× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 430efbb7ea3988c16a2b64725e3f2b8be199c9f34cbf9aaec24d45033484c76b
File name: solutoinstaller-s29wg74fa30z_s43412686.exe
Detection ratio: 0 / 71
Analysis date: 2018-12-28 12:19:51 UTC ( 4 months, 3 weeks ago )
Antivirus Result Update
Acronis 20181227
Ad-Aware 20181228
AegisLab 20181228
AhnLab-V3 20181228
Alibaba 20180921
ALYac 20181228
Antiy-AVL 20181228
Arcabit 20181228
Avast 20181228
Avast-Mobile 20181228
AVG 20181228
Avira (no cloud) 20181228
Babable 20180918
Baidu 20181207
BitDefender 20181228
Bkav 20181227
CAT-QuickHeal 20181227
ClamAV 20181228
CMC 20181228
Comodo 20181228
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181228
Cyren 20181228
DrWeb 20181228
eGambit 20181228
Emsisoft 20181228
Endgame 20181108
ESET-NOD32 20181228
F-Prot 20181228
F-Secure 20181228
Fortinet 20181228
GData 20181228
Ikarus 20181228
Sophos ML 20181128
Jiangmin 20181228
K7AntiVirus 20181228
K7GW 20181228
Kaspersky 20181228
Kingsoft 20181228
Malwarebytes 20181228
MAX 20181228
McAfee 20181228
McAfee-GW-Edition 20181228
Microsoft 20181228
eScan 20181228
NANO-Antivirus 20181228
Palo Alto Networks (Known Signatures) 20181228
Panda 20181227
Qihoo-360 20181228
Rising 20181228
SentinelOne (Static ML) 20181223
Sophos AV 20181228
SUPERAntiSpyware 20181226
Symantec 20181227
Symantec Mobile Insight 20181225
TACHYON 20181228
Tencent 20181228
TheHacker 20181225
TotalDefense 20181228
Trapmine 20181205
TrendMicro 20181228
TrendMicro-HouseCall 20181228
Trustlook 20181228
VBA32 20181228
VIPRE 20181228
ViRobot 20181228
Webroot 20181228
Yandex 20181227
Zillya 20181228
ZoneAlarm by Check Point 20181228
Zoner 20181228
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
(c) Soluto Inc. All rights reserved.

Product Soluto
Original name RelationshipEstablisher.exe
Internal name RelationshipEstablisher.exe
File version 1.3.1498.0
Description Soluto Installer
Signature verification Signed file, verified signature
Signing date 4:17 PM 1/6/2014
Signers
[+] Soluto
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer GlobalSign CodeSigning CA - G2
Valid from 11:33 AM 1/16/2013
Valid to 11:33 AM 4/16/2016
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 7F126C7413C9BB6967C551B921D53BE6F00A028B
Serial number 11 21 35 B7 01 15 E2 57 5F 94 88 41 50 97 5B 04 C3 64
[+] GlobalSign CodeSigning CA - G2
Status Valid
Issuer GlobalSign Root CA
Valid from 11:00 AM 4/13/2011
Valid to 11:00 AM 4/13/2019
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 9000401777DD2B43393D7B594D2FF4CBA4516B38
Serial number 04 00 00 00 00 01 2F 4E E1 35 5C
[+] GlobalSign Root CA - R1
Status Valid
Issuer GlobalSign Root CA
Valid from 1:00 PM 9/1/1998
Valid to 1:00 PM 1/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbprint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-01-01 14:52:47
Entry Point 0x0006F6AE
Number of sections 5
PE sections
Overlays
MD5 c4af43bfddc3d223e7607d246a7c6d94
File type data
Offset 1508352
Size 5696
Entropy 7.40
PE imports
RegCreateKeyExW
SetSecurityDescriptorOwner
RegCloseKey
OpenServiceW
AdjustTokenPrivileges
ControlService
LookupPrivilegeValueW
RegDeleteValueW
RegDeleteKeyW
DeleteService
InitializeSecurityDescriptor
RegQueryValueExW
SetSecurityDescriptorDacl
CloseServiceHandle
CreateWellKnownSid
OpenProcessToken
RegEnumKeyW
RegQueryInfoKeyW
RegQueryValueW
GetTokenInformation
ImpersonateSelf
RegOpenKeyExW
SetEntriesInAclW
RegEnumKeyExW
OpenThreadToken
CreateProcessAsUserW
RegEnumValueW
StartServiceW
RegSetValueExW
FreeSid
CredFree
CredEnumerateW
OpenSCManagerW
AllocateAndInitializeSid
CheckTokenMembership
QueryServiceStatusEx
SetSecurityDescriptorGroup
InitCommonControlsEx
GetFileTitleW
CryptUnprotectData
CryptQueryObject
CryptProtectData
CertFindCertificateInStore
CryptMsgGetParam
CertGetNameStringW
CryptDecodeObject
GetTextCharsetInfo
GetWindowExtEx
SetMapMode
TextOutW
CreateFontIndirectW
SetBkMode
CreatePen
GetRgnBox
SaveDC
GetTextMetricsA
CreateRectRgnIndirect
GetClipBox
GetTextMetricsW
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
GetMapMode
EnumFontFamiliesW
CreateFontW
DeleteObject
GetObjectW
BitBlt
CreateDIBSection
SetTextColor
GetTextExtentPointW
CreatePatternBrush
RectVisible
ExtTextOutW
CreateBitmap
Escape
GetStockObject
CreateDIBitmap
SetViewportOrgEx
ScaleWindowExtEx
SetBkColor
PtVisible
ExtSelectClipRgn
CreateCompatibleDC
StretchBlt
ScaleViewportExtEx
SelectObject
SetDIBColorTable
SetWindowExtEx
GetTextColor
CreateSolidBrush
SetViewportExtEx
GetTextExtentPointA
GetViewportExtEx
GetBkColor
GetNetworkParams
GetStdHandle
ReleaseMutex
FileTimeToSystemTime
GetOverlappedResult
DeactivateActCtx
SetEvent
EncodePointer
GlobalMemoryStatusEx
GetFileAttributesW
DuplicateHandle
VerifyVersionInfoW
GetProcessId
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
GetVolumeInformationW
LoadLibraryExW
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetFileTime
WideCharToMultiByte
GetProcAddress
InterlockedExchange
GetTempPathW
WaitForSingleObject
GetSystemTimeAsFileTime
ReleaseActCtx
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
LocalFree
FormatMessageW
ConnectNamedPipe
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
GetPrivateProfileSectionNamesW
GetCurrentThread
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
GlobalFindAtomW
RemoveDirectoryW
IsDebuggerPresent
HeapAlloc
VerSetConditionMask
HeapSetInformation
EnumSystemLocalesA
CreateActCtxW
ActivateActCtx
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetSystemPowerStatus
GetPrivateProfileStringW
CreateEventW
GetFullPathNameW
GlobalAddAtomW
CreateThread
GetSystemDirectoryW
GetSystemDefaultUILanguage
DisconnectNamedPipe
SetUnhandledExceptionFilter
ConvertDefaultLocale
CreateMutexW
MulDiv
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
TerminateProcess
VirtualQuery
GetDiskFreeSpaceExW
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
RtlUnwind
FreeLibrary
CopyFileW
UnlockFile
GetWindowsDirectoryW
GetFileSize
GlobalDeleteAtom
OpenProcess
SetErrorMode
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetPrivateProfileIntW
GetSystemInfo
GetProcessHeap
GetTempFileNameW
CompareStringW
lstrcpyW
GetFileSizeEx
GlobalReAlloc
GetModuleFileNameW
lstrcmpA
FindNextFileW
ResetEvent
FindFirstFileW
IsValidLocale
lstrcmpW
FindFirstFileExW
GlobalLock
GlobalAlloc
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LocalReAlloc
LCMapStringW
CreateNamedPipeW
lstrlenA
GlobalFree
GetConsoleCP
FindResourceW
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
LockFile
lstrlenW
FileTimeToLocalFileTime
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
HeapQueryInformation
GetCPInfo
HeapSize
InterlockedCompareExchange
CancelIo
WritePrivateProfileStringW
RaiseException
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
OpenMutexW
GetACP
GetModuleHandleW
FreeResource
GetFileAttributesExW
IsValidCodePage
HeapCreate
WriteFile
CreateProcessW
WaitForMultipleObjects
Sleep
VirtualAlloc
CreateStdAccessibleObject
LresultFromObject
VariantChangeType
VariantTimeToSystemTime
SysStringLen
SystemTimeToVariantTime
SysAllocStringLen
OleCreateFontIndirect
VariantClear
SysAllocString
SafeArrayDestroy
VariantCopy
SysFreeString
VariantInit
EnumProcesses
EnumProcessModules
GetModuleBaseNameW
Shell_NotifyIconW
SHGetSpecialFolderPathW
ShellExecuteW
PathIsUNCW
PathStripToRootW
StrCpyW
PathFindExtensionW
PathFindFileNameW
RedrawWindow
GetForegroundWindow
SetMenuItemBitmaps
LoadBitmapW
SetRectEmpty
DestroyMenu
PostQuitMessage
GetMessagePos
SetWindowPos
IsWindow
GrayStringW
ClientToScreen
WindowFromPoint
GetMessageTime
SetActiveWindow
GetDC
GetCursorPos
ReleaseDC
GetDlgCtrlID
GetMenu
UnregisterClassW
GetClassInfoW
DrawTextW
GetNextDlgTabItem
CallNextHookEx
GetClientRect
GetTopWindow
GetWindowTextW
CopyAcceleratorTableW
GetActiveWindow
InvalidateRgn
PtInRect
GetClassInfoExW
UpdateWindow
GetPropW
EqualRect
GetMessageW
ShowWindow
GetNextDlgGroupItem
SetPropW
GetMenuState
PeekMessageW
EnableWindow
CharUpperW
GetSystemMenu
TranslateMessage
IsWindowEnabled
GetWindow
RegisterClassW
LoadStringW
EnableMenuItem
GetSubMenu
SetTimer
IsDialogMessageW
SetWindowContextHelpId
GetSysColorBrush
RealChildWindowFromPoint
CreateWindowExW
TabbedTextOutW
GetWindowLongW
DestroyWindow
IsChild
SetFocus
RegisterWindowMessageW
GetMonitorInfoW
DrawAnimatedRects
BeginPaint
OffsetRect
DefWindowProcW
KillTimer
TrackMouseEvent
MapWindowPoints
GetParent
SendDlgItemMessageA
GetSystemMetrics
SetWindowLongW
GetWindowRect
SetCapture
ReleaseCapture
DrawTextExW
SendDlgItemMessageW
PostMessageW
CheckMenuItem
GetClassLongW
GetLastActivePopup
SetWindowTextW
GetDlgItem
GetMenuCheckMarkDimensions
ScreenToClient
TrackPopupMenu
PostThreadMessageW
GetMenuItemCount
ValidateRect
SetWindowsHookExW
LoadCursorW
EnumDisplaySettingsW
GetMenuItemID
SetForegroundWindow
EndPaint
CreateDialogIndirectParamW
MapDialogRect
IntersectRect
EndDialog
CopyRect
GetCapture
MessageBeep
LoadMenuW
GetWindowThreadProcessId
MessageBoxW
SendMessageW
UnhookWindowsHookEx
LoadIconW
MoveWindow
GetWindowDC
AdjustWindowRectEx
GetSysColor
DispatchMessageW
RegisterClipboardFormatW
GetKeyState
EnumDisplayMonitors
IsWindowVisible
WinHelpW
GetDesktopWindow
SystemParametersInfoW
MonitorFromWindow
SetRect
InvalidateRect
CharNextW
CallWindowProcW
GetClassNameW
ModifyMenuW
IsRectEmpty
GetFocus
wsprintfW
SetCursor
SetMenu
RemovePropW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
WinHttpSetOption
WinHttpConnect
WinHttpQueryAuthSchemes
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetTimeouts
WinHttpQueryDataAvailable
WinHttpSetCredentials
WinHttpGetProxyForUrl
WinHttpAddRequestHeaders
WinHttpSetStatusCallback
WinHttpQueryHeaders
WinHttpGetDefaultProxyConfiguration
WinHttpReceiveResponse
WinHttpOpen
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReadData
DocumentPropertiesW
ClosePrinter
OpenPrinterW
WinVerifyTrust
CredUIPromptForCredentialsW
GdipCreateBitmapFromScan0
GdiplusShutdown
GdipGetImagePalette
GdipDisposeImage
GdipCreateBitmapFromFile
GdipBitmapUnlockBits
GdipGetImageWidth
GdipBitmapLockBits
GdipAlloc
GdipFree
GdipCloneImage
GdiplusStartup
GdipGetImagePaletteSize
GdipGetImageHeight
GdipDrawImageI
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
Ord(171)
Ord(125)
Ord(17)
Ord(116)
Ord(118)
Ord(115)
Ord(8)
OleUninitialize
CoUninitialize
StgOpenStorageOnILockBytes
CoFreeUnusedLibraries
StringFromGUID2
CreateStreamOnHGlobal
OleFlushClipboard
CoCreateGuid
StringFromCLSID
CoRegisterMessageFilter
CLSIDFromString
CreateILockBytesOnHGlobal
CoGetClassObject
CoInitialize
OleInitialize
CoCreateInstance
CoTaskMemAlloc
CoInitializeEx
StgCreateDocfileOnILockBytes
CoRevokeClassObject
CLSIDFromProgID
CoInitializeSecurity
OleIsCurrentClipboard
CoTaskMemFree
OleUIBusyW
PE exports
Number of PE resources by type
RT_BITMAP 24
RT_ICON 20
RT_CURSOR 16
RT_GROUP_CURSOR 15
RT_STRING 14
PNG 13
RT_DIALOG 9
EMBEDDED_FILES 1
RT_MANIFEST 1
RT_MENU 1
RT_RCDATA 1
RT_ACCELERATOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 118
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.3.1498.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Soluto Installer

