× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4c5f0233694184b2c59ce37373e2458aae8ec0164e9c6d8615cd63ebd1449a9f
Detection ratio: 1 / 66
Analysis date: 2017-10-25 14:44:24 UTC ( 8 months, 3 weeks ago ) View latest
Antivirus Result Update
eGambit Unsafe.AI_Score_89% 20171025
Ad-Aware 20171025
AegisLab 20171025
AhnLab-V3 20171025
ALYac 20171025
Antiy-AVL 20171025
Arcabit 20171025
Avast 20171025
Avast-Mobile 20171025
AVG 20171025
Avira (no cloud) 20171025
AVware 20171025
Baidu 20171025
BitDefender 20171025
Bkav 20171025
CAT-QuickHeal 20171025
ClamAV 20171025
CMC 20171025
Comodo 20171025
CrowdStrike Falcon (ML) 20171016
Cylance 20171025
Cyren 20171025
DrWeb 20171025
Emsisoft 20171025
Endgame 20171024
ESET-NOD32 20171025
F-Prot 20171025
F-Secure 20171025
Fortinet 20171025
GData 20171025
Ikarus 20171025
Sophos ML 20170914
Jiangmin 20171025
K7AntiVirus 20171025
K7GW 20171025
Kaspersky 20171025
Kingsoft 20171025
Malwarebytes 20171025
MAX 20171025
McAfee 20171025
McAfee-GW-Edition 20171025
Microsoft 20171025
eScan 20171025
NANO-Antivirus 20171025
nProtect 20171025
Palo Alto Networks (Known Signatures) 20171025
Panda 20171025
Qihoo-360 20171025
Rising 20171025
SentinelOne (Static ML) 20171019
Sophos AV 20171025
SUPERAntiSpyware 20171025
Symantec 