× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4ba074dc6a30c878cb63f8b63baf5794d356a84afd55c6a0e0f80c9720d7b026
File name: cebb35b8a9d704c774f3bede35a25c2614297d14381f86b0a64973417aa598872...
Detection ratio: 1 / 65
Analysis date: 2018-01-11 23:56:36 UTC ( 1 year, 1 month ago ) View latest
Antivirus Result Update
GData NSIS.Adware.WebCompanion.B 20180111
Ad-Aware 20180111
AegisLab 20180111
AhnLab-V3 20180111
Alibaba 20180111
ALYac 20180111
Antiy-AVL 20180111
Arcabit 20180111
Avast 20180111
Avast-Mobile 20180111
AVG 20180111
Avira (no cloud) 20180111
AVware 20180103
Baidu 20180111
BitDefender 20180111
Bkav 20180111
CAT-QuickHeal 20180111
ClamAV 20180111
CMC 20180111
Comodo 20180111
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20180112
Cyren 20180111
DrWeb 20180111
eGambit 20180112
Emsisoft 20180111
Endgame 20171130
ESET-NOD32 20180111
F-Prot 20180111
F-Secure 20180111
Fortinet 20180111
Ikarus 20180111
Sophos ML 20170914
Jiangmin 20180111
K7AntiVirus 20180111
K7GW 20180111
Kaspersky 20180111
Kingsoft 20180112
Malwarebytes 20180111
MAX 20180111
McAfee 20180111
McAfee-GW-Edition 20180111
Microsoft 20180111
eScan 20180111
NANO-Antivirus 20180111
nProtect 20180111
Palo Alto Networks (Known Signatures) 20180112
Panda 20180111
Qihoo-360 20180112
Rising 20180111
SentinelOne (Static ML) 20171224
Sophos AV 20180111
SUPERAntiSpyware 20180112
Symantec 20180111
Symantec Mobile Insight 20180111
Tencent 20180112
TheHacker 20180108
TotalDefense 20180111
Trustlook 20180112
VBA32 20180111
VIPRE 20180111
ViRobot 20180111
Webroot 20180112
WhiteArmor 20180110
Yandex 20180111
Zillya 20180111
ZoneAlarm by Check Point 20180111
Zoner 20180111
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright ⓒ 2010 ESTsoft Corp. All rights reserved.

Product ALZip Setup
File version 10.4.22.0
Description ALZip 8.0 beta1 Setup
Comments ALZip 8.0 beta1
Signature verification Signed file, verified signature
Signing date 6:43 AM 4/22/2010
Signers
[+] ESTsoft Corp.
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2009-2 CA
Valid from 12:00 AM 11/05/2009
Valid to 11:59 PM 12/05/2010
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 56C14618A4BB126C8007FC73E776E3E724DB3C13
Serial number 7F 37 97 2E F9 C4 A4 58 52 B3 AE CC 4F 5E A9 F6
[+] VeriSign Class 3 Code Signing 2009-2 CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 11:00 PM 05/20/2009
Valid to 10:59 PM 05/20/2019
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 12D4872BC3EF019E7E0B6F132480AE29DB5B1CA3
Serial number 65 52 26 E1 B2 2E 18 E1 59 0F 29 85 AC 22 E7 5C
[+] VeriSign Class 3 Public Primary CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 12:00 AM 01/29/1996
Valid to 10:59 PM 08/01/2028
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm md2RSA
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 11:00 PM 06/14/2007
Valid to 10:59 PM 06/14/2012
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 12:00 AM 12/04/2003
Valid to 11:59 PM 12/03/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 01/01/1997
Valid to 11:59 PM 12/31/2020
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT NSIS
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-11-17 07:03:29
Entry Point 0x000033B9
Number of sections 5
PE sections
Overlays
MD5 389d7c15898fab8cc53c8dad8696baa7
File type data
Offset 118272
Size 9911304
Entropy 8.00
PE imports
RegDeleteKeyA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegEnumKeyA
RegEnumValueA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SetBkMode
CreateBrushIndirect
CreateFontIndirectA
SelectObject
SetBkColor
DeleteObject
SetTextColor
GetLastError
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
ExitProcess
SetFileTime
GlobalUnlock
GetModuleFileNameA
LoadLibraryA
GetShortPathNameA
GetCurrentProcess
LoadLibraryExA
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GlobalLock
SetFileAttributesA
SetFilePointer
GetTempPathA
CreateThread
lstrcmpiA
GetModuleHandleA
lstrcmpA
ReadFile
WriteFile
FindFirstFileA
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
RemoveDirectoryA
GetSystemDirectoryA
GetDiskFreeSpaceA
ExpandEnvironmentStringsA
GetFullPathNameA
FreeLibrary
MoveFileA
CreateProcessA
GlobalAlloc
SearchPathA
FindClose
Sleep
CreateFileA
GetTickCount
GetVersion
GetProcAddress
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
SHFileOperationA
EmptyClipboard
GetMessagePos
EndPaint
CharPrevA
PostMessageA
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
GetClassInfoA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
RegisterClassA
SetDlgItemTextA
MessageBoxIndirectA
LoadImageA
GetDlgItemTextA
PeekMessageA
SetWindowLongA
DialogBoxParamA
GetSysColor
CheckDlgButton
GetDC
FindWindowExA
SystemParametersInfoA
CreatePopupMenu
GetWindowLongA
ShowWindow
SetClipboardData
IsWindowVisible
SendMessageA
IsWindowEnabled
GetClientRect
SetTimer
GetDlgItem
SetForegroundWindow
CreateDialogParamA
SetCursor
DrawTextA
EnableMenuItem
ScreenToClient
InvalidateRect
wsprintfA
SendMessageTimeoutA
CreateWindowExA
LoadCursorA
TrackPopupMenu
SetWindowTextA
FillRect
CharNextA
CallWindowProcA
GetSystemMenu
EnableWindow
CloseClipboard
DestroyWindow
ExitWindowsEx
OpenClipboard
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_ICON 9
RT_DIALOG 6
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 17
NEUTRAL 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
ALZip 8.0 beta1

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
10.4.22.0

LanguageCode
Neutral

FileFlagsMask
0x0000

FileDescription
ALZip 8.0 beta1 Setup

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
ASCII

InitializedDataSize
120320

EntryPoint
0x33b9

MIMEType
application/octet-stream

LegalCopyright
Copyright 2010 ESTsoft Corp. All rights reserved.

FileVersion
10.4.22.0

TimeStamp
2009:11:17 08:03:29+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
8.0.6.1

UninitializedDataSize
1024

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
ESTsoft Corp.

CodeSize
23552

ProductName
ALZip Setup

ProductVersionNumber
10.4.22.0

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
File identification
MD5 3906be9a69e3024ec2b492328ac5e105
SHA1 9413f5677fb87c6e61baec8a0f0da4401429e594
SHA256 4ba074dc6a30c878cb63f8b63baf5794d356a84afd55c6a0e0f80c9720d7b026
ssdeep
196608:8wzBJPjQikspJmgvYcxfypNGDEbKL2ISVtfIZSJYGd5UKHPMRJHfzYD:pLjbKcYclypNGZdGdCKHPMba

authentihash 678cf4a9a9e77a6bdaa1364d9011dfac74921ce99d1a26a85ec5bf6d54eba7e8
imphash 728848c674a670ce8220f0b1d666d54c
File size 9.6 MB ( 10029576 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID NSIS - Nullsoft Scriptable Install System (91.7%)
Win32 Executable MS Visual C++ (generic) (3.3%)
Win64 Executable (generic) (2.9%)
Win32 Dynamic Link Library (generic) (0.7%)
Win32 Executable (generic) (0.4%)
Tags
nsis peexe overlay signed software-collection

VirusTotal metadata
First submission 2010-05-19 08:59:11 UTC ( 8 years, 9 months ago )
Last submission 2019-01-31 08:51:33 UTC ( 3 weeks, 2 days ago )
File names ALZip(1).exe
4ba074dc6a30c878cb63f8b63baf5794d356a84afd55c6a0e0f80c9720d7b026
8659805
3906be9a69e3024ec2b492328ac5e105
ALZip.exe
alzip.exe
octet-stream
alzip.exe
77702
ALZip.exe
output.8659805.txt
alzip-8-0-6-1-en-win.exe
alzip.exe
alzip-8-0-6-1-en-win.exe
alzip-8.51.exe
alzip-8.51.exe
test.exe
filename
file-6750055_exe
alzip.exe
cebb35b8a9d704c774f3bede35a25c2614297d14381f86b0a64973417aa598872c8da933c6d646790b77b345033885002fe84e38dc00b0f3924ed4edd2564fbd
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!