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
877056

EntryPoint
0x6f6ae

OriginalFileName
RelationshipEstablisher.exe

MIMEType
application/octet-stream

LegalCopyright
(c) Soluto Inc. All rights reserved.

FileVersion
1.3.1498.0

TimeStamp
2014:01:01 15:52:47+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
RelationshipEstablisher.exe

ProductVersion
1.3.1498.0

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Soluto Inc

CodeSize
630272

ProductName
Soluto

ProductVersionNumber
1.3.1498.0

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
File identification
MD5 2d97483fce19c62c4c2371c202e4e9de
SHA1 eae0a7db5670f0b6fbc27c850240253b6b4ad485
SHA256 430efbb7ea3988c16a2b64725e3f2b8be199c9f34cbf9aaec24d45033484c76b
ssdeep
24576:KjUiMsb+upMq1dXcxS678QHYKwzgdRRn5PaRAqJBSZVtt+GEXhqwKUT:UUiMsb+uKq1Biz86YBzgdRRRaRAqHSBu

authentihash 48b751159c4e16e268116303ac34d3167cf0e65b8e524c2f9c15600355595665
imphash 1df265893dfd785c42555bfd91eab936
File size 1.4 MB ( 1514048 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows ActiveX control (75.3%)
Win64 Executable (generic) (17.8%)
Win32 Executable (generic) (2.9%)
OS/2 Executable (generic) (1.3%)
Generic Win/DOS Executable (1.2%)
Tags
peexe overlay signed via-tor

VirusTotal metadata
First submission 2014-01-12 13:38:00 UTC ( 5 years, 4 months ago )
Last submission 2018-12-28 12:19:51 UTC ( 4 months, 3 weeks ago )
File names solutoinstaller(1).exe
solutoinstaller-r62ed03fb75g.exe
solutoinstaller-w48qn53co61y.exe
solutoinstaller-n40dj98ex32q_s804921080.exe
solutoinstaller-k70cg85aw16r_s95150191.exe
solutoinstaller-c29tp87if43w.exe
solutoinstaller-z12pt70rg84b.exe
solutoinstaller-d13fp69iz08r.exe
solutoinstaller-d51af03gy29r.exe
solutoinstaller-j83sx91op76r_s71506560.exe
solutoinstaller-y54ik30pg62j_s13007470.exe
solutoinstaller-j47sp35kn80c_s259637186.exe
solutoinstaller-n36oc80ke75x.exe
solutoinstaller-n50ga61rt78w.exe
solutoinstaller-f70iq34cy65s.exe
RelationshipEstablisher.exe
solutoinstaller.exe
solutoinstaller-_wPp3d1F9TqC.exe
solutoinstaller.exe
solutoinstaller-a79pz20fr63b.exe
solutoinstaller-e23gq48na61y.exe
solutoinstaller-k29cy38pd10r.exe
74459334
solutoinstaller-g04ky69st78e.exe
filename
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Set keys
Created mutexes
Opened mutexes
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections