× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3485e83f625fac051a00202a4e51c2fd4f2ce69daca39f84a3c029874ae0ddd6
File name: kfa18.0.0.405abtr_13011.exe
Detection ratio: 1 / 69
Analysis date: 2018-09-26 09:21:42 UTC ( 3 months, 3 weeks ago )
Antivirus Result Update
Yandex Trojan.Agent!RBDC6YjCGdQ 20180925
Ad-Aware 20180926
AegisLab 20180926
AhnLab-V3 20180925
Alibaba 20180921
ALYac 20180926
Antiy-AVL 20180926
Arcabit 20180926
Avast 20180926
Avast-Mobile 20180926
AVG 20180926
Avira (no cloud) 20180926
AVware 20180925
Babable 20180918
Baidu 20180926
BitDefender 20180926
Bkav 20180925
CAT-QuickHeal 20180923
ClamAV 20180926
CMC 20180925
Comodo 20180926
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20180926
Cyren 20180926
DrWeb 20180926
eGambit 20180926
Emsisoft 20180926
Endgame 20180730
ESET-NOD32 20180926
F-Prot 20180926
F-Secure 20180926
Fortinet 20180926
GData 20180926
Ikarus 20180926
Sophos ML 20180717
Jiangmin 20180926
K7AntiVirus 20180926
K7GW 20180926
Kaspersky 20180926
Kingsoft 20180926
Malwarebytes 20180926
MAX 20180926
McAfee 20180926
McAfee-GW-Edition 20180926
Microsoft 20180926
eScan 20180926
NANO-Antivirus 20180926
Palo Alto Networks (Known Signatures) 20180926
Panda 20180925
Qihoo-360 20180926
Rising 20180926
SentinelOne (Static ML) 20180925
Sophos AV 20180926
SUPERAntiSpyware 20180907
Symantec 20180925
Symantec Mobile Insight 20180924
TACHYON 20180926
Tencent 20180926
TheHacker 20180924
TotalDefense 20180925
TrendMicro 20180926
TrendMicro-HouseCall 20180926
Trustlook 20180926
VBA32 20180926
VIPRE 20180926
ViRobot 20180925
Webroot 20180926
Zillya 20180925
ZoneAlarm by Check Point 20180925
Zoner 20180925
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© 2017 AO Kaspersky Lab. Tüm Hakları Saklıdır.

