× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3f60215e70dbb656e009781c962ee1a98715e06baa319a6e1937baa2b543d587
File name: paint-shop-pro-68-jetelecharge.exe
Detection ratio: 0 / 68
Analysis date: 2017-12-22 03:04:29 UTC ( 6 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware 20171222
AegisLab 20171222
AhnLab-V3 20171221
Alibaba 20171221
ALYac 20171222
Antiy-AVL 20171222
Arcabit 20171222
Avast 20171222
Avast-Mobile 20171221
AVG 20171222
Avira (no cloud) 20171221
AVware 20171222
Baidu 20171221
BitDefender 20171222
Bkav 20171221
CAT-QuickHeal 20171221
ClamAV 20171221
CMC 20171221
Comodo 20171222
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20171222
Cyren 20171222
DrWeb 20171222
eGambit 20171222
Emsisoft 20171222
Endgame 20171130
ESET-NOD32 20171222
F-Prot 20171222
F-Secure 20171222
Fortinet 20171222
GData 20171222
Ikarus 20171221
Sophos ML 20170914
Jiangmin 20171221
K7AntiVirus 20171221
K7GW 20171221
Kaspersky 20171222
Kingsoft 20171222
Malwarebytes 20171221
MAX 20171222
McAfee 20171222
McAfee-GW-Edition 20171222
Microsoft 20171222
eScan 20171222
NANO-Antivirus 20171222
nProtect 20171222
Palo Alto Networks (Known Signatures) 20171222
Panda 20171221
Qihoo-360 20171222
Rising 20171222
SentinelOne (Static ML) 20171207
Sophos AV 20171222
SUPERAntiSpyware 20171222
Symantec 20171221
Symantec Mobile Insight 20171222
Tencent 20171222
TheHacker 20171219
TotalDefense 20171221
TrendMicro 20171222
TrendMicro-HouseCall 20171222
Trustlook 20171222
VBA32 20171219
VIPRE 20171222
ViRobot 20171221
Webroot 20171222
WhiteArmor 20171204
Yandex 20171221
Zillya 20171221
ZoneAlarm by Check Point 20171222
Zoner 20171222
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2015 Corel Corporation. All rights reserved.

Product PaintShop Pro
Internal name PSPInstaller.exe
File version 1.0.315.1
Description PaintShop Pro Installer
Signature verification Signed file, verified signature
Signing date 5:59 AM 4/20/2016
Signers
[+] Corel Corporation
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Symantec Class 3 SHA256 Code Signing CA
Valid from 1:00 AM 10/22/2015
Valid to 12:59 AM 4/28/2016
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 69C1AC1F403F791B036DD8B41EA2A286A1BF9275
Serial number 6C 79 23 C6 B0 30 24 4F FD 0C 15 C4 DD 3C F2 10
[+] Symantec Class 3 SHA256 Code Signing CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 12/10/2013
Valid to 12:59 AM 12/10/2023
Valid usage Client Auth, Code Signing
Algorithm sha256RSA
Thumbprint 007790F6561DAD89B0BCD85585762495E358F8A5
Serial number 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT UTF-8, ZIP
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-04-19 14:12:20
Entry Point 0x0003710C
Number of sections 5
PE sections
Overlays
MD5 a3bdd6b8f6e6a9994ebc5c2c28794805
File type application/zip
Offset 499712
Size 1446192
Entropy 8.00
PE imports
GetTokenInformation
GetSidSubAuthority
RegCloseKey
OpenProcessToken
FreeSid
AllocateAndInitializeSid
CheckTokenMembership
RegOpenKeyExW
RegQueryValueExW
GetStdHandle
GetDriveTypeW
FileTimeToSystemTime
WaitForSingleObject
EncodePointer
GetFileAttributesW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
EnumSystemLocalesW
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
LocalFree
InitializeCriticalSection
LoadResource
FindClose
TlsGetValue
GetFullPathNameW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
DeviceIoControl
InterlockedDecrement
CopyFileW
OutputDebugStringW
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
LoadLibraryExA
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SystemTimeToTzSpecificLocalTime
SetFilePointerEx
CreateThread
MoveFileExW
GetSystemDirectoryW
GetExitCodeThread
SetUnhandledExceptionFilter
CreateMutexW
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
TerminateProcess
GetModuleHandleExW
GetDiskFreeSpaceExW
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
PeekNamedPipe
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
RtlUnwind
GetFileSize
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GetTimeFormatW
GetFileSizeEx
RemoveDirectoryW
GetFileInformationByHandle
FindNextFileW
FindFirstFileW
IsValidLocale
FindFirstFileExW
GetUserDefaultLCID
ReadConsoleW
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
InterlockedIncrement
GetNativeSystemInfo
GetLastError
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
CompareStringW
GetEnvironmentStringsW
GetUserGeoID
FileTimeToLocalFileTime
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
ReadFile
CloseHandle
GetACP
GetModuleHandleW
FreeResource
FindResourceExW
GetLongPathNameW
IsValidCodePage
GetTempPathW
CreateProcessW
Sleep
GetOEMCP
Number of PE resources by type
RT_STRING 13
RT_ICON 4
RT_MANIFEST 1
RT_VERSION 1
PNG 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 9
GERMAN 1
CHINESE TRADITIONAL 1
DUTCH 1
FRENCH 1
CHINESE SIMPLIFIED 1
PORTUGUESE BRAZILIAN 1
JAPANESE DEFAULT 1
SPANISH MODERN 1
CZECH DEFAULT 1
RUSSIAN 1
KOREAN 1
ITALIAN 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

InitializedDataSize
155648

ImageVersion
0.0

ProductName
PaintShop Pro

FileVersionNumber
1.0.315.1

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
12.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.315.1

TimeStamp
2016:04:19 15:12:20+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
PSPInstaller.exe

ProductVersion
1.0.315.1

FileDescription
PaintShop Pro Installer

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) 2015 Corel Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Corel Corporation

CodeSize
352256

FileSubtype
0

ProductVersionNumber
1.0.315.1

EntryPoint
0x3710c

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 41c844ea1930dae4159a9c58f63a03b1
SHA1 30d2c8c7085745de67c3f020e8809455670c1633
SHA256 3f60215e70dbb656e009781c962ee1a98715e06baa319a6e1937baa2b543d587
ssdeep
49152:RX+FR53WPNl5qi2zRc8CHhwdolOWhi8wXXnOOEllj:d+FR53WOROYDWh3wnnAj

authentihash 3f8fa66aaba8e1a103cfc34198ed1ea72e4527af2152258eee621050ba97f26b
imphash 500b6d9b4e3bcbf39e11e8a7f331b4f2
File size 1.9 MB ( 1945904 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2016-04-22 06:06:39 UTC ( 2 years, 2 months ago )
Last submission 2018-05-18 00:26:14 UTC ( 2 months ago )
File names pspx8.0 (2).exe
839703
paint-shop-pro-68-jetelecharge.exe
3F60215E70DBB656E009781C962EE1A98715E06BAA319A6E1937BAA2B543D587
paint-shop-pro-68-jetelecharge.exe
PSPInstaller.exe
pspx8.0.exe
paint-shop-pro-68-jetelecharge.exe
3F60215E70DBB656E009781C962EE1A98715E06BAA319A6E1937BAA2B543D587.exe
3F60215E70DBB656E009781C962EE1A98715E06BAA319A6E1937BAA2B543D587.exe
pspx8.0.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications