× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 499aba4a495ed32994de04ac18fd06ce74c297949a2b16c440823d54391c6ef0
File name: aimp_4.51.2084.exe
Detection ratio: 0 / 69
Analysis date: 2018-12-03 02:43:07 UTC ( 2 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware 20181203
AegisLab 20181203
AhnLab-V3 20181202
Alibaba 20180921
ALYac 20181203
Antiy-AVL 20181202
Arcabit 20181203
Avast 20181203
Avast-Mobile 20181202
AVG 20181202
Avira (no cloud) 20181202
Babable 20180918
Baidu 20181130
BitDefender 20181202
Bkav 20181129
CAT-QuickHeal 20181202
CMC 20181202
Comodo 20181203
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181203
Cyren 20181203
DrWeb 20181203
eGambit 20181203
Emsisoft 20181203
Endgame 20181108
ESET-NOD32 20181202
F-Prot 20181203
F-Secure 20181202
Fortinet 20181203
GData 20181203
Ikarus 20181202
Sophos ML 20181128
Jiangmin 20181203
K7AntiVirus 20181202
K7GW 20181202
Kaspersky 20181203
Kingsoft 20181203
Malwarebytes 20181203
MAX 20181203
McAfee 20181203
McAfee-GW-Edition 20181202
Microsoft 20181203
eScan 20181203
NANO-Antivirus 20181202
Palo Alto Networks (Known Signatures) 20181203
Panda 20181202
Qihoo-360 20181203
Rising 20181203
SentinelOne (Static ML) 20181011
Sophos AV 20181202
SUPERAntiSpyware 20181128
Symantec 20181203
Symantec Mobile Insight 20181121
TACHYON 20181203
Tencent 20181203
TheHacker 20181202
TotalDefense 20181202
Trapmine 20181128
TrendMicro 20181205
TrendMicro-HouseCall 20181202
Trustlook 20181203
VBA32 20181130
VIPRE 20181202
ViRobot 20181202
Webroot 20181203
Yandex 20181130
Zillya 20181130
ZoneAlarm by Check Point 20181203
Zoner 20181203
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Artem Izmaylov

Product AIMP
Original name 7zsd_LZMA2.sfx
Description AIMP Setup
Comments Based on 7z Setup SFX v1.6.0.2712 (x86) (© 2005-2012 Oleg N. Scherbakov)
Signature verification Signed file, verified signature
Signing date 10:54 AM 12/1/2018
Signers
[+] IP Izmaylov Artem Andreevich
Status Valid
Issuer GlobalSign CodeSigning CA - SHA256 - G3
Valid from 11:04 AM 09/08/2017
Valid to 11:04 AM 09/08/2020
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint E1782EA4E44A003BFA5D98B4F6F912ACDF9B3DD1
Serial number 32 93 00 D5 99 01 60 67 A3 E8 6C ED
[+] GlobalSign CodeSigning CA - SHA256 - G3
Status Valid
Issuer GlobalSign
Valid from 11:00 PM 06/14/2016
Valid to 11:00 PM 06/14/2024
Valid usage Code Signing, OCSP Signing
Algorithm sha256RSA
Thumbprint 090D03435EB2A8364F79B78CB173D35E8EB63558
Serial number 48 1B 6A 07 26 D2 E8 3F 26 02 D4 82 5A CD
[+] GlobalSign
Status Valid
Issuer GlobalSign Root CA
Valid from 10:00 AM 11/18/2009
Valid to 09:00 AM 03/18/2019
Valid usage All
Algorithm sha256RSA
Thumbprint 4765557AF418C68A641199146A7E556AA8242996
Serial number 04 00 00 00 00 01 25 07 1D F9 AF
[+] GlobalSign Root CA - R1
Status Valid
Issuer GlobalSign Root CA
Valid from 11:00 AM 09/01/1998
Valid to 12:00 PM 01/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbprint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
Counter signers
[+] GlobalSign TSA for Advanced - G3 - 003-01
Status Valid
Issuer GlobalSign Timestamping CA - SHA256 - G2
Valid from 09:00 AM 06/14/2018
Valid to 09:00 AM 03/18/2029
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint AE6B02D90B258C0991B1161289DEB66956391D6F
Serial number 33 90 20 77 61 C4 26 DD 94 50 03 0D
[+] GlobalSign Timestamping CA - SHA256 - G2
Status Valid
Issuer GlobalSign
Valid from 09:00 AM 08/02/2011
Valid to 09:00 AM 03/29/2029
Valid usage All
Algorithm sha256RSA
Thumbrint 91843BBD936D86EAFA42A3AFBF33E92831068F99
Serial number 04 00 00 00 00 01 31 89 C6 50 04
[+] GlobalSign
Status Valid
Issuer GlobalSign Root CA
Valid from 10:00 AM 11/18/2009
Valid to 09:00 AM 03/18/2019
Valid usage All
Algorithm sha256RSA
Thumbrint 4765557AF418C68A641199146A7E556AA8242996
Serial number 04 00 00 00 00 01 25 07 1D F9 AF
[+] GlobalSign Root CA - R1
Status Valid
Issuer GlobalSign Root CA
Valid from 11:00 AM 09/01/1998
Valid to 12:00 PM 01/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbrint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
Packers identified
F-PROT appended, 7Z
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-12-31 00:38:38
Entry Point 0x0001638F
Number of sections 4
PE sections
Overlays
MD5 321d65742fd7962cf524ffb0cd0a68fb
File type data
Offset 165888
Size 10749752
Entropy 8.00
PE imports
FreeSid
AllocateAndInitializeSid
CheckTokenMembership
GetDeviceCaps
GetCurrentObject
DeleteDC
CreateFontIndirectW
SelectObject
CreateCompatibleBitmap
GetObjectW
SetStretchBltMode
CreateCompatibleDC
DeleteObject
StretchBlt
SetThreadLocale
GetStdHandle
GetDriveTypeW
WaitForSingleObject
LockResource
CreateJobObjectW
GetFileAttributesW
SetInformationJobObject
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetSystemDirectoryW
lstrcatW
GetLocaleInfoW
FindResourceExA
WideCharToMultiByte
GetTempPathW
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
GetExitCodeProcess
LocalFree
FormatMessageW
ResumeThread
InitializeCriticalSection
LoadResource
FindClose
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetModuleFileNameW
ExitProcess
lstrcmpiW
SetProcessWorkingSetSize
GetSystemDefaultLCID
MultiByteToWideChar
SetFilePointer
CreateThread
SetEnvironmentVariableW
GetSystemDefaultUILanguage
GetExitCodeThread
MulDiv
SetCurrentDirectoryW
GlobalAlloc
GetDiskFreeSpaceExW
SetEndOfFile
GetCurrentThreadId
EnterCriticalSection
TerminateThread
lstrcmpiA
GetVersionExW
SetEvent
LoadLibraryA
GetStartupInfoA
GetFileSize
GetStartupInfoW
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
AssignProcessToJobObject
lstrcpyW
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
ResetEvent
FindFirstFileW
lstrcmpW
GetProcAddress
CreateEventW
CreateFileW
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
lstrlenA
GlobalFree
lstrlenW
VirtualFree
GetQueuedCompletionStatus
SizeofResource
CompareFileTime
CreateIoCompletionPort
SetFileTime
GetCommandLineW
SuspendThread
GetModuleHandleA
ReadFile
CloseHandle
GetModuleHandleW
WriteFile
CreateProcessW
Sleep
IsBadReadPtr
VirtualAlloc
strncmp
__p__fmode
malloc
??1type_info@@UAE@XZ
memset
_wcsnicmp
__dllonexit
_except_handler3
??2@YAPAXI@Z
_onexit
_wtol
exit
_XcptFilter
memcmp
__setusermatherr
__p__commode
_acmdln
_CxxThrowException
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
_adjust_fdiv
??3@YAXPAX@Z
free
wcsncmp
__getmainargs
_purecall
_controlfp
memmove
memcpy
_beginthreadex
_initterm
_exit
_EH_prolog
__set_app_type
SysFreeString
OleLoadPicture
VariantClear
SysAllocString
SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW
SHGetSpecialFolderPathW
SHGetMalloc
SetFocus
GetParent
EndDialog
DrawTextW
DefWindowProcW
KillTimer
GetMessageW
ShowWindow
MessageBeep
SetWindowPos
wvsprintfW
GetSystemMetrics
SetWindowLongW
IsWindow
SendMessageW
GetWindowRect
ClientToScreen
UnhookWindowsHookEx
CharUpperW
MessageBoxA
LoadIconW
GetWindowDC
CopyImage
GetWindow
GetSysColor
DispatchMessageW
GetKeyState
ReleaseDC
GetMenu
GetWindowLongW
DrawIconEx
SetWindowTextW
CreateWindowExA
GetDlgItem
SystemParametersInfoW
LoadImageW
GetDC
ScreenToClient
CallNextHookEx
wsprintfA
SetTimer
CallWindowProcW
GetSystemMenu
DialogBoxIndirectParamW
EnableWindow
GetClientRect
GetWindowTextW
EnableMenuItem
SetWindowsHookExW
GetClassNameA
GetWindowTextLengthW
CreateWindowExW
wsprintfW
PtInRect
DestroyWindow
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
Number of PE resources by type
RT_ICON 5
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
RUSSIAN 6
NEUTRAL 1
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
Based on 7z Setup SFX v1.6.0.2712 (x86) ( 2005-2012 Oleg N. Scherbakov)

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
AIMP Setup

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
75776

EntryPoint
0x1638f

OriginalFileName
7zsd_LZMA2.sfx

MIMEType
application/octet-stream

LegalCopyright
Artem Izmaylov

TimeStamp
2012:12:30 16:38:38-08:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
4.5x

UninitializedDataSize
0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
AIMP DevTeam

CodeSize
89600

ProductName
AIMP

ProductVersionNumber
4.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 acc1353719050e5fa6f28e8d296078a4
SHA1 478fd16ef2cb4c4d60104a9341905259ae6dc7b9
SHA256 499aba4a495ed32994de04ac18fd06ce74c297949a2b16c440823d54391c6ef0
ssdeep
196608:jt+nSS5TDtCF2I0tGBFueNi8xtsLcnyfpLPdxC75pkCf8u4QYo4Iol38NQ:jtKDpTISC81YOLuyRj/C7+u4QYo2aQ

authentihash ef1a260424eaf9059e612e226ae860bb54651947e8b52a9bb731330f307f4321
imphash f6baa5eaa8231d4fe8e922a2e6d240ea
File size 10.4 MB ( 10915640 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Microsoft Visual C++ compiled executable (generic) (73.2%)
OS/2 Executable (generic) (8.9%)
Generic Win/DOS Executable (8.8%)
DOS Executable Generic (8.8%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2018-12-01 18:59:32 UTC ( 2 months, 3 weeks ago )
Last submission 2019-02-20 20:51:38 UTC ( 8 hours, 38 minutes ago )
File names J6bpmRyOJonT3VoXnDag%3D%3D&limit=0&content_type=application%2Fx-msdownload&fsize=10915640&hid=4deb9da5b3179d0bf4864c305b04310d&media_type=executable&tknv=v2&rtoken=sPaIFpRv1gv3&force_default=no&ycrid=na-f6ee5fb0f6622c419d3bdf270e2b141e-downloader1h&ts=57f805a0e95c0&s=a13fb6f1e778872821828ed9cc7676f0145c1d4d5acff0b48237ac3da0de67b3&pb=U2FsdGVkX1_Vw_UjPtLVmU7Hf7oRsFfAsuB67E2-34ssu0I5QrZKiXyV4ZAWM9MXfn68EiyVB6i2LwWFK8AMheqa-OwdDcJxevueus3mbno
AIMP 4.51 build 2084 Final Portable.exe
J6bpmRyOJonT3VoXnDag%3D%3D&limit=0&content_type=application%2Fx-msdownload&fsize=10915640&hid=4deb9da5b3179d0bf4864c305b04310d&media_type=executable&tknv=v2&rtoken=KGKLAnPvLA1T&force_default=no&ycrid=na-3a0db4bd35c5047867183e3cdf2406d6-downloader13h&ts=57c840a118180&s=d462d71babd11bb0d0ea177225755f09e944368a84510d76cf208efb6fdc86e3&pb=U2FsdGVkX1_pZAGhOVF2TbVXMnuC01IRqklDTMWBu5rUwwbK1KJeN4c-APmsOsXlKFKD2oF0UVpW-yd3HR_TSl2021rPELZsmhjQv3l92sc
aimp_4.51.2084 (1).exe
aimp_4.51.2084.exe
aimp_4.51.2084 (уже стоял).exe
AIMP_Russian_Setup.exe
UpdateInstaller.exe
aimp_4.51.2084.exe
aimp_latest_version.exe
AIMP_v4.51.2084(1).exe
AIMP 4.51.2084.exe
target.exe_440db74e-0526-11e9-95d4-000c2964456b
aimp_4.51.2084.exe
UpdateInstaller.exe
UpdateInstaller.exe
setup.exe
aimp_4.51.2084.exe
UpdateInstaller.exe
UpdateInstaller.exe
7zsd_LZMA2.sfx
target.exe
J6bpmRyOJonT3VoXnDag%3D%3D&limit=0&content_type=application%2Fx-msdownload&fsize=10915640&hid=4deb9da5b3179d0bf4864c305b04310d&media_type=executable&tknv=v2&rtoken=yLSZHRKkpGLi&force_default=no&ycrid=na-db4c0270789bf3c66d08199dc4e781f9-downloader8h&ts=57c46fca85b00&s=77ad9493a398c9db31599f430cb663567d637f02e65bb023c5c36a52d7fb744a&pb=U2FsdGVkX1-4uXkJUtrrW7yifZ-3SwwLP8eRmKLA-3s87HnujYklJp6vmj_GT10E5bli18abMHpQ3TUA50_MBItsSuFnORJbHQodtvEmK6g
aimp_4.51.2084.exe
aimp_4_51_2084.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs