× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 46e3440d9037fdf520bf213d6590b4522cfddeaae92f29d6029d0477117d1102
File name: cafesetup.exe
Detection ratio: 2 / 65
Analysis date: 2018-01-29 17:48:55 UTC ( 1 year, 3 months ago )
Antivirus Result Update
Antiy-AVL RiskWare[PSWTool]/Win32.NetPass 20180129
Sophos ML heuristic 20180121
Ad-Aware 20180129
AegisLab 20180129
AhnLab-V3 20180129
Alibaba 20180129
ALYac 20180129
Arcabit 20180129
Avast 20180129
Avast-Mobile 20180129
AVG 20180129
Avira (no cloud) 20180129
AVware 20180129
Baidu 20180129
BitDefender 20180129
Bkav 20180129
CAT-QuickHeal 20180129
ClamAV 20180129
CMC 20180129
Comodo 20180129
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20180129
Cyren 20180129
DrWeb 20180129
eGambit 20180129
Emsisoft 20180129
Endgame 20171130
ESET-NOD32 20180129
F-Prot 20180129
Fortinet 20180129
GData 20180129
Ikarus 20180129
Jiangmin 20180129
K7AntiVirus 20180129
K7GW 20180129
Kaspersky 20180129
Kingsoft 20180129
Malwarebytes 20180129
MAX 20180129
McAfee 20180129
McAfee-GW-Edition 20180129
Microsoft 20180129
eScan 20180129
NANO-Antivirus 20180129
nProtect 20180129
Palo Alto Networks (Known Signatures) 20180129
Panda 20180129
Qihoo-360 20180129
Rising 20180129
SentinelOne (Static ML) 20180115
Sophos AV 20180129
SUPERAntiSpyware 20180129
Symantec 20180129
Symantec Mobile Insight 20180126
Tencent 20180129
TheHacker 20180125
TrendMicro 20180129
TrendMicro-HouseCall 20180129
Trustlook 20180129
VBA32 20180129
VIPRE 20180129
ViRobot 20180129
Webroot 20180129
Yandex 20180112
Zillya 20180129
ZoneAlarm by Check Point 20180129
Zoner 20180129
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 74.cz, s.r.o. 2015

File version 4.1.69.282
Description Cafe Server
Comments http://74.cz
Signature verification Signed file, verified signature
Signing date 12:05 PM 4/15/2015
Signers
[+] 74.cz, s.r.o.
Status This certificate or one of the certificates in the certificate chain is not time valid., Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer COMODO Code Signing CA 2
Valid from 1:00 AM 7/10/2014
Valid to 12:59 AM 7/10/2016
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 07941CAA2A3F7FFD453E4C950EC752B64502AD48
Serial number 6B 38 2A 91 88 58 74 D4 45 74 6A 30 4D 1D D9 51
[+] COMODO Code Signing CA 2
Status Valid
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 8/24/2011
Valid to 11:48 AM 5/30/2020
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint B64771392538D1EB7A9281998791C14AFD0C5035
Serial number 10 70 9D 4F F5 54 08 D7 30 60 01 D8 EA 91 75 BB
[+] UTN-USERFirst-Object
Status Valid
Issuer AddTrust External CA Root
Valid from 9:09 AM 6/7/2005
Valid to 11:48 AM 5/30/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] The USERTrust Network™
Status Valid
Issuer AddTrust External CA Root
Valid from 11:48 AM 5/30/2000
Valid to 11:48 AM 5/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbprint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
Counter signers
[+] COMODO Time Stamping Signer
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 5/10/2010
Valid to 12:59 AM 5/11/2015
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 3DBB6DB5085C6DD5A1CA7F9CF84ECB1A3910CAC8
Serial number 47 8A 8E FB 59 E1 D8 3F 0C E1 42 D2 A2 87 07 BE
[+] UTN-USERFirst-Object
Status Valid
Issuer AddTrust External CA Root
Valid from 9:09 AM 6/7/2005
Valid to 11:48 AM 5/30/2020
Valid usage All
Algorithm sha1RSA
Thumbrint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] The USERTrust Network™
Status Valid
Issuer AddTrust External CA Root
Valid from 11:48 AM 5/30/2000
Valid to 11:48 AM 5/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbrint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00019ACC
Number of sections 8
PE sections
Overlays
MD5 081a0c69728afc2e8778d28e1697bffd
File type data
Offset 150528
Size 2691880
Entropy 8.00
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
SelectObject
GetTextExtentPoint32A
CreateFontA
TextOutA
ExtTextOutA
SetBkColor
DeleteObject
SetTextColor
GetLastError
GetStdHandle
EnterCriticalSection
FileTimeToDosDateTime
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
FreeLibrary
GetSystemDefaultLangID
ExitProcess
GetThreadLocale
GetVersionExA
GlobalUnlock
GetModuleFileNameA
GetFileSize
RtlUnwind
RemoveDirectoryA
GetLocalTime
GlobalHandle
DeleteCriticalSection
GetStartupInfoA
GetDateFormatA
LoadLibraryExA
CreateEventA
GetLocaleInfoA
LocalAlloc
CreateDirectoryA
SetFileTime
ExpandEnvironmentStringsA
GetCurrentDirectoryA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetCPInfo
GetCommandLineA
GetProcAddress
FormatMessageA
GetFullPathNameA
CreateMutexA
SetFilePointer
GetTempPathA
RaiseException
DosDateTimeToFileTime
CloseHandle
WideCharToMultiByte
GetModuleHandleA
FindFirstFileA
DeleteFileA
WriteFile
EnumCalendarInfoA
ReadFile
ResetEvent
lstrcpynA
FindNextFileA
GetACP
GetDiskFreeSpaceA
MoveFileExA
GetCurrentThreadId
FileTimeToLocalFileTime
SetFileAttributesA
SetEvent
LocalFree
GetExitCodeProcess
InitializeCriticalSection
CompareStringA
VirtualQuery
VirtualFree
LocalFileTimeToFileTime
FindClose
InterlockedDecrement
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
GetStringTypeExA
GetVersion
LeaveCriticalSection
VirtualAlloc
SetCurrentDirectoryA
InterlockedIncrement
VariantChangeType
SafeArrayGetLBound
SafeArrayPtrOfIndex
SysAllocStringLen
VariantClear
SafeArrayCreate
SysReAllocStringLen
SafeArrayGetUBound
VariantCopy
SysFreeString
VariantInit
ShellExecuteExA
SHGetSpecialFolderLocation
SHBrowseForFolderA
ShellExecuteA
SHGetPathFromIDListA
DrawEdge
GetSystemMetrics
CreateWindowExA
LoadStringA
DispatchMessageA
EndPaint
DestroyWindow
CharNextA
CharUpperBuffA
MessageBoxA
PeekMessageA
BeginPaint
CharToOemA
DefWindowProcA
InvalidateRect
GetKeyboardType
GetSysColor
RegisterClassExA
Number of PE resources by type
RT_STRING 7
RT_ICON 4
RT_RCDATA 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 10
CZECH DEFAULT 5
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
http://74.cz

LinkerVersion
2.25

ImageVersion
0.0

FileVersionNumber
4.1.69.282

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
44032

EntryPoint
0x19acc

MIMEType
application/octet-stream

LegalCopyright
Copyright 74.cz, s.r.o. 2015

FileVersion
4.1.69.282

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0.0.0

FileDescription
Cafe Server

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
74.cz, s.r.o.

CodeSize
105472

FileSubtype
0

ProductVersionNumber
4.1.69.282

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 639fb47021be89be735931a7cb5b691d
SHA1 d883e1d1ca142c5be1bd27b06fbe5db8d1836a60
SHA256 46e3440d9037fdf520bf213d6590b4522cfddeaae92f29d6029d0477117d1102
ssdeep
49152:7AGS4MtNFCqNE8+IGXokAHcaP8yPo0P7kQJpkwwI2L+0eKeznOQEOIar1OXan:7gxNFCo5EXokGdProJQJpT0+0P/QEOcI

authentihash 3bfa860530a19c6e95756f0a1650177c72d4d4aab1a3369a6a31ed52fcb899e9
imphash de1fa96ad5bc81910ffb7ed552e29d0d
File size 2.7 MB ( 2842408 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Delphi generic (45.2%)
Win32 Dynamic Link Library (generic) (20.9%)
Win32 Executable (generic) (14.3%)
Win16/32 Executable Delphi generic (6.6%)
Generic Win/DOS Executable (6.3%)
Tags
revoked-cert peexe via-tor signed overlay

VirusTotal metadata
First submission 2015-06-13 08:08:27 UTC ( 3 years, 11 months ago )
Last submission 2018-01-29 17:48:55 UTC ( 1 year, 3 months ago )
File names cafesetup.exe
cafesetup.exe
578537198595482c80dd0b64231fb3bf_cafesetup.exe.safe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.