× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 420a2493b9751b1dc447fbf434021fa7de568e4d02669ac58084dcb6dfbfd2e5
File name: Nu_Setup.exe
Detection ratio: 0 / 60
Analysis date: 2017-06-23 05:58:49 UTC ( 1 year, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware 20170623
AegisLab 20170623
AhnLab-V3 20170622
Alibaba 20170623
ALYac 20170623
Antiy-AVL 20170623
Arcabit 20170623
Avast 20170623
AVG 20170623
Avira (no cloud) 20170623
AVware 20170623
Baidu 20170623
BitDefender 20170623
Bkav 20170623
CAT-QuickHeal 20170622
ClamAV 20170623
CMC 20170619
Comodo 20170623
CrowdStrike Falcon (ML) 20170420
Cyren 20170623
DrWeb 20170623
Emsisoft 20170623
Endgame 20170615
ESET-NOD32 20170623
F-Prot 20170623
F-Secure 20170623
Fortinet 20170623
GData 20170623
Ikarus 20170622
Sophos ML 20170607
Jiangmin 20170623
K7AntiVirus 20170623
K7GW 20170623
Kaspersky 20170622
Kingsoft 20170623
Malwarebytes 20170623
McAfee 20170623
McAfee-GW-Edition 20170623
Microsoft 20170622
eScan 20170623
NANO-Antivirus 20170623
nProtect 20170623
Palo Alto Networks (Known Signatures) 20170623
Panda 20170622
Qihoo-360 20170623
Rising 20170623
SentinelOne (Static ML) 20170516
Sophos AV 20170623
SUPERAntiSpyware 20170623
Symantec 20170623
Symantec Mobile Insight 20170623
Tencent 20170623
TheHacker 20170621
TrendMicro 20170623
Trustlook 20170623
VBA32 20170622
VIPRE 20170623
ViRobot 20170623
Webroot 20170623
WhiteArmor 20170616
Yandex 20170622
Zillya 20170622
ZoneAlarm by Check Point 20170623
Zoner 20170623
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 2:02 AM 4/17/2012
Signers
[+] RealityRipple Software - Open Source Developer
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Certum Level III CA
Valid from 05:49 PM 12/10/2011
Valid to 05:49 PM 12/09/2012
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint C52D78C1E6C35C373F367D7B46282EEE1766E3CF
Serial number 7D A8 DB 15 63 52 51 84 E5 D6 41 B8 6A B6 18 5B
[+] Certum Level III CA
Status Valid
Issuer Certum CA
Valid from 12:53 PM 03/03/2009
Valid to 12:53 PM 03/03/2024
Valid usage All
Algorithm sha1RSA
Thumbprint 827E72353D6910A9DEC7F3D1061676E80356FD53
Serial number 04 7A 53
[+] Certum
Status Valid
Issuer Certum CA
Valid from 10:46 AM 06/11/2002
Valid to 10:46 AM 06/11/2027
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, OCSP Signing
Algorithm sha1RSA
Thumbprint 6252DC40F71143A22FDE9EF7348E064251B18118
Serial number 01 00 20
Counter signers
[+] Certum Time-Stamping Authority
Status Valid
Issuer Certum CA
Valid from 12:58 PM 03/03/2009
Valid to 12:58 PM 03/03/2024
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 0D2CF962FB4D042F2F1401DE66EACBA80DA76112
Serial number 04 7A 55
[+] Certum
Status Valid
Issuer Certum CA
Valid from 10:46 AM 06/11/2002
Valid to 10:46 AM 06/11/2027
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, OCSP Signing
Algorithm sha1RSA
Thumbrint 6252DC40F71143A22FDE9EF7348E064251B18118
Serial number 01 00 20
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-05-13 13:12:30
Entry Point 0x0000B6B7
Number of sections 4
PE sections
Overlays
MD5 46e62dd2415b34478ba05dd0a28648fc
File type data
Offset 90112
Size 94392
Entropy 7.99
PE imports
LookupPrivilegeValueA
RegOpenKeyA
RegCloseKey
OpenProcessToken
AdjustTokenPrivileges
RegQueryValueA
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyA
AddFontResourceA
GetSystemPaletteEntries
CreateFontIndirectA
GetObjectA
DeleteDC
SetBkMode
CreateDIBPatternBrush
IntersectClipRect
BitBlt
RealizePalette
SetTextColor
GetDeviceCaps
CreatePalette
GetStockObject
SelectPalette
ExtTextOutA
CreateCompatibleDC
StretchDIBits
SelectObject
CreateSolidBrush
SetBkColor
DeleteObject
CreateCompatibleBitmap
GetSystemTime
GetLastError
HeapFree
GetStdHandle
CreateDirectoryA
LCMapStringW
SetHandleCount
lstrlenA
GetFileAttributesA
GlobalFree
GetDriveTypeA
LCMapStringA
HeapReAlloc
CopyFileA
GetTickCount
IsBadWritePtr
GetStringTypeW
GetVersionExA
GetEnvironmentStringsW
GlobalUnlock
GetModuleFileNameA
GlobalHandle
RtlUnwind
LoadLibraryA
WinExec
GetACP
HeapAlloc
HeapCompact
GetCurrentProcess
GetEnvironmentStrings
GetCurrentDirectoryA
GetPrivateProfileStringA
WritePrivateProfileStringA
lstrcatA
SetFileTime
DeleteFileA
GetWindowsDirectoryA
UnhandledExceptionFilter
MultiByteToWideChar
GetShortPathNameA
IsBadCodePtr
FreeEnvironmentStringsW
GetCommandLineA
GlobalLock
GetFileType
SetFileAttributesA
GetModuleHandleA
GetTempPathA
RaiseException
FreeEnvironmentStringsA
GetCPInfo
GetStringTypeA
SetFilePointer
ReadFile
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
FindFirstFileA
CloseHandle
GetSystemDirectoryA
GetDiskFreeSpaceA
MoveFileExA
GetProcAddress
SetEnvironmentVariableA
GetFullPathNameA
FreeLibrary
MoveFileA
TerminateProcess
CreateProcessA
GetExitCodeProcess
WideCharToMultiByte
GetEnvironmentVariableA
HeapCreate
GlobalAlloc
VirtualFree
FindClose
HeapDestroy
FormatMessageA
CreateFileA
ExitProcess
GetVersion
IsBadReadPtr
VirtualAlloc
SetCurrentDirectoryA
GetOEMCP
DragFinish
DragAcceptFiles
SHGetSpecialFolderLocation
DragQueryFileA
SHGetPathFromIDListA
ShellExecuteA
SetFocus
GetMessageA
GetParent
DrawTextA
EndDialog
BeginPaint
CreateDialogIndirectParamA
CheckRadioButton
KillTimer
RegisterWindowMessageA
DefWindowProcA
ShowWindow
GetClipboardData
FindWindowA
SendDlgItemMessageA
GetSystemMetrics
OemToCharA
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
PostMessageA
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
AdjustWindowRectEx
TranslateMessage
PostQuitMessage
GetWindow
UpdateWindow
GetSysColor
CheckDlgButton
GetDC
ReleaseDC
SetWindowTextA
GetWindowLongA
GetQueueStatus
GetLastActivePopup
SendMessageA
GetClientRect
CreateWindowExA
GetDlgItem
BringWindowToTop
SetWindowPos
IsIconic
RegisterClassA
ScreenToClient
wsprintfA
IsClipboardFormatAvailable
SetTimer
LoadCursorA
LoadIconA
FillRect
IsDlgButtonChecked
RedrawWindow
DialogBoxIndirectParamA
EndPaint
CloseClipboard
DestroyWindow
ExitWindowsEx
IsDialogMessageA
OpenClipboard
GetFileVersionInfoSizeA
VerFindFileA
GetFileVersionInfoA
VerQueryValueA
GetOpenFileNameA
GetSaveFileNameA
OleUninitialize
CoCreateInstance
OleInitialize
Number of PE resources by type
RT_ICON 2
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2002:05:13 14:12:30+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
61440

