× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 41816be8dade1c8edafbc987b27a5549b78ebef82db3af184481f369632a447c
File name: Left 4 Dead 2 Setup.exe
Detection ratio: 30 / 57
Analysis date: 2015-05-18 14:14:52 UTC ( 3 years, 11 months ago )
Antivirus Result Update
Ad-Aware MemScan:Application.Bundler.Outbrowse.AY 20150518
Yandex PUA.Downloader! 20150518
Avast NSIS:OutBrowse-BN [PUP] 20150518
AVG Downloader.DJN 20150518
Avira (no cloud) PUA/Outbrowse.Gen 20150518
AVware OutBrowse 20150518
Baidu-International Adware.Win32.OutBrowse.BU 20150517
BitDefender MemScan:Application.Bundler.Outbrowse.AY 20150518
Cyren W32/OutBrowse.HNWP-7088 20150518
DrWeb Trojan.Siggen6.33552 20150518
ESET-NOD32 a variant of Win32/OutBrowse.BU potentially unwanted 20150518
F-Prot W32/OutBrowse.P 20150517
F-Secure MemScan:Application.Bundler.Outbrowse 20150518
Fortinet Riskware/OutBrowse 20150518
GData MemScan:Application.Bundler.Outbrowse.AY 20150518
Kaspersky not-a-virus:Downloader.NSIS.OutBrowse.bm 20150518
Kingsoft Win32.Troj.Advert.ac.(kcloud) 20150518
Malwarebytes Trojan.Dropper.NS 20150518
McAfee Artemis!6A89CE31E452 20150518
McAfee-GW-Edition BehavesLike.Win32.BadFile.tc 20150517
eScan MemScan:Application.Bundler.Outbrowse.AY 20150518
NANO-Antivirus Trojan.Win32.OutBrowse.dnpjkd 20150518
Panda Generic Suspicious 20150517
Qihoo-360 HEUR/QVM41.1.Malware.Gen 20150518
Sophos AV Generic PUA OO 20150518
Symantec Trojan.Gen.2 20150518
TrendMicro TROJ_GEN.R047C0ODS15 20150518
TrendMicro-HouseCall TROJ_GEN.R047C0ODS15 20150518
VBA32 Downloader.OutBrowse 20150517
VIPRE OutBrowse 20150518
AegisLab 20150518
AhnLab-V3 20150518
Alibaba 20150518
ALYac 20150518
Antiy-AVL 20150518
Bkav 20150518
ByteHero 20150518
CAT-QuickHeal 20150518
ClamAV 20150518
CMC 20150518
Comodo 20150518
Emsisoft 20150518
Ikarus 20150518
Jiangmin 20150516
K7AntiVirus 20150518
K7GW 20150518
Microsoft 20150518
Norman 20150518
nProtect 20150518
Rising 20150518
SUPERAntiSpyware 20150516
Tencent 20150518
TheHacker 20150515
TotalDefense 20150517
ViRobot 20150518
Zillya 20150515
Zoner 20150518
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 2015

Publisher Steam
Product Steam Installer
File version 1.3.5.8
Description Steam Installer
Packers identified
F-PROT NSIS, appended, 7Z
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-09-14 01:13:07
Entry Point 0x00012A92
Number of sections 4
PE sections
Overlays
MD5 d55e7d1df0f3bc38b14c004f1acfefb0
File type data
Offset 371200
Size 723893
Entropy 8.00
PE imports
GetDeviceCaps
GetCurrentObject
DeleteDC
CreateFontIndirectW
SelectObject
StretchBlt
GetObjectW
SetStretchBltMode
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetUserDefaultUILanguage
GetLastError
InitializeCriticalSection
GetStdHandle
GetDriveTypeW
ReadFile
TerminateThread
lstrlenA
RemoveDirectoryW
GlobalFree
WaitForSingleObject
GetVersionExW
GetOEMCP
SystemTimeToFileTime
GetProcAddress
LoadLibraryA
GetCommandLineW
lstrcmpW
GetLocalTime
DeleteCriticalSection
GetStartupInfoA
EnterCriticalSection
SizeofResource
CompareFileTime
GetFileSize
LockResource
SetFileTime
lstrlenW
CreateThread
WriteFile
MultiByteToWideChar
SetEnvironmentVariableW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
SuspendThread
GetModuleFileNameW
SetFilePointer
lstrcpyW
SetFileAttributesW
WideCharToMultiByte
lstrcmpiA
ExpandEnvironmentStringsW
GetSystemDirectoryW
FindNextFileW
GetTempPathW
MulDiv
GetSystemTimeAsFileTime
FindFirstFileW
GetACP
WaitForMultipleObjects
GetModuleHandleW
SetEvent
LocalFree
FormatMessageW
ResumeThread
GetFileAttributesW
CreateEventW
GetExitCodeThread
ResetEvent
lstrcmpiW
SetCurrentDirectoryW
LoadResource
FindResourceW
CreateFileW
GlobalAlloc
VirtualFree
FindClose
Sleep
SetEndOfFile
CloseHandle
FindResourceA
VirtualAlloc
GetEnvironmentVariableW
SetLastError
LeaveCriticalSection
OleLoadPicture
VariantClear
SysAllocString
SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW
SHGetSpecialFolderPathW
SHGetMalloc
SetFocus
GetParent
EndDialog
DrawTextW
DefWindowProcW
KillTimer
GetMessageW
ScreenToClient
ShowWindow
MessageBeep
SetWindowPos
GetClassNameA
wvsprintfW
GetSystemMetrics
SetWindowLongW
IsWindow
GetMenu
GetWindowRect
EnableWindow
CharUpperW
MessageBoxA
LoadIconW
GetWindowDC
GetWindow
GetSysColor
DispatchMessageW
GetDC
CopyImage
ReleaseDC
SendMessageW
GetWindowLongW
DrawIconEx
GetClientRect
CreateWindowExA
GetDlgItem
SystemParametersInfoW
LoadImageW
EnableMenuItem
ClientToScreen
wsprintfA
SetTimer
CallWindowProcW
DialogBoxIndirectParamW
SetWindowTextW
GetWindowTextW
GetSystemMenu
GetWindowTextLengthW
CreateWindowExW
wsprintfW
GetKeyState
DestroyWindow
_purecall
strncmp
malloc
_acmdln
??1type_info@@UAE@XZ
memset
_wcsnicmp
__dllonexit
_cexit
_except_handler3
?terminate@@YAXXZ
_c_exit
??2@YAPAXI@Z
_onexit
exit
_XcptFilter
memcmp
__setusermatherr
__p__commode
__CxxFrameHandler
_CxxThrowException
_exit
_adjust_fdiv
??3@YAXPAX@Z
free
__getmainargs
_controlfp
memmove
memcpy
_beginthreadex
__p__fmode
_initterm
_wtol
__set_app_type
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
Number of PE resources by type
RT_ICON 3
RT_GROUP_ICON 2
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL DEFAULT 5
NEUTRAL 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

CompiledBy
Compiled by SFXMaker

InitializedDataSize
292352

ImageVersion
0.0

ProductName
Steam Installer

FileVersionNumber
1.3.5.8

UninitializedDataSize
0

LanguageCode
Process default

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.3.5.8

TimeStamp
2009:09:14 02:13:07+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.3.5.8

FileDescription
Steam Installer

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright (c) 2015

MachineType
Intel 386 or later, and compatibles

CompanyName
Steam

CodeSize
78336

FileSubtype
0

ProductVersionNumber
1.3.5.8

EntryPoint
0x12a92

ObjectFileType
Unknown

Compressed bundles
File identification
MD5 6a89ce31e45212dc3754bf5a776d0ba5
SHA1 eeb03615310d46cf7fee86059177caacbf521ee3
SHA256 41816be8dade1c8edafbc987b27a5549b78ebef82db3af184481f369632a447c
ssdeep
24576:dL7uqKf1aZgujanl3zZTff76czNrwuZnsPrybRadasRw:dL7Vc1av0D176KrMoRadasRw

authentihash ab113525bdc0393c483e7bd817cf1753f446bf97fb417217d3bfb21d5145ae55
imphash f2d0737820c08643846be74d748cac4c
File size 1.0 MB ( 1095093 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Tags
nsis peexe overlay

VirusTotal metadata
First submission 2015-04-27 14:31:09 UTC ( 3 years, 12 months ago )
Last submission 2015-05-18 14:14:52 UTC ( 3 years, 11 months ago )
File names Left 4 Dead 2 Setup.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications