× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3b93e639f51ddd4f38d83db1401e1ddc47bdb0e9cbe7a5192bfacfe720208db1
File name: avira_ru_vpnb0_59f337d3124dd__ws.exe
Detection ratio: 1 / 69
Analysis date: 2019-03-19 11:25:09 UTC ( 2 months ago ) View latest
Antivirus Result Update
Zillya Trojan.Generic.Win32.627766 20190318
Acronis 20190318
Ad-Aware 20190319
AegisLab 20190319
AhnLab-V3 20190319
Alibaba 20190306
ALYac 20190319
Antiy-AVL 20190319
Arcabit 20190319
Avast 20190319
Avast-Mobile 20190319
AVG 20190319
Avira (no cloud) 20190319
Babable 20180918
Baidu 20190318
BitDefender 20190319
Bkav 20190318
CAT-QuickHeal 20190318
ClamAV 20190319
CMC 20190319
Comodo 20190319
CrowdStrike Falcon (ML) 20190212
Cylance 20190319
Cyren 20190319
DrWeb 20190319
eGambit 20190319
Emsisoft 20190319
Endgame 20190215
ESET-NOD32 20190319
F-Prot 20190319
F-Secure 20190319
Fortinet 20190319
GData 20190319
Ikarus 20190319
Sophos ML 20190313
Jiangmin 20190319
K7AntiVirus 20190319
K7GW 20190319
Kaspersky 20190319
Kingsoft 20190319
Malwarebytes 20190319
MAX 20190319
McAfee 20190319
McAfee-GW-Edition 20190319
Microsoft 20190319
eScan 20190319
NANO-Antivirus 20190319
Palo Alto Networks (Known Signatures) 20190319
Panda 20190319
Qihoo-360 20190319
Rising 20190319
SentinelOne (Static ML) 20190317
Sophos AV 20190319
SUPERAntiSpyware 20190314
Symantec 20190319
Symantec Mobile Insight 20190220
TACHYON 20190319
Tencent 20190319
TheHacker 20190315
TotalDefense 20190318
Trapmine 20190301
TrendMicro 20190319
TrendMicro-HouseCall 20190319
Trustlook 20190319
VBA32 20190319
ViRobot 20190319
Webroot 20190319
Yandex 20190318
ZoneAlarm by Check Point 20190319
Zoner 20190318
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2015 Avira Operations GmbH & Co. KG and its Licensors

Product Avira
Original name Avira.OE.Setup.Bundle.exe
Internal name setup
File version 1.2.128.15911
Description Avira
Signature verification Signed file, verified signature
Signing date 4:08 PM 1/29/2019
Signers
[+] Avira Operations GmbH & Co. KG
Status Valid
Issuer Symantec Class 3 Extended Validation Code Signing CA - G2
Valid from 12:00 AM 10/12/2016
Valid to 11:59 PM 10/12/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 9900CFAABC45B4247F9D78EE7E12B102D25EA325
Serial number 1F EB 54 56 B9 E0 C2 C6 83 57 C4 29 75 B9 82 24
[+] Symantec Class 3 Extended Validation Code Signing CA - G2
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 01:00 AM 03/04/2014
Valid to 12:59 AM 03/04/2024
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 5B8F88C80A73D35F76CD412A9E74E916594DFA67
Serial number 19 1A 32 CB 75 9C 97 B8 CF AC 11 8D D5 12 7F 49
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 01:00 AM 11/08/2006
Valid to 11:59 PM 07/16/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec SHA256 TimeStamping Signer - G3
Status Valid
Issuer Symantec SHA256 TimeStamping CA
Valid from 01:00 AM 12/23/2017
Valid to 12:59 AM 03/23/2029
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint A9A4121063D71D48E8529A4681DE803E3E7954B0
Serial number 7B D4 E5 AF BA CC 07 3F A1 01 23 04 22 41 4D 12
[+] Symantec SHA256 TimeStamping CA
Status Valid
Issuer VeriSign Universal Root Certification Authority
Valid from 01:00 AM 01/12/2016
Valid to 12:59 AM 01/12/2031
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 6FC9EDB5E00AB64151C1CDFCAC74AD2C7B7E3BE4
Serial number 7B 05 B1 D4 49 68 51 44 F7 C9 89 D2 9C 19 9D 12
[+] VeriSign Universal Root Certification Authority
Status Valid
Issuer VeriSign Universal Root Certification Authority
Valid from 12:00 AM 04/02/2008
Valid to 12:59 AM 12/02/2037
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha256RSA
Thumbrint 3679CA35668772304D30A5FB873B0FA77BB70D54
Serial number 40 1A C4 64 21 B3 13 21 03 0E BB E4 12 1A C5 1D
Packers identified
F-PROT CAB, UTF-8
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-29 14:07:28
Entry Point 0x00037F09
Number of sections 7
PE sections
Overlays
MD5 46eae9e06575c3e8b7bbfd37eb231230
File type data
Offset 467456
Size 5339904
Entropy 8.00
PE imports
RegCreateKeyExW
SetSecurityDescriptorOwner
RegCloseKey
SetEntriesInAclW
OpenServiceW
AdjustTokenPrivileges
ControlService
InitializeAcl
LookupPrivilegeValueW
RegDeleteKeyW
CryptHashData
InitializeSecurityDescriptor
DecryptFileW
RegQueryValueExW
CryptCreateHash
SetSecurityDescriptorDacl
CloseServiceHandle
ConvertStringSecurityDescriptorToSecurityDescriptorW
CreateWellKnownSid
OpenProcessToken
QueryServiceStatus
RegOpenKeyExW
InitiateSystemShutdownExW
QueryServiceConfigW
GetTokenInformation
CryptReleaseContext
GetUserNameW
RegQueryInfoKeyW
RegEnumKeyExW
CryptAcquireContextW
CryptDestroyHash
RegDeleteValueW
RegSetValueExW
CryptGetHashParam
OpenSCManagerW
RegEnumValueW
AllocateAndInitializeSid
CheckTokenMembership
SetEntriesInAclA
ChangeServiceConfigW
SetSecurityDescriptorGroup
SetNamedSecurityInfoW
DeleteDC
SelectObject
GetObjectW
CreateCompatibleDC
DeleteObject
StretchBlt
GetVolumePathNameW
GetStdHandle
ReleaseMutex
WaitForSingleObject
EncodePointer
ProcessIdToSessionId
GetFileAttributesW
GetLocalTime
GetProcessId
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
InterlockedExchange
GetTempPathW
GetTimeZoneInformation
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
FormatMessageW
ConnectNamedPipe
GetExitCodeProcess
InitializeCriticalSection
OutputDebugStringW
FindClose
TlsGetValue
SetFileAttributesW
SetLastError
GetSystemTime
InterlockedDecrement
CopyFileW
GetUserDefaultLangID
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
VerSetConditionMask
HeapSetInformation
LoadLibraryExA
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
VerifyVersionInfoW
SetFilePointerEx
GetModuleHandleA
GetFullPathNameW
CreateThread
MoveFileExW
GetSystemDirectoryW
GetExitCodeThread
SetNamedPipeHandleState
SetUnhandledExceptionFilter
CreateMutexW
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetModuleHandleExW
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
GetSystemWow64DirectoryW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
RtlUnwind
DosDateTimeToFileTime
GetWindowsDirectoryW
OpenProcess
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GetTempFileNameW
GetComputerNameW
CompareStringW
GetFileSizeEx
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
ResetEvent
FindFirstFileW
DuplicateHandle
WaitForMultipleObjects
CreateFileMappingW
SetEvent
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
SystemTimeToFileTime
LCMapStringW
CreateNamedPipeW
lstrlenA
GlobalFree
GetConsoleCP
GetThreadLocale
GetEnvironmentStringsW
lstrlenW
VirtualFree
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCommandLineW
GetCPInfo
HeapSize
CopyFileExW
InterlockedCompareExchange
GetSystemDefaultLangID
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
SetThreadExecutionState
IsValidCodePage
UnmapViewOfFile
WriteFile
CreateProcessW
Sleep
SystemTimeToTzSpecificLocalTime
VirtualAlloc
CompareStringA
SysFreeString
VariantClear
VariantInit
SysAllocString
UuidCreate
SHGetFolderPathW
ShellExecuteExW
CommandLineToArgvW
GetMonitorInfoW
LoadBitmapW
DefWindowProcW
GetMessageW
PostQuitMessage
SetWindowLongW
MessageBoxW
PeekMessageW
TranslateMessage
PostMessageW
DispatchMessageW
GetCursorPos
RegisterClassW
UnregisterClassW
IsWindow
PostThreadMessageW
MonitorFromPoint
WaitForInputIdle
IsDialogMessageW
LoadCursorW
CreateWindowExW
MsgWaitForMultipleObjects
GetWindowLongW
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
CoInitializeSecurity
CLSIDFromProgID
CoTaskMemFree
StringFromGUID2
Number of PE resources by type
RT_ICON 4
RT_VERSION 1
RT_MANIFEST 1
RT_MESSAGETABLE 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 8
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

InitializedDataSize
177664

ImageVersion
0.0

ProductName
Avira

FileVersionNumber
1.2.128.15911

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit, Removable run from swap, Net run from swap

CharacterSet
Windows, Latin1

LinkerVersion
12.0

FileTypeExtension
exe

OriginalFileName
Avira.OE.Setup.Bundle.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.2.128.15911

TimeStamp
2019:01:29 15:07:28+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
setup

ProductVersion
1.2.128.15911

FileDescription
Avira

OSVersion
5.1

FileOS
Win32

LegalCopyright
Copyright 2015 Avira Operations GmbH & Co. KG and its Licensors

MachineType
Intel 386 or later, and compatibles

CompanyName
Avira Operations GmbH & Co. KG

CodeSize
288768

FileSubtype
0

ProductVersionNumber
1.2.128.15911

EntryPoint
0x37f09

ObjectFileType
Executable application

Execution parents
File identification
MD5 2e4632e419bd2ef9b632e8dacc955df6
SHA1 ca082b93617c726103dabd7c18c8628333942f90
SHA256 3b93e639f51ddd4f38d83db1401e1ddc47bdb0e9cbe7a5192bfacfe720208db1
ssdeep
98304:5Y1/0kUxhgAp4xxedeud6G6Q/KdWw/ZO8Y5J7mHq1T0riV2MX4nN0CBHgxs:ejyhB4HqQ8KdWgZO82yQ204nZWxs

authentihash 987e3cfc6c835ddb6356a49145b13fcb31172e1a9417a71a35ee0dc38b9a109b
imphash d18cde94cdc6e930f022e2819d39a2bd
File size 5.5 MB ( 5807360 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2019-01-30 14:13:04 UTC ( 3 months, 2 weeks ago )
Last submission 2019-04-16 00:29:04 UTC ( 1 month ago )
File names avira-free-antivirus_1-2-128-15911_fr_404708.exe
avira_en_free0___sfp.exe
avira_en_asu80_5c62cc91c0930__ws.exe
avira_en_vpnb0_411649378-1549738993__ws.exe
avira_en_fass0_5b7e603b81843__ws.exe
avira_en_asu80_5b061eca8e25f__ws.exe
avira_de_fass0_579993900db31__adw.exe
avira_ru_avprodl_5b9f7d779b7da__ws.exe
avira_en_av_57d23fe782cbe__adw.exe
avira__fass1___sfc.exe
avira_en_avpn0_57cd8568e2a22__ws.exe
avira_de_av_564cac185a94d__ws.exe
avira_en_asu80_5c62c0a18641b__ws.exe
avira_en_free0___flh.exe
avira_es_pg001_5c63ef38de60c__ws.exe
avira_es_fass0_58fed219b3133__ws.exe
avira_en_fass0_590075341761f__ws.exe
output.117285501.txt
avira_fr_fass0_59d502363bec8__def.exe
avira_en_av_58da408b0dd20__ws.exe
avira_fr_av___sfp.exe
avira_en_asu60_579993900db31__ws.exe
avira_en_fass0_3059113223_0jjacs34rcyta9iyudgp_wd.exe
avira_en_avpp0___sfp.exe
avira_en_fass0___sfc.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Runtime DLLs