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
28672

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0xb6b7

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 d5cb9d8ea6d848b0b3857acb36e59c86
SHA1 eb9b2db3f280b92c5aeaaca742eb5e21d5f211b5
SHA256 420a2493b9751b1dc447fbf434021fa7de568e4d02669ac58084dcb6dfbfd2e5
ssdeep
3072:kEIIfSEY6aMkWjx7HGqNuNT75JM9cO1d5lGoRzpCP0aQ8mx35fzzQT9tl:tIIfSKjvMtT74/1AoRzgP0lhzQh

authentihash 073f6bc5fe5bb0a3fb45f23be72ff2715e8ca19d4b4b33b677000fefcbc03a77
imphash cac57a9819ebb12d201ad2829c42287a
File size 180.2 KB ( 184504 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (29.5%)
Win64 Executable (generic) (26.1%)
Microsoft Visual C++ compiled executable (generic) (15.6%)
Windows screen saver (12.4%)
Win32 Dynamic Link Library (generic) (6.2%)
Tags
peexe armadillo signed overlay

VirusTotal metadata
First submission 2012-12-11 19:30:51 UTC ( 6 years, 5 months ago )
Last submission 2017-06-23 05:58:49 UTC ( 1 year, 11 months ago )
File names 1006835
Nu_Setup.exe
Nu_Setup.exe
Nu_Setup.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Searched windows
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.