× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4340039cb458ef60cf3e05106a28fc0195dc3a4beb4a617f3fe92ce8aff6dc0a
File name: ShouldIRemoveIt_Setup
Detection ratio: 1 / 50
Analysis date: 2014-01-27 10:47:14 UTC ( 2 months, 3 weeks ago )
Probably harmless! There are strong indicators suggesting that this file is safe to use.
Antivirus Result Update
Comodo Heur.Suspicious 20140127
AVG 20140127
Ad-Aware 20140127
Agnitum 20140127
AhnLab-V3 20140127
AntiVir 20140127
Antiy-AVL 20140127
Avast 20140127
Baidu-International 20140127
BitDefender 20140127
Bkav 20140125
ByteHero 20140121
CAT-QuickHeal 20140127
CMC 20140122
ClamAV 20140127
Commtouch 20140127
DrWeb 20140127
ESET-NOD32 20140127
Emsisoft 20140127
F-Prot 20140127
F-Secure 20140126
Fortinet 20140127
GData 20140127
Ikarus 20140127
Jiangmin 20140127
K7AntiVirus 20140125
K7GW 20140125
Kaspersky 20140127
Kingsoft 20130829
Malwarebytes 20140127
McAfee 20140127
McAfee-GW-Edition 20140127
MicroWorld-eScan 20140127
Microsoft 20140127
NANO-Antivirus 20140126
Norman 20140127
Panda 20140126
Qihoo-360 20140122
Rising 20140127
SUPERAntiSpyware 20140126
Sophos 20140127
Symantec 20140127
TheHacker 20140126
TotalDefense 20140127
TrendMicro 20140127
TrendMicro-HouseCall 20140127
VBA32 20140125
VIPRE 20140127
ViRobot 20140127
nProtect 20140126
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
Copyright (C) Reason Software Company Inc.

Publisher Reason Software Company Inc.
Product Should I Remove It
Original name ShouldIRemoveIt_Setup.exe
Internal name ShouldIRemoveIt_Setup
File version 1.0.4
Description Should I Remove It Setup
Signature verification Signed file, verified signature
Signing date 5:46 AM 4/3/2013
Signers
[+] Reason Software Company Inc.
Status Certificate out of its validity period
Valid from 1:00 AM 8/27/2012
Valid to 12:59 AM 8/28/2013
Valid usage Code Signing
Algorithm SHA1
Thumbrint 6258F57A10D973B8BD0C4E7BBB52C35AF61A279B
Serial number 1E 7B 5E E3 02 7F 2B D1 6E 9F 8B CC 0B 4F 6A 5A
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbrint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm SHA1
Thumbrint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm MD5
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-26 10:52:33
Entry Point 0x0002E32E
Number of sections 4
PE sections
PE imports
DestroyPropertySheetPage
CreatePropertySheetPageW
PropertySheetW
GetDeviceCaps
DeleteDC
CreateFontIndirectW
SetBkMode
BitBlt
GetStockObject
GetObjectW
SelectObject
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
WaitForSingleObject
HeapDestroy
GetFileAttributesW
lstrcmpW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetTempPathA
WideCharToMultiByte
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetEvent
FormatMessageW
GetExitCodeProcess
InitializeCriticalSection
OutputDebugStringW
GetLogicalDriveStringsW
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetSystemTime
TlsGetValue
CopyFileW
GetUserDefaultLangID
LoadResource
RemoveDirectoryW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
lstrcmpiW
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
FlushInstructionCache
GetModuleHandleA
CreateThread
GetSystemDirectoryW
GetExitCodeThread
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
IsProcessorFeaturePresent
GlobalMemoryStatus
SearchPathW
WriteConsoleA
GetVersion
SetCurrentDirectoryW
GlobalAlloc
GetDiskFreeSpaceExW
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
UnlockFile
GetWindowsDirectoryW
GetFileSize
LCMapStringW
OpenProcess
DeleteFileA
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GetTempFileNameW
GetModuleFileNameW
FindNextFileW
ResetEvent
GetTempFileNameA
FindFirstFileW
TerminateProcess
DuplicateHandle
GlobalLock
GetTempPathW
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
EnumResourceLanguagesW
GetShortPathNameW
CreateNamedPipeW
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
LockFile
lstrlenW
VirtualFree
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
InterlockedCompareExchange
lstrcpynW
GetSystemDefaultLangID
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
FindResourceExW
CreateProcessA
IsValidCodePage
HeapCreate
FindResourceW
CreateProcessW
Sleep
VirtualAlloc
GetOEMCP
TransparentBlt
VarUI4FromStr
OleLoadPicture
SHGetFolderPathW
SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetMalloc
PathFileExistsW
MapWindowPoints
SetFocus
GetForegroundWindow
GetParent
EmptyClipboard
GetScrollRange
EndDialog
DestroyWindow
DefWindowProcW
ModifyMenuW
KillTimer
DestroyMenu
PostQuitMessage
ShowWindow
MessageBeep
LoadMenuW
SetWindowPos
CloseClipboard
GetSystemMetrics
EnableMenuItem
IsWindow
PeekMessageW
GetWindowRect
EnableWindow
DialogBoxParamW
LoadIconW
SetPropW
TranslateMessage
GetWindow
PostMessageW
MessageBoxW
RedrawWindow
GetPropW
GetDC
CreateDialogParamW
ReleaseDC
GetDlgCtrlID
SendMessageW
UnregisterClassA
SetClipboardData
IsWindowVisible
LoadStringW
GetClientRect
SetWindowLongW
GetDlgItem
RemovePropW
SystemParametersInfoW
LoadImageW
DispatchMessageW
ScreenToClient
InvalidateRect
GetScrollPos
GetSubMenu
SetTimer
CallWindowProcW
TrackPopupMenu
GetActiveWindow
FindWindowW
SetWindowTextW
GetWindowTextW
GetDesktopWindow
GetSystemMenu
GetWindowTextLengthW
CreateWindowExW
MsgWaitForMultipleObjects
GetWindowLongW
SetForegroundWindow
CharNextW
ExitWindowsEx
OpenClipboard
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CoTaskMemAlloc
StgCreateDocfileOnILockBytes
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CreateILockBytesOnHGlobal
Number of PE resources by type
RT_DIALOG 12
RT_ICON 12
RT_STRING 9
RTF_FILE 2
RT_MENU 2
IMAGE_FILE 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 42
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.4.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
176640

OriginalFileName
ShouldIRemoveIt_Setup.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) Reason Software Company Inc.

FileVersion
1.0.4

TimeStamp
2012:07:26 11:52:33+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ShouldIRemoveIt_Setup

ProductVersion
1.0.4

FileDescription
Should I Remove It Setup

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Reason Software Company Inc.

CodeSize
260096

ProductName
Should I Remove It

ProductVersionNumber
1.0.4.0

EntryPoint
0x2e32e

ObjectFileType
Dynamic link library

File identification
MD5 63eaa9dd373b430a144ad83cbba07c82
SHA1 c721b88d4a71526e64c32a9f64a86d3d58349a2d
SHA256 4340039cb458ef60cf3e05106a28fc0195dc3a4beb4a617f3fe92ce8aff6dc0a
ssdeep
24576:zmiOuhuHkDX/TCflWkuAo+5ATAz4kRgowXzqDOwTEnrBCqZOApj1A4:zmTguSXLCdWkL5Rz4ktmzqDOlnlCYw

File size 1.2 MB ( 1236152 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe signed

VirusTotal metadata
First submission 2013-04-03 13:00:31 UTC ( 1 year ago )
Last submission 2013-10-03 05:40:14 UTC ( 6 months, 2 weeks ago )
File names file-5363465_exe
ShouldIRemoveIt_Setup.exe
shouldiremoveit_setup.exe
ShouldIRemoveIt_Setup
10550183
output.10550183.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Set keys
Deleted keys
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications