× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 349b796e42a8f3cc8a20a5b163cb6f7c22f95abf3aad2cd13c4b57db4b28941e
File name: productkeyexplorer_setup.exe
Detection ratio: 0 / 66
Analysis date: 2018-11-13 00:44:07 UTC ( 1 week ago )
Antivirus Result Update
Ad-Aware 20181112
AegisLab 20181112
AhnLab-V3 20181112
Alibaba 20180921
ALYac 20181113
Antiy-AVL 20181112
Arcabit 20181112
Avast 20181113
Avast-Mobile 20181112
AVG 20181113
Avira (no cloud) 20181113
Babable 20180918
Baidu 20181112
BitDefender 20181112
Bkav 20181110
CAT-QuickHeal 20181112
ClamAV 20181112
CMC 20181112
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181113
Cyren 20181113
DrWeb 20181112
Emsisoft 20181112
Endgame 20181108
ESET-NOD32 20181112
F-Prot 20181112
F-Secure 20181112
Fortinet 20181112
GData 20181112
Ikarus 20181112
Sophos ML 20181108
Jiangmin 20181112
K7AntiVirus 20181112
K7GW 20181112
Kaspersky 20181112
Kingsoft 20181113
Malwarebytes 20181112
MAX 20181113
McAfee 20181112
McAfee-GW-Edition 20181112
Microsoft 20181113
eScan 20181112
NANO-Antivirus 20181113
Palo Alto Networks (Known Signatures) 20181113
Panda 20181112
Qihoo-360 20181113
Rising 20181112
SentinelOne (Static ML) 20181011
Sophos AV 20181112
SUPERAntiSpyware 20181107
Symantec 20181112
Symantec Mobile Insight 20181108
TACHYON 20181112
Tencent 20181113
TheHacker 20181108
TotalDefense 20181112
TrendMicro 20181112
TrendMicro-HouseCall 20181113
Trustlook 20181113
VBA32 20181112
ViRobot 20181112
Webroot 20181113
Yandex 20181112
Zillya 20181112
ZoneAlarm by Check Point 20181113
Zoner 20181113
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright

Product Product Key Explorer
File version
Description Product Key Explorer Setup
Comments This installation was built with Inno Setup.
Signature verification Signed file, verified signature
Signing date 1:32 AM 10/5/2015
Signers
[+] Nsasoft US LLC
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer COMODO RSA Code Signing CA
Valid from 1:00 AM 11/27/2014
Valid to 12:59 AM 11/28/2015
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 77E726BBDE83579D21C1897D6DED30BFC5520A14
Serial number 0B E4 27 49 27 00 B9 4B 27 AF 74 14 04 0A 25 A3
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 5/9/2013
Valid to 12:59 AM 5/9/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 1/19/2010
Valid to 12:59 AM 1/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] COMODO Time Stamping Signer
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 5/5/2015
Valid to 12:59 AM 1/1/2016
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint DF946A5E503015777FD22F46B5624ECD27BEE376
Serial number 00 9F EA C8 11 B0 F1 62 47 A5 FC 20 D8 05 23 AC E6
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
Packers identified
F-PROT INNO, appended, Armadillo, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00009C40
Number of sections 8
PE sections
Overlays
MD5 1cf5ebdd2f7d40b5e8ace42a5afebb49
File type data
Offset 54272
Size 2586592
Entropy 8.00
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
CreateDirectoryA
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetLocaleInfoA
LocalAlloc
LockResource
IsDBCSLeadByte
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
CloseHandle
GetACP
GetFullPathNameA
LocalFree
CreateProcessA
GetModuleFileNameA
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
FindResourceA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 4
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
DUTCH 4
ENGLISH US 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
This installation was built with Inno Setup.

InitializedDataSize
17920

ImageVersion
6.0

ProductName
Product Key Explorer

FileVersionNumber
0.0.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Unicode

LinkerVersion
2.25

FileTypeExtension
exe

MIMEType
application/octet-stream

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
Product Key Explorer Setup

OSVersion
1.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Nsasoft, LLC.

CodeSize
37888

FileSubtype
0

ProductVersionNumber
0.0.0.0

EntryPoint
0x9c40

ObjectFileType
Executable application

File identification
MD5 c32762d147b41f692872a34e820ce236
SHA1 d65de68ba024f5a8f450461e78263bc60fdc6a78
SHA256 349b796e42a8f3cc8a20a5b163cb6f7c22f95abf3aad2cd13c4b57db4b28941e
ssdeep
49152:WaHYejVsEM8lOLbSEs4OecDU1e8opkHor1EBha73yfctNPVDQfJJN4:H4ePM8ACEs4OeIU1e8op8U1EBhaLQl4

authentihash 102cc70191f2383233e6c45743c48b752f35bcd787f48d3f590d03aeffa650f3
imphash 884310b1928934402ea6fec1dbd3cf5e
File size 2.5 MB ( 2640864 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (76.6%)
Win32 Executable Delphi generic (9.9%)
Win32 Dynamic Link Library (generic) (4.5%)
Win32 Executable (generic) (3.1%)
Win16/32 Executable Delphi generic (1.4%)
Tags
peexe armadillo signed overlay

VirusTotal metadata
First submission 2015-10-05 08:00:24 UTC ( 3 years, 1 month ago )
Last submission 2016-07-18 12:42:29 UTC ( 2 years, 4 months ago )
File names productkeyexplorer_setup.exe
productkeyexplorer_setup.exe
productkeyexplorer_setup-3_8_9_demo.exe
productkeyexplorer_setup.exe
1456952404-productkeyexplorer_setup.exe
product key explorer.exe
741992
productkeyexplorer_setup.exe
productkeyexplorer_setup.exe
productkeyexplorer_setup.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Runtime DLLs