFECCFCB6F76
32D88A8502C45B8F12E338790A39F117AFF87E34F64807E8B273EA2FE22C36AC
1340695922-ipod-data-recovery-demo.zip
DRPUSetupCreatorDemo.exe
Application.EXE

Application
drpusetupcreatordemo.exe
DRPUSetupCreatorDemo.exe
985dee21cbe6fb2752c8ffeccfcb6f76.abcf40bf0fec806781c4f917d6d4b4d934b7a1ff
69886
DRPUSetupCreatorDemo.exe
DRPUSetupCreatorDemo.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!