× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3d749198055d549a21f0df31fcf74e285f95b8c5c3338fa035013acec0c8ded4
File name: OUTDATEfighter Setup
Detection ratio: 2 / 57
Analysis date: 2016-03-31 05:17:18 UTC ( 1 month ago )
Antivirus Result Update
Bkav W32.HfsAdware.C04F 20160330
DrWeb Program.Unwanted.890 20160331
ALYac 20160331
AVG 20160330
AVware 20160331
Ad-Aware 20160330
AegisLab 20160331
AhnLab-V3 20160330
Alibaba 20160323
Antiy-AVL 20160330
Arcabit 20160330
Avast 20160331
Avira (no cloud) 20160331
Baidu 20160330
Baidu-International 20160330
BitDefender 20160330
CAT-QuickHeal 20160330
CMC 20160322
ClamAV 20160331
Comodo 20160331
Cyren 20160331
ESET-NOD32 20160331
Emsisoft 20160331
F-Prot 20160331
F-Secure 20160330
Fortinet 20160330
GData 20160331
Ikarus 20160330
Jiangmin 20160331
K7AntiVirus 20160330
K7GW 20160331
Kaspersky 20160331
Kingsoft 20160331
Malwarebytes 20160331
McAfee 20160331
McAfee-GW-Edition 20160331
eScan 20160331
Microsoft 20160330
NANO-Antivirus 20160331
Panda 20160330
Qihoo-360 20160331
Rising 20160331
SUPERAntiSpyware 20160331
Sophos 20160331
Symantec 20160331
Tencent 20160331
TheHacker 20160330
TotalDefense 20160330
TrendMicro 20160331
TrendMicro-HouseCall 20160331
VBA32 20160331
VIPRE 20160331
ViRobot 20160330
Yandex 20160316
Zillya 20160331
Zoner 20160331
nProtect 20160330
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2012 SPAMfighter ApS

Product OUTDATEfighter
Original name OUTDATEfighterSetup.exe
Internal name OUTDATEfighter Setup
File version 1.1.66
Description OUTDATEfighter Installation Package
Signature verification Signed file, verified signature
Signing date 9:29 AM 5/7/2013
Signers
[+] SPAMfighter ApS
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Code Signing CA - G2
Valid from 1:00 AM 2/20/2012
Valid to 12:59 AM 4/25/2014
Valid usage Code Signing, 1.3.6.1.4.1.311.2.1.22
Algorithm sha1RSA
Thumbprint B16A2CE14247143F0BE4A3B84B5C3433D97C1D0E
Serial number 22 E8 EA 04 D6 33 40 B0 9C E3 39 F6 F4 E5 78 8B
[+] Thawte Code Signing CA - G2
Status Valid
Issuer thawte Primary Root CA
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 808D62642B7D1C4A9A83FD667F7A2A9D243FB1C7
Serial number 47 97 4D 78 73 A5 BC AB 0D 2F B3 70 19 2F CE 5E
[+] thawte
Status Valid
Issuer thawte Primary Root CA
Valid from 1:00 AM 11/17/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 91C6D6EE3E8AC86384E548C299295C756C817B81
Serial number 34 4E D5 57 20 D5 ED EC 49 F4 2F CE 37 DB 2B 6D
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-05-07 08:26:39
Entry Point 0x000246E3
Number of sections 5
PE sections
Overlays
MD5 c90ed2e1d6ee310f77a46963ad5dcfde
File type data
Offset 498176
Size 1524824
Entropy 7.07
PE imports
SetSecurityDescriptorDacl
RegCloseKey
RegSetValueExW
RegOpenKeyExW
InitializeSecurityDescriptor
RegQueryValueExW
GetStdHandle
GetConsoleOutputCP
ReleaseMutex
WaitForSingleObject
GetFileAttributesW
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetTempPathA
WideCharToMultiByte
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
GetOEMCP
LocalFree
GetExitCodeProcess
InitializeCriticalSection
FindClose
TlsGetValue
FormatMessageA
SetLastError
GetModuleFileNameW
CopyFileA
ExitProcess
GetVersionExA
RemoveDirectoryA
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
CreateMutexA
GetModuleHandleA
SetUnhandledExceptionFilter
MoveFileExA
TerminateProcess
WriteConsoleA
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
SetCurrentDirectoryA
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
CreateDirectoryA
DeleteFileA
CreateDirectoryW
GetUserDefaultLCID
GetProcessHeap
ExpandEnvironmentStringsW
FindFirstFileA
FindNextFileA
IsValidLocale
GetProcAddress
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
LCMapStringW
lstrlenA
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GetModuleFileNameA
GetEnvironmentStrings
GetCurrentProcessId
GetCPInfo
HeapSize
GetCommandLineA
InterlockedCompareExchange
OpenMutexA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
SHGetFolderPathW
ShellExecuteExA
LoadStringW
MessageBoxA
PE exports
Number of PE resources by type
RT_ICON 11
RT_MANIFEST 1
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 13
ENGLISH US 2
Debug information
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.1.66.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
212992

EntryPoint
0x246e3

OriginalFileName
OUTDATEfighterSetup.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2012 SPAMfighter ApS

FileVersion
1.1.66

TimeStamp
2013:05:07 09:26:39+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
OUTDATEfighter Setup

ProductVersion
1.1.66

FileDescription
OUTDATEfighter Installation Package

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
SPAMfighter ApS

CodeSize
284160

ProductName
OUTDATEfighter

ProductVersionNumber
1.1.66.0

FileTypeExtension
exe

ObjectFileType
Unknown

Compressed bundles
File identification
MD5 3b583b16208095877ab30ee8e8f447e3
SHA1 2f9211381a349d0f20d8b7b7ae8e34531e703081
SHA256 3d749198055d549a21f0df31fcf74e285f95b8c5c3338fa035013acec0c8ded4
ssdeep
24576:1XGxSlEv+ER9JqL4pcDraFv49SGGMfvTq5p5Z12Fu4i+TOxRvYTv+wNQopjYoTye:blEvPDJruDpxFfWb52OUTv+wNfYo2e

authentihash 779b2233320cd81c6f52d685ff03573cf364854dbb5f2a1dbc2c8ae43e3af317
imphash 89f92d9ed5ef72bd8b5cc199fb8c881b
File size 1.9 MB ( 2023000 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (50.1%)
Win64 Executable (generic) (32.2%)
Win32 Dynamic Link Library (generic) (7.6%)
Win32 Executable (generic) (5.2%)
Generic Win/DOS Executable (2.3%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2013-05-07 17:00:24 UTC ( 2 years, 12 months ago )
Last submission 2015-03-12 06:41:02 UTC ( 1 year, 1 month ago )
File names OUTDATEfighter Setup
OUTDATEfighter_Web.exe
OUTDATEfighterSetup.exe
file-5537718_exe
outdatefighter-1-1-66-en-de-cn-nl-win.exe
OUTDATEfighter_Web.exe
Download.asp
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Created processes
Shell commands
Created mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications