× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3d275b6e35ecb1457be64ea1df90493ec769c01ed5b2978bd126b54fc24d5d58
File name: download-audiograbber.exe
Detection ratio: 35 / 56
Analysis date: 2017-02-01 22:54:29 UTC ( 2 years, 3 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Application.Bundler.DownloadGuide.24 20170201
AhnLab-V3 Win-PUP/DownloadGuide.Gen 20170201
Antiy-AVL GrayWare[AdWare]/Win32.DownloadGuide.dd 20170201
Arcabit Trojan.Application.Bundler.DownloadGuide.24 20170201
Avast Win32:DownloadGuide-AD [PUP] 20170201
AVG Generic.9E1 20170201
AVware DownloadSponsor (fs) 20170201
BitDefender Gen:Variant.Application.Bundler.DownloadGuide.24 20170201
CAT-QuickHeal PUA.Freemiumgm2.Gen 20170201
Comodo Application.Win32.DownloadGuide.AKB 20170201
Cyren W32/S-58b25de1!Eldorado 20170201
DrWeb Adware.ClickMeIn.8483 20170201
Emsisoft Application.Downloader (A) 20170201
ESET-NOD32 a variant of Win32/DownloadGuide.D potentially unwanted 20170201
F-Prot W32/S-58b25de1!Eldorado 20170201
F-Secure Gen:Variant.Application.Bundler 20170201
Fortinet Riskware/DownloaderGuide 20170201
GData Gen:Variant.Application.Bundler.DownloadGuide.24 20170201
Ikarus PUA.DownloadGuide 20170201
Sophos ML trojandropper.win32.sventore.a 20170111
Jiangmin Downloader.DownloaderGuide.ahp 20170201
K7AntiVirus Unwanted-Program ( 004c20af1 ) 20170201
K7GW Unwanted-Program ( 004c20af1 ) 20170201
Kaspersky not-a-virus:Downloader.Win32.DownloaderGuide.pwj 20170201
Malwarebytes PUP.Optional.Freemium 20170201
McAfee-GW-Edition BehavesLike.Win32.Downloader.hh 20170201
eScan Gen:Variant.Application.Bundler.DownloadGuide.24 20170201
NANO-Antivirus Trojan.Win32.Covus.ekunof 20170201
Qihoo-360 HEUR/QVM10.1.0000.Malware.Gen 20170201
Rising Malware.Generic!3yqg74QKa5P@5 (thunder) 20170201
SUPERAntiSpyware PUP.Downloader/Variant 20170201
Symantec PUA.Downloader 20170201
VIPRE DownloadSponsor (fs) 20170201
Yandex PUA.Downloader! 20170201
Zillya Adware.ClickMeInCRTD.Win32.2320 20170201
AegisLab 20170201
Alibaba 20170122
ALYac 20170201
Avira (no cloud) 20170201
Baidu 20170125
Bkav 20170123
ClamAV 20170201
CMC 20170201
CrowdStrike Falcon (ML) 20170130
Kingsoft 20170201
McAfee 20170201
Microsoft 20170201
nProtect 20170201
Panda 20170201
Sophos AV 20170201
Tencent 20170201
TheHacker 20170129
TrendMicro 20170201
TrendMicro-HouseCall 20170201
Trustlook 20170201
VBA32 20170201
ViRobot 20170201
WhiteArmor 20170123
Zoner 20170201
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signers
[+] Freemium GmbH
Status Valid
Issuer COMODO RSA Code Signing CA
Valid from 1:00 AM 7/6/2016
Valid to 12:59 AM 4/13/2017
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 897B8D099883DDA373F084EC300B115530F3F38B
Serial number 00 BC ED CE 12 9E 9A A2 36 BB F4 BC 05 9A 58 BA 55
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 5/9/2013
Valid to 12:59 AM 5/9/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE?
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 1/19/2010
Valid to 12:59 AM 1/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-01-19 05:02:15
Entry Point 0x00013C3C
Number of sections 5
PE sections
Overlays
MD5 ca70611a4a99b4a6fa4d371144989fda
File type data
Offset 531456
Size 6648
Entropy 7.58
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegQueryValueExW
GetSaveFileNameW
GetDeviceCaps
DeleteDC
SelectObject
GetStockObject
CreateSolidBrush
GetObjectW
CreateCompatibleDC
DeleteObject
GetStdHandle
InterlockedPopEntrySList
DebugBreak
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
InterlockedPushEntrySList
OutputDebugStringW
FindClose
InterlockedDecrement
GetFullPathNameW
EncodePointer
SetLastError
TlsGetValue
LoadResource
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
lstrcmpiW
HeapSetInformation
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
FlushInstructionCache
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GlobalAlloc
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoW
DeleteFileW
GlobalLock
GetProcessHeap
GetTempFileNameW
GetFileInformationByHandle
FindNextFileW
FindFirstFileW
lstrcmpW
GetProcAddress
CreateEventW
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
lstrlenA
GetConsoleCP
GetEnvironmentStringsW
GlobalUnlock
VirtualQuery
lstrlenW
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
InterlockedCompareExchange
ExpandEnvironmentStringsW
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetFileAttributesExW
IsValidCodePage
HeapCreate
FindResourceW
VirtualFree
Sleep
VirtualAlloc
VarUI4FromStr
OleCreateFontIndirect
LoadRegTypeLib
SysStringLen
SysStringByteLen
VarBstrCat
VariantClear
SysAllocString
DispCallFunc
VariantCopy
LoadTypeLib
SysFreeString
VariantChangeType
SysAllocStringByteLen
VariantInit
Shell_NotifyIconW
SHGetFolderPathW
PathFileExistsW
SetFocus
RegisterWindowMessageW
GetMonitorInfoW
GetClassInfoExW
RedrawWindow
BeginPaint
DefWindowProcW
KillTimer
GetMessageW
ShowWindow
MapWindowPoints
GetParent
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
EndPaint
UpdateWindow
MoveWindow
SetWindowPos
TranslateMessage
GetWindowTextLengthW
PostMessageW
GetSysColor
DispatchMessageW
GetDC
ReleaseDC
UpdateLayeredWindow
SendMessageW
UnregisterClassA
GetWindowLongW
IsWindowVisible
SetWindowTextW
GetDlgItem
GetWindow
CallWindowProcW
MonitorFromWindow
ClientToScreen
InvalidateRect
SetTimer
GetClientRect
GetClassNameW
FillRect
CreateAcceleratorTableW
GetWindowTextW
GetDesktopWindow
LoadCursorW
GetFocus
CreateWindowExW
RegisterClassExW
CharNextW
IsChild
DestroyWindow
CreateStreamOnHGlobal
OleLockRunning
CoCreateInstance
OleInitialize
CoTaskMemRealloc
CoMarshalInterThreadInterfaceInStream
OleUninitialize
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
Number of PE resources by type
RT_ICON 3
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 6
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileVersionNumber
3.1.0.201

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
196608

EntryPoint
0x13c3c

MIMEType
application/octet-stream

FileVersion
3.1.0.201

TimeStamp
2017:01:19 06:02:15+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
344064

FileSubtype
0

ProductVersionNumber
3.1.0.201

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 9923f583036bb3cd5f7bcdd72099caea
SHA1 410586b5c173382a25bbbd28913e7d68bea3688e
SHA256 3d275b6e35ecb1457be64ea1df90493ec769c01ed5b2978bd126b54fc24d5d58
ssdeep
6144:xpyDjMLE6JNxe/2+sAMRZmIHAcnwZJNoE6aCJwSZtFehEfkdhNB92q78VQYY1hHq:xM4vuOXAn6RwZJN36bFZaR3Vm

authentihash ca722090c4f0768651a38fb681ce0a2b60182875d81fa120aa507cf517762500
imphash e42723d7f5adf078546982691f967a4e
File size 525.5 KB ( 538104 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2017-02-01 22:54:29 UTC ( 2 years, 3 months ago )
Last submission 2017-02-01 22:54:29 UTC ( 2 years, 3 months ago )
File names download-audiograbber.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!