× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 32ff97f7fb233c5386ea647de9eb3f570d1083b7e445a38b379de2c7b05dbd3d
File name: 89451
Detection ratio: 0 / 57
Analysis date: 2016-04-02 04:37:20 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware 20160402
AegisLab 20160402
AhnLab-V3 20160401
Alibaba 20160401
ALYac 20160402
Antiy-AVL 20160402
Arcabit 20160402
Avast 20160402
AVG 20160402
Avira (no cloud) 20160402
AVware 20160402
Baidu 20160402
Baidu-International 20160401
BitDefender 20160402
Bkav 20160401
CAT-QuickHeal 20160401
ClamAV 20160402
CMC 20160401
Comodo 20160401
Cyren 20160402
DrWeb 20160402
Emsisoft 20160402
ESET-NOD32 20160402
F-Prot 20160402
F-Secure 20160402
Fortinet 20160401
GData 20160402
Ikarus 20160401
Jiangmin 20160402
K7AntiVirus 20160401
K7GW 20160402
Kaspersky 20160402
Kingsoft 20160402
Malwarebytes 20160402
McAfee 20160402
McAfee-GW-Edition 20160402
Microsoft 20160402
eScan 20160402
NANO-Antivirus 20160402
nProtect 20160401
Panda 20160401
Qihoo-360 20160402
Rising 20160402
Sophos AV 20160402
SUPERAntiSpyware 20160402
Symantec 20160331
Tencent 20160402
TheHacker 20160330
TotalDefense 20160330
TrendMicro 20160402
TrendMicro-HouseCall 20160402
VBA32 20160401
VIPRE 20160402
ViRobot 20160402
Yandex 20160316
Zillya 20160401
Zoner 20160402
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Product installer
Original name installer.exe
Internal name DeckInst
File version 1, 0, 0, 1
Description installer
Comments Hardwood Installer
Signature verification Signed file, verified signature
Signing date 10:09 PM 1/17/2007
Signers
[+] Silver Creek Entertainment Inc
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2004 CA
Valid from 12:00 AM 07/13/2006
Valid to 11:59 PM 07/13/2007
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 5E7C917EBE585AF77486CD67156F1A20C004F6FC
Serial number 44 9A 6A D1 23 71 E0 65 85 64 9B DD 15 0A 0E 71
[+] VeriSign Class 3 Code Signing 2004 CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Class 3 Public Primary Certification Authority
Valid from 12:00 AM 07/16/2004
Valid to 11:59 PM 07/15/2014
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 197A4AEBDB25F0170079BB8C73CB2D655E0018A4
Serial number 41 91 A1 5A 39 78 DF CF 49 65 66 38 1D 4C 75 C2
[+] VeriSign Class 3 Public Primary CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 12:00 AM 01/29/1996
Valid to 11:59 PM 08/01/2028
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm md2RSA
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
Counter signers
[+] VeriSign Time Stamping Services Signer
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 12:00 AM 12/04/2003
Valid to 11:59 PM 12/03/2008
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 817E78267300CB0FE5D631357851DB366123A690
Serial number 0D E9 2B F0 D4 D8 29 88 18 32 05 09 5E 9A 76 88
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 12:00 AM 12/04/2003
Valid to 11:59 PM 12/03/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 01/01/1997
Valid to 11:59 PM 12/31/2020
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-01-17 18:40:40
Entry Point 0x00006ECF
Number of sections 4
PE sections
Overlays
MD5 1d6e48213950c293c0e0c200c90006de
File type data
Offset 90112
Size 6281488
Entropy 8.00
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
PeekNamedPipe
GetLastError
HeapFree
GetStdHandle
DosDateTimeToFileTime
LCMapStringW
SetHandleCount
FileTimeToSystemTime
GetFileAttributesA
VirtualProtect
GetOEMCP
LCMapStringA
HeapDestroy
GetTickCount
SetFileTime
GetVersionExA
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
WinExec
FreeEnvironmentStringsA
GetCurrentProcess
IsBadWritePtr
FileTimeToLocalFileTime
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
FreeEnvironmentStringsW
UnhandledExceptionFilter
CreateDirectoryA
DeleteFileA
GetCurrentDirectoryA
ExitProcess
MultiByteToWideChar
HeapSize
GetFileInformationByHandle
SetFilePointer
GetProcAddress
QueryPerformanceCounter
GetSystemInfo
GetFileType
SetStdHandle
CompareStringW
GetTempPathA
CreateFileA
GetCPInfo
GetStringTypeA
GetModuleHandleA
ReadFile
InterlockedExchange
SetUnhandledExceptionFilter
lstrcpyA
GetStartupInfoA
CompareStringA
GetSystemTimeAsFileTime
GetCommandLineA
GetACP
HeapReAlloc
GetStringTypeW
SetEnvironmentVariableA
SetFileAttributesA
FreeLibrary
MoveFileA
TerminateProcess
GetTimeZoneInformation
WideCharToMultiByte
HeapCreate
WriteFile
VirtualQuery
VirtualFree
LocalFileTimeToFileTime
IsBadReadPtr
SetEndOfFile
IsBadCodePtr
HeapAlloc
GetCurrentThreadId
VirtualAlloc
SetCurrentDirectoryA
CloseHandle
SHGetPathFromIDListA
SHBrowseForFolderA
GetMessageA
GetParent
BeginPaint
PostQuitMessage
DefWindowProcA
ShowWindow
SetWindowPos
FindWindowA
SendDlgItemMessageA
GetSystemMetrics
GetWindowRect
DispatchMessageA
EnableWindow
PostMessageA
MessageBoxA
PeekMessageA
TranslateMessage
SendMessageA
GetDlgItem
CreateDialogParamA
IsIconic
RegisterClassA
CreateWindowExA
LoadCursorA
LoadIconA
GetFocus
EndPaint
SetForegroundWindow
IsDialogMessageA
DestroyWindow
Number of PE resources by type
RT_ICON 5
RT_GROUP_ICON 2
RT_STRING 1
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 10
PE resources
ExifTool file metadata
FileDescription
installer

Comments
Hardwood Installer

InitializedDataSize
32768

ImageVersion
0.0

ProductName
installer

FileVersionNumber
1.0.0.1

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
7.1

FileTypeExtension
exe

OriginalFileName
installer.exe

MIMEType
application/octet-stream

FileVersion
1, 0, 0, 1

TimeStamp
2007:01:17 19:40:40+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
DeckInst

SubsystemVersion
4.0

ProductVersion
1, 0, 0, 1

UninitializedDataSize
0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Silver Creek Entertainment

CodeSize
61440

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0x6ecf

ObjectFileType
Executable application

File identification
MD5 69847039178e0ec6728e5d505f18d4f4
SHA1 7e4bb8b2e847814465be9e998f2e75bef6dac8e5
SHA256 32ff97f7fb233c5386ea647de9eb3f570d1083b7e445a38b379de2c7b05dbd3d
ssdeep
98304:TcXtdDnDn2Z9rAhzyDiTNDSu90EV71/eqbYRlUm5xIwQnRgsNuKSQxG5i60x/Ytd:TSdvGrAVBWXUgqbeUWfs1NDjfQn

authentihash 8351258a82ea4cc30e4d1a1f0d4329d26bd1ec5d27d295bdfea0ed53f00a5c56
imphash 2b6ede63abe8490f0e6348157881ef48
File size 6.1 MB ( 6371600 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (36.1%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win64 Executable (generic) (23.2%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.7%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2009-11-06 16:02:07 UTC ( 9 years, 6 months ago )
Last submission 2017-07-20 18:04:18 UTC ( 1 year, 10 months ago )
File names 41310-1589-hardwood-solitaire-iii.exe
hwsoliii.exe
141497311024243-hwsoliii.exe
hwsoliii.exe
hwsoliii.exe
installer.exe
7e4bb8b2e847814465be9e998f2e75bef6dac8e5.exe
output.15630138.txt
dl.cgi?File=hwsoliii.exe
15630138
89451
DeckInst
hwsoliii.exe
dl.cgi
InstallHardwoodSolitaireIII.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!