× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4c42d2c6283af18de45a316c1194aeeb0babe66aca751b2eb4d8b54ae7bb1015
File name: CyberLink_Power2Go_Downloader.exe
Detection ratio: 0 / 57
Analysis date: 2016-03-22 23:23:06 UTC ( 2 years, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware 20160322
AegisLab 20160322
Yandex 20160316
AhnLab-V3 20160322
Alibaba 20160322
ALYac 20160322
Antiy-AVL 20160322
Arcabit 20160322
Avast 20160322
AVG 20160322
Avira (no cloud) 20160322
AVware 20160322
Baidu 20160322
Baidu-International 20160322
BitDefender 20160322
Bkav 20160322
ByteHero 20160323
CAT-QuickHeal 20160322
ClamAV 20160319
CMC 20160322
Comodo 20160322
Cyren 20160322
DrWeb 20160322
Emsisoft 20160322
ESET-NOD32 20160322
F-Prot 20160322
F-Secure 20160322
Fortinet 20160322
GData 20160322
Ikarus 20160322
Jiangmin 20160322
K7AntiVirus 20160322
K7GW 20160322
Kaspersky 20160322
Malwarebytes 20160322
McAfee 20160322
McAfee-GW-Edition 20160322
Microsoft 20160322
eScan 20160322
NANO-Antivirus 20160322
nProtect 20160322
Panda 20160322
Qihoo-360 20160323
Rising 20160322
Sophos AV 20160322
SUPERAntiSpyware 20160322
Symantec 20160322
Tencent 20160323
TheHacker 20160321
TotalDefense 20160322
TrendMicro 20160322
TrendMicro-HouseCall 20160322
VBA32 20160322
VIPRE 20160322
ViRobot 20160322
Zillya 20160322
Zoner 20160322
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) CyberLink Corporation. All rights reserved

Product CLDownloader
Original name CLDownloader.exe
Internal name CLDownloader
File version 2.9.1.5716
Description CyberLink Downloader
Signature verification Signed file, verified signature
Signing date 9:44 AM 12/10/2014
Signers
[+] CyberLink Corp.
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 11/16/2012
Valid to 12:59 AM 4/13/2015
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint C55A46F6B27C446E4A6E74CFC7B376D18389D2B8
Serial number 79 9A C3 97 60 95 54 6D 05 DE 53 95 16 6B FF 83
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT PECompact, PecBundle
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-09-16 06:21:51
Entry Point 0x0008D44B
Number of sections 4
PE sections
Overlays
MD5 551b5d857ec5342f5540ae0d7919dbdc
File type data
Offset 1122304
Size 177000
Entropy 7.96
PE imports
RegCreateKeyExW
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegCreateKeyW
RegCreateKeyExA
RegQueryValueExW
GetSidSubAuthorityCount
GetSidSubAuthority
RegOpenKeyExW
RegOpenKeyW
LookupAccountNameW
RegEnumKeyA
GetNamedSecurityInfoW
IsValidSid
GetSidIdentifierAuthority
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
SetEntriesInAclW
RegSetValueExW
AllocateAndInitializeSid
RegSetValueExA
RegDeleteValueA
SetNamedSecurityInfoW
InitCommonControlsEx
_TrackMouseEvent
DnsRecordListFree
DnsQuery_W
DeleteDC
CreateRectRgn
GetPixel
BitBlt
GetStockObject
CreateCompatibleBitmap
CreateDCW
SelectObject
DeleteObject
GetObjectW
SetBkMode
CombineRgn
CreateCompatibleDC
GetTextExtentPoint32W
CreateFontW
SetTextColor
LockFileEx
GetStdHandle
GetConsoleOutputCP
ReleaseMutex
GetFileAttributesA
WaitForSingleObject
FindFirstFileW
HeapDestroy
GetPrivateProfileSectionNamesW
GetFileAttributesW
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
IsDBCSLeadByteEx
GetTempPathA
WideCharToMultiByte
lstrcmpiA
GetStringTypeA
GetDiskFreeSpaceW
InterlockedExchange
FindResourceExW
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
GetStringTypeW
GetFullPathNameA
FreeLibrary
LocalFree
FormatMessageW
InitializeCriticalSection
OutputDebugStringW
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
OutputDebugStringA
SetLastError
GetUserDefaultUILanguage
GetSystemTime
CopyFileW
LoadResource
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
QueryPerformanceFrequency
LoadLibraryExA
SetThreadPriority
WritePrivateProfileSectionW
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointerEx
DeleteTimerQueueTimer
GetPrivateProfileStringW
FormatMessageA
CreateMutexA
SetFilePointer
GetFullPathNameW
InterlockedExchangeAdd
CreateThread
MoveFileExW
SetUnhandledExceptionFilter
ExitThread
SetEnvironmentVariableA
GetDiskFreeSpaceExA
WriteConsoleA
GlobalAlloc
GetDiskFreeSpaceExW
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
AreFileApisANSI
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
LoadLibraryW
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
UnlockFile
GetFileSize
LCMapStringW
CreateDirectoryA
DeleteFileA
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetPrivateProfileIntW
GetProcessHeap
CreateFileMappingW
CompareStringW
WriteFile
GetFileSizeEx
lstrcmpA
FindFirstFileA
ResetEvent
CreateTimerQueueTimer
CreateFileMappingA
FindNextFileA
TerminateProcess
GlobalLock
CreateEventW
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
GetComputerNameW
HeapCreate
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
FindResourceW
LCMapStringA
HeapReAlloc
FindNextFileW
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
IsDBCSLeadByte
GetUserGeoID
lstrlenW
LockFile
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
InterlockedCompareExchange
WritePrivateProfileStringW
GetSystemDefaultLangID
RaiseException
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
UnlockFileEx
GetACP
GetGeoInfoW
GetFileAttributesExW
GetEnvironmentStrings
IsValidCodePage
UnmapViewOfFile
GetTempPathW
VirtualQuery
VirtualFree
Sleep
FindResourceA
VirtualAlloc
GetOEMCP
CompareStringA
AlphaBlend
VarUI4FromStr
SysFreeString
VariantInit
VariantClear
SysAllocString
RpcStringFreeW
UuidToStringW
SHGetFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW
Shell_NotifyIconW
ShellExecuteW
Ord(165)
SHAppBarMessage
SHGetSpecialFolderPathW
PathAppendA
PathFindFileNameW
PathRemoveBackslashA
PathFileExistsW
PathRemoveFileSpecW
PathStripToRootA
PathAddBackslashW
PathAppendW
PathRemoveExtensionW
PathRemoveFileSpecA
StrTrimA
PathFileExistsA
GetUserNameExW
RegisterClassExW
GetMonitorInfoW
SetWindowRgn
EnableWindow
UpdateWindow
BeginPaint
DefWindowProcW
FindWindowW
KillTimer
GetMessageW
PostQuitMessage
ShowWindow
SetWindowPos
EnumDisplayMonitors
GetSystemMetrics
SetWindowLongW
MessageBoxW
PeekMessageW
GetWindowRect
EndPaint
TranslateMessage
PostMessageW
DispatchMessageW
SendMessageW
UnregisterClassA
GetWindowLongW
GetClientRect
DrawTextW
GetDC
InvalidateRect
wsprintfA
SetTimer
FillRect
CharNextA
LoadCursorW
LoadIconW
CreateWindowExW
wsprintfW
DestroyWindow
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
InternetSetStatusCallbackW
HttpOpenRequestA
HttpEndRequestW
HttpSendRequestExW
InternetGetConnectedState
HttpEndRequestA
HttpSendRequestExA
HttpOpenRequestW
InternetGetCookieW
InternetConnectW
HttpAddRequestHeadersA
InternetCloseHandle
InternetConnectA
InternetGetLastResponseInfoW
HttpAddRequestHeadersW
HttpQueryInfoW
InternetWriteFile
InternetReadFile
InternetSetOptionA
InternetCrackUrlW
InternetOpenA
InternetSetOptionW
InternetOpenUrlW
InternetOpenW
timeGetTime
inet_addr
GdipCloneBrush
GdiplusShutdown
GdipCreateFromHDC
GdipDisposeImage
GdipCreateHBITMAPFromBitmap
GdipDeleteBrush
GdipAlloc
GdipFree
GdipCloneImage
GdiplusStartup
GdipCreateBitmapFromStreamICM
GdipCreateSolidFill
GdipDrawImageRectI
GdipDeleteGraphics
GdipCreateBitmapFromStream
GdipFillRectangleI
IcmpSendEcho2
GetAdaptersInfo
IcmpCreateFile
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoCreateGuid
CoTaskMemRealloc
CoCreateInstance
OleSetContainedObject
CoTaskMemFree
StringFromGUID2
IsValidURL
FindMimeFromData
Number of PE resources by type
RT_STRING 55
PNG 36
RT_ICON 9
RT_MANIFEST 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 55
CHINESE TRADITIONAL 7
GERMAN 6
FRENCH 6
CHINESE SIMPLIFIED 6
JAPANESE DEFAULT 6
SPANISH MODERN 6
KOREAN 6
ITALIAN 6
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.9.1.5716