Product Kaspersky Free
Original name Setup.exe
Internal name Setup
File version 18.0.0.405
Description Kaspersky Free [18.0.0.405.0.1423.0]
Signature verification Signed file, verified signature
Signing date 8:40 AM 8/23/2017
Signers
[+] Kaspersky Lab
Status Valid
Issuer DigiCert High Assurance Code Signing CA-1
Valid from 1:00 AM 10/8/2015
Valid to 1:00 PM 10/24/2018
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F
Serial number 0F 66 8F B0 F0 F0 02 B7 74 C7 DD BD 76 9E E5 B1
[+] DigiCert High Assurance Code Signing CA-1
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 1:00 PM 2/11/2011
Valid to 1:00 PM 2/10/2026
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint E308F829DC77E80AF15EDD4151EA47C59399AB46
Serial number 02 C4 D1 E5 8A 4A 68 0C 56 8D A3 04 7E 7E 4D 5F
[+] DigiCert
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
Serial number 02 AC 5C 26 6A 0B 40 9B 8F 0B 79 F2 AE 46 25 77
Counter signers
[+] GlobalSign TSA for MS Authenticode - G2
Status Valid
Issuer GlobalSign Timestamping CA - G2
Valid from 1:00 AM 5/24/2016
Valid to 1:00 AM 6/24/2027
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 63B82FAB61F583909695050B00249C502933EC79
Serial number 11 21 D6 99 A7 64 97 3E F1 F8 42 7E E9 19 CC 53 41 14
[+] GlobalSign Timestamping CA - G2
Status Valid
Issuer GlobalSign Root CA
Valid from 11:00 AM 4/13/2011
Valid to 1:00 PM 1/28/2028
Valid usage All
Algorithm sha1RSA
Thumbrint C0E49D2D7D90A5CD427F02D9125694D5D6EC5B71
Serial number 04 00 00 00 00 01 2F 4E E1 52 D7
[+] GlobalSign Root CA - R1
Status Valid
Issuer GlobalSign Root CA
Valid from 1:00 PM 9/1/1998
Valid to 1:00 PM 1/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbrint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-01-24 15:19:12
Entry Point 0x000047DF
Number of sections 6
PE sections
Overlays
MD5 7a8d12e9347bef9d629d00700cda16c7
File type data
Offset 2363392
Size 16432
Entropy 7.31
PE imports
GetStdHandle
WaitForSingleObject
EncodePointer
GetFileAttributesW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
EnumSystemLocalesW
FreeEnvironmentStringsW
InitializeSListHead
GetLocaleInfoW
SetStdHandle
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
FormatMessageW
FreeLibraryAndExitThread
InitializeCriticalSection
LoadResource
FindClose
TlsGetValue
FormatMessageA
SetLastError
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
LoadLibraryExA
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
FlushInstructionCache
MoveFileW
GetModuleHandleA
CreateThread
MoveFileExW
GetSystemDirectoryW
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ExitThread
DecodePointer
TerminateProcess
GetModuleHandleExW
SetCurrentDirectoryW
VirtualQuery
GetCurrentThreadId
WriteConsoleW
GetSystemWow64DirectoryW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
OpenProcess
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GetTempFileNameW
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
ResetEvent
IsValidLocale
FindFirstFileExW
GetUserDefaultLCID
CreateEventW
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
GetConsoleCP
GetEnvironmentStringsW
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
FindResourceExW
IsValidCodePage
GetTempPathW
CreateProcessW
VirtualAlloc
GetOEMCP
Number of PE resources by type
RT_ICON 5
SZIP 3
DOWNLOADER.INI 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL DEFAULT 6
NEUTRAL 4
TURKISH DEFAULT 1
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
CodeSize
178688

SubsystemVersion
5.1

LinkerVersion
14.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
18.0.0.405

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Kaspersky Free [18.0.0.405.0.1423.0]

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
2183680

EntryPoint
0x47df

OriginalFileName
Setup.exe

MIMEType
application/octet-stream

LegalCopyright
2017 AO Kaspersky Lab. T m Haklar Sakl d r.

FileVersion
18.0.0.405

TimeStamp
2017:01:24 16:19:12+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Setup

ProductVersion
18.0.0.405

UninitializedDataSize
0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Kaspersky Lab

LegalTrademarks
Tescilli ticari markalar ve hizmet markalar kendi sahiplerine aittir

ProductName
Kaspersky Free

ProductVersionNumber
18.0.0.405

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 21bdc23805a7b67ae2f872d467a05b37
SHA1 487c3df77f0de81bd8f21abe6ff93d11e1466838
SHA256 3485e83f625fac051a00202a4e51c2fd4f2ce69daca39f84a3c029874ae0ddd6
ssdeep
49152:HW6+Ua9HnIb/7mlmhfTAoUe+YW0QZT3RoIFnEFkA4QvbRQilX1AlE2:7+JHnIPmir8N9Fy4QvbRQi9eJ

authentihash 73ea752a35258fcc2941e74f3fd31b0eaa6fd250ca197b81a22c14bce7930b40
imphash 1c333af01a5aa984c162ce72ffccd51a
File size 2.3 MB ( 2379824 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2017-09-06 15:41:12 UTC ( 1 year, 4 months ago )
Last submission 2018-09-26 09:21:42 UTC ( 3 months, 3 weeks ago )
File names kfa18.0.0.405abtr_13011.exe
kfa18.0.0.405abtr_13011.exe
kfa18.0.0.405abtr_13011.exe
kfa18.0.0.405abtr_13011.exe
kfa18.0.0.405abtr_13011.exe
kfa18.0.0.405abtr_13011 (1).exe
Setup
kfa18.0.0.405abtr_13011.exe
kfa18.0.0.405abtr_13011.exe
kfa18.0.0.405abtr_13011 (1).exe
kfa18.0.0.405abtr_13011.exe
Setup.exe
startup.exe
kfa18.0.0.405abtr_13011.exe
kfa18.0.0.405abtr_13011.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created mutexes
Searched windows
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications