× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4340039cb458ef60cf3e05106a28fc0195dc3a4beb4a617f3fe92ce8aff6dc0a
File name: ShouldIRemoveIt_Setup
Detection ratio: 1 / 57
Analysis date: 2016-04-20 11:57:19 UTC ( 3 months, 1 week ago )
Probably harmless! There are strong indicators suggesting that this file is safe to use.
Antivirus Result Update
Comodo Heur.Suspicious 20160420
ALYac 20160420
AVG 20160420
AVware 20160420
Ad-Aware 20160420
AegisLab 20160420
AhnLab-V3 20160419
Alibaba 20160420
Antiy-AVL 20160420
Arcabit 20160420
Avast 20160420
Avira (no cloud) 20160420
Baidu 20160420
Baidu-International 20160420
BitDefender 20160420
Bkav 20160419
CAT-QuickHeal 20160420
CMC 20160415
ClamAV 20160420
Cyren 20160420
DrWeb 20160420
ESET-NOD32 20160420
Emsisoft 20160420
F-Prot 20160420
F-Secure 20160420
Fortinet 20160420
GData 20160420
Ikarus 20160420
Jiangmin 20160420
K7AntiVirus 20160420
K7GW 20160420
Kaspersky 20160420
Kingsoft 20160420
Malwarebytes 20160420
McAfee 20160420
McAfee-GW-Edition 20160420
eScan 20160420
Microsoft 20160420
NANO-Antivirus 20160420
Panda 20160419
Qihoo-360 20160420
Rising 20160420
SUPERAntiSpyware 20160420
Sophos 20160420
Symantec 20160420
Tencent 20160420
TheHacker 20160419
TotalDefense 20160420
TrendMicro 20160420
TrendMicro-HouseCall 20160420
VBA32 20160420
VIPRE 20160420
ViRobot 20160420
Yandex 20160419
Zillya 20160420
Zoner 20160420
nProtect 20160420
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) Reason Software Company Inc.

Product Should I Remove It
Original name ShouldIRemoveIt_Setup.exe
Internal name ShouldIRemoveIt_Setup
File version 1.0.4
Description Should I Remove It Setup
Signature verification Signed file, verified signature
Signing date 5:46 AM 4/3/2013
Signers
[+] Reason Software Company Inc.
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 8/27/2012
Valid to 12:59 AM 8/28/2013
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 6258F57A10D973B8BD0C4E7BBB52C35AF61A279B
Serial number 1E 7B 5E E3 02 7F 2B D1 6E 9F 8B CC 0B 4F 6A 5A
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-26 10:52:33
Entry Point 0x0002E32E
Number of sections 4
PE sections
Overlays
MD5 b2fc94a87928ad15766acfda7e1abe72
File type application/x-ms-dos-executable
Offset 437760
Size 798392
Entropy 7.91
PE imports
DestroyPropertySheetPage
CreatePropertySheetPageW
PropertySheetW
GetDeviceCaps
DeleteDC
CreateFontIndirectW
SetBkMode
BitBlt
GetStockObject
GetObjectW
SelectObject
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
WaitForSingleObject
HeapDestroy
GetFileAttributesW
lstrcmpW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetTempPathA
WideCharToMultiByte
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetEvent
FormatMessageW
GetExitCodeProcess
InitializeCriticalSection
OutputDebugStringW
GetLogicalDriveStringsW
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetSystemTime
TlsGetValue
CopyFileW
GetUserDefaultLangID
LoadResource
RemoveDirectoryW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
lstrcmpiW
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
FlushInstructionCache
GetModuleHandleA
CreateThread
GetSystemDirectoryW
GetExitCodeThread
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
IsProcessorFeaturePresent
GlobalMemoryStatus
SearchPathW
WriteConsoleA
GetVersion
SetCurrentDirectoryW
GlobalAlloc
GetDiskFreeSpaceExW
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
UnlockFile
GetWindowsDirectoryW
GetFileSize
LCMapStringW
OpenProcess
DeleteFileA
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GetTempFileNameW
GetModuleFileNameW
FindNextFileW
ResetEvent
GetTempFileNameA
FindFirstFileW
TerminateProcess
DuplicateHandle
GlobalLock
GetTempPathW
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
EnumResourceLanguagesW
GetShortPathNameW
CreateNamedPipeW
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
LockFile
lstrlenW
VirtualFree
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
InterlockedCompareExchange
lstrcpynW
GetSystemDefaultLangID
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
FindResourceExW
CreateProcessA
IsValidCodePage
HeapCreate
FindResourceW
CreateProcessW
Sleep
VirtualAlloc
GetOEMCP
TransparentBlt
VarUI4FromStr
OleLoadPicture
SHGetFolderPathW
SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetMalloc
PathFileExistsW
MapWindowPoints
SetFocus
GetForegroundWindow
GetParent
EmptyClipboard
GetScrollRange
EndDialog
DestroyWindow
DefWindowProcW
ModifyMenuW
KillTimer
DestroyMenu
PostQuitMessage
ShowWindow
MessageBeep
LoadMenuW
SetWindowPos
CloseClipboard
GetSystemMetrics
EnableMenuItem
IsWindow
PeekMessageW
GetWindowRect
EnableWindow
DialogBoxParamW
LoadIconW
SetPropW
TranslateMessage
GetWindow
PostMessageW
MessageBoxW
RedrawWindow
GetPropW
GetDC
CreateDialogParamW
ReleaseDC
GetDlgCtrlID
SendMessageW
UnregisterClassA
SetClipboardData
IsWindowVisible
LoadStringW
GetClientRect
SetWindowLongW
GetDlgItem
RemovePropW
SystemParametersInfoW
LoadImageW
DispatchMessageW
ScreenToClient
InvalidateRect
GetScrollPos
GetSubMenu
SetTimer
CallWindowProcW
TrackPopupMenu
GetActiveWindow
FindWindowW
SetWindowTextW
GetWindowTextW
GetDesktopWindow
GetSystemMenu
GetWindowTextLengthW
CreateWindowExW
MsgWaitForMultipleObjects
GetWindowLongW
SetForegroundWindow
CharNextW
ExitWindowsEx
OpenClipboard
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CoTaskMemAlloc
StgCreateDocfileOnILockBytes
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CreateILockBytesOnHGlobal
Number of PE resources by type
RT_DIALOG 12
RT_ICON 12
RT_STRING 9
RTF_FILE 2
RT_MENU 2
IMAGE_FILE 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 42
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.4.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
176640

EntryPoint
0x2e32e

OriginalFileName
ShouldIRemoveIt_Setup.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) Reason Software Company Inc.

FileVersion
1.0.4

TimeStamp
2012:07:26 11:52:33+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ShouldIRemoveIt_Setup

ProductVersion
1.0.4

FileDescription
Should I Remove It Setup

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Reason Software Company Inc.

CodeSize
260096

ProductName
Should I Remove It

ProductVersionNumber
1.0.4.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 63eaa9dd373b430a144ad83cbba07c82
SHA1 c721b88d4a71526e64c32a9f64a86d3d58349a2d
SHA256 4340039cb458ef60cf3e05106a28fc0195dc3a4beb4a617f3fe92ce8aff6dc0a
ssdeep
24576:zmiOuhuHkDX/TCflWkuAo+5ATAz4kRgowXzqDOwTEnrBCqZOApj1A4:zmTguSXLCdWkL5Rz4ktmzqDOlnlCYw

authentihash a0700568e6008b75f07a8b425af3ab1c3efeeee26e682a054eda214277f98560
imphash 1861921cae4f91ec1f2ba503993d68e8
File size 1.2 MB ( 1236152 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2013-04-03 13:00:31 UTC ( 3 years, 3 months ago )
Last submission 2015-12-27 19:11:51 UTC ( 7 months ago )
File names 4340039cb458ef60cf3e05106a28fc0195dc3a4beb4a617f3fe92ce8aff6dc0a.vir
file-5363465_exe
ShouldIRemoveIt_Setup.exe
shouldiremoveit_setup.exe
ShouldIRemoveIt_Setup
10550183
output.10550183.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Set keys
Deleted keys
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications