× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 43d31b212f7f7664bf8f132f66f0b5077fa3de0b49568ad26a8f2c8e88376f51
File name: MobileHelper_pad.exe
Detection ratio: 0 / 62
Analysis date: 2017-06-28 06:16:09 UTC ( 1 year, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware 20170630
AegisLab 20170630
AhnLab-V3 20170629
Alibaba 20170630
ALYac 20170630
Antiy-AVL 20170630
Arcabit 20170630
Avast 20170630
AVG 20170630
Avira (no cloud) 20170630
AVware 20170630
Baidu 20170630
BitDefender 20170630
Bkav 20170629
CAT-QuickHeal 20170630
ClamAV 20170630
CMC 20170630
Comodo 20170630
CrowdStrike Falcon (ML) 20170420
Cyren 20170630
DrWeb 20170630
Emsisoft 20170630
Endgame 20170629
ESET-NOD32 20170630
F-Prot 20170630
F-Secure 20170630
Fortinet 20170629
GData 20170630
Ikarus 20170630
Sophos ML 20170607
Jiangmin 20170628
K7AntiVirus 20170630
K7GW 20170630
Kaspersky 20170630
Kingsoft 20170630
Malwarebytes 20170630
McAfee 20170630
McAfee-GW-Edition 20170630
Microsoft 20170630
eScan 20170630
NANO-Antivirus 20170630
nProtect 20170630
Palo Alto Networks (Known Signatures) 20170630
Panda 20170629
Qihoo-360 20170630
Rising 20170630
SentinelOne (Static ML) 20170516
Sophos AV 20170630
SUPERAntiSpyware 20170630
Symantec 20170630
Symantec Mobile Insight 20170630
Tencent 20170630
TheHacker 20170628
TotalDefense 20170630
TrendMicro 20170630
TrendMicro-HouseCall 20170630
Trustlook 20170630
VBA32 20170629
VIPRE 20170630
ViRobot 20170630
Webroot 20170630
WhiteArmor 20170627
Yandex 20170630
Zillya 20170630
ZoneAlarm by Check Point 20170630
Zoner 20170630
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Fuzhou Xianzhi Ruishi Information Technology Co.,Ltd

Product Setup
Original name Setup.exe
Internal name Setup.exe
File version 2.7.5.210
Description Setup
Signature verification Signed file, verified signature
Signing date 7:46 AM 5/22/2017
Signers
[+] Fuzhou Xianzhi Ruishi Information Technology Co., Ltd.
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer WoSign Class 3 Code Signing CA
Valid from 2:55 AM 10/27/2016
Valid to 2:55 AM 12/27/2017
Valid usage Code Signing, 1.3.6.1.4.1.311.2.1.22
Algorithm sha1RSA
Thumbprint 63C83744E100AD719B0850D8EA0C81E54D35CA0F
Serial number 39 14 1A 47 B4 65 9A 85 1E 66 34 D5 97 C8 04 E4
[+] WoSign Class 3 Code Signing CA
Status Valid
Issuer Certification Authority of WoSign
Valid from 1:00 AM 8/8/2009
Valid to 1:00 AM 8/8/2024
Valid usage Code Signing, 1.3.6.1.4.1.311.2.1.22
Algorithm sha1RSA
Thumbprint 1C554F5B2042DF153C43E156C56F08EED0973EC7
Serial number 46 BB B3 40 FA B9 C1 79 28 93 8C 93 DA 10 86 79
[+] WoSign
Status Valid
Issuer Certification Authority of WoSign
Valid from 1:00 AM 8/8/2009
Valid to 1:00 AM 8/8/2039
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint B94294BF91EA8FB64BE61097C7FB001359B676CB
Serial number 5E 68 D6 11 71 94 63 50 56 00 68 F3 3E C9 C5 91
Counter signers
[+] WoSign Time Stamping Signer
Status Valid
Issuer Certification Authority of WoSign
Valid from 1:00 AM 8/8/2009
Valid to 1:00 AM 8/8/2024
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 5409B56C89BB1A881DE1A32C950D40FD6B94C74E
Serial number 25 1F 5D 98 81 82 17 2E 3C 41 9E 01 4F B0 40 4C
[+] WoSign
Status Valid
Issuer Certification Authority of WoSign
Valid from 1:00 AM 8/8/2009
Valid to 1:00 AM 8/8/2039
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbrint B94294BF91EA8FB64BE61097C7FB001359B676CB
Serial number 5E 68 D6 11 71 94 63 50 56 00 68 F3 3E C9 C5 91
Packers identified
F-PROT 7Z
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-22 07:42:46
Entry Point 0x0001D511
Number of sections 6
PE sections
Overlays
MD5 9b3dbdb2730b854e0543c3ee33ae78e3
File type data
Offset 22117376
Size 13840
Entropy 7.56
PE imports
ExtTextOutW
DeleteDC
SelectObject
SetDIBColorTable
GetObjectW
SetBkColor
CreateDIBSection
CreateCompatibleDC
DeleteObject
StretchBlt
ImmDisableIME
GetStdHandle
InterlockedPopEntrySList
WaitForSingleObject
EncodePointer
GetFileAttributesW
GetExitCodeProcess
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
UnhandledExceptionFilter
FreeEnvironmentStringsW
InitializeSListHead
GetLocaleInfoW
SetStdHandle
GetCPInfo
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
ResumeThread
SetWaitableTimer
InterlockedPushEntrySList
InitializeCriticalSection
LoadResource
FindClose
TlsGetValue
FormatMessageA
SetLastError
OutputDebugStringW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
FlushInstructionCache
GetPrivateProfileStringW
CreateThread
GetSystemDirectoryW
SetUnhandledExceptionFilter
CreateMutexW
IsProcessorFeaturePresent
ExitThread
DecodePointer
TerminateProcess
GetModuleHandleExW
VirtualQuery
GetDiskFreeSpaceExW
GetCurrentThreadId
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
RtlUnwind
FreeLibrary
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
RemoveDirectoryW
FindNextFileW
ResetEvent
CreateWaitableTimerA
FindFirstFileW
IsValidLocale
WaitForMultipleObjects
GetUserDefaultLCID
CreateEventW
CreateFileW
CreateEventA
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
GetSystemInfo
GetConsoleCP
FindResourceW
GetEnvironmentStringsW
lstrlenW
VirtualFree
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
WideCharToMultiByte
HeapSize
GetSystemDefaultLangID
RaiseException
ReleaseSemaphore
TlsFree
GetModuleHandleA
CloseHandle
GetACP
GetModuleHandleW
FreeResource
IsValidCodePage
GetTempPathW
CreateProcessW
Sleep
OpenEventA
VirtualAlloc
PathFileExistsW
MapWindowPoints
RegisterClassExW
GetMonitorInfoW
GetParent
PostQuitMessage
CallWindowProcW
DefWindowProcW
DestroyMenu
GetMessageW
ShowWindow
MessageBeep
LoadMenuW
SetWindowPos
GetClassInfoExW
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
EndPaint
AppendMenuW
TranslateMessage
GetWindow
PostMessageW
RemoveMenu
DispatchMessageW
BeginPaint
CreatePopupMenu
SendMessageW
LoadStringA
UnregisterClassW
GetClientRect
GetMenuItemInfoW
GetDlgItem
MessageBoxW
MonitorFromWindow
TrackPopupMenuEx
LoadImageW
InvalidateRect
LoadStringW
GetMenuItemCount
MonitorFromPoint
LoadCursorW
CreateWindowExW
LoadAcceleratorsW
GetWindowLongW
PtInRect
SetFocus
DestroyWindow
GdipCreateBitmapFromScan0
GdiplusShutdown
GdipGetImagePalette
GdipFree
GdipCreateBitmapFromFile
GdipBitmapUnlockBits
GdipGetImageWidth
GdipGetImageHeight
GdipAlloc
GdipDisposeImage
GdipCloneImage
GdipBitmapLockBits
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipDrawImageI
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdiplusStartup
Number of PE resources by type
RT_ICON 14
PNG 4
BINARY 3
XML 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 23
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

InitializedDataSize
21920768

ImageVersion
0.0

ProductName
Setup

FileVersionNumber
2.7.5.210

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
12.0

FileTypeExtension
exe

OriginalFileName
Setup.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.7.5.210

TimeStamp
2017:05:22 07:42:46+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
Setup.exe

ProductVersion
2.7.5.210

FileDescription
Setup

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
Fuzhou Xianzhi Ruishi Information Technology Co.,Ltd

MachineType
Intel 386 or later, and compatibles

CompanyName
Fuzhou Xianzhi Ruishi Information Technology Co.,Ltd

CodeSize
206848

FileSubtype
0

ProductVersionNumber
2.7.5.210

EntryPoint
0x1d511

ObjectFileType
Executable application

File identification
MD5 90d70c8e0874a97f09752501b62bfdda
SHA1 8be7c1b0f8ddfeab0ce2dd788f465dd7a1e52886
SHA256 43d31b212f7f7664bf8f132f66f0b5077fa3de0b49568ad26a8f2c8e88376f51
ssdeep
393216:VPwYvaS/JjlkVeD/w/qiNMtcSH0FJ2zBq7SUatQ108TXe0Yz6sBscXAvnRm:t/JjiV9DN2dq7SUJxitBFXGm

authentihash a59a8d80f765ee761e715c61dd1212c792b6a094654c6866bafbba0f850785b3
imphash 2daf94e6e8b798d80542f32507cc12f7
File size 21.1 MB ( 22131216 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2017-05-23 16:20:23 UTC ( 1 year, 10 months ago )
Last submission 2017-05-23 16:20:23 UTC ( 1 year, 10 months ago )
File names Setup.exe
MobileHelper_pad.exe
43D31B212F7F7664BF8F132F66F0B5077FA3DE0B49568AD26A8F2C8E88376F51.exe
MoboPlay_updatestar.exe
MoboPlay_pad.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!