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Unicode

InitializedDataSize
442368

EntryPoint
0x8d44b

OriginalFileName
CLDownloader.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) CyberLink Corporation. All rights reserved

FileVersion
2.9.1.5716

TimeStamp
2014:09:16 07:21:51+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
CLDownloader

ProductVersion
2.9.1.5716

FileDescription
CyberLink Downloader

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
CyberLink

CodeSize
675840

ProductName
CLDownloader

ProductVersionNumber
2.9.1.5716

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 21c9b667f78393c3f6deec94bd920b00
SHA1 6a2de63acf2dadb55ca37293fe6baee9b53a1e4c
SHA256 4c42d2c6283af18de45a316c1194aeeb0babe66aca751b2eb4d8b54ae7bb1015
ssdeep
24576:z2XAI0rCcVPLe00uwmI+BM4Fq0XvLGOx6rjKEYLIeaWw:jIbIm+24V/LdqjKtij

authentihash 214a48ddcbc1db075721a9b5a93e3cfe36a1e675cf4b04a0059af09ec6ac90f1
imphash c002497569332fbd582de9cc6ad9bc91
File size 1.2 MB ( 1299304 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (v2.x) (34.7%)
Win32 EXE PECompact compressed (generic) (24.4%)
Win32 Executable MS Visual C++ (generic) (18.3%)
Win64 Executable (generic) (16.2%)
Win32 Executable (generic) (2.6%)
Tags
pecompact peexe signed overlay

VirusTotal metadata
First submission 2015-01-14 19:15:02 UTC ( 3 years, 10 months ago )
Last submission 2018-04-15 14:43:32 UTC ( 7 months, 1 week ago )
File names cyberlink-power2go_10.0.exe
CyberLink_Power2Go_Downloader10.exe
CLDownloader
cyberlink_power2go_downloader.exe
CyberLink_Power2Go_Downloader.exe
616695
cyberlink-power2go-essential-10.exe
4C42D2C6283AF18DE45A316C1194AEEB0BABE66ACA751B2EB4D8B54AE7BB1015
mirror-ex1
CyberLink_Power2Go_Downloader.exe
CLDownloader.exe
4c42d2c6283af18de45a316c1194aeeb0babe66aca751b2eb4d8b54ae7bb1015
CyberLink_Power2Go_Downloader10.exe
CyberLink_Power2Go_Downloader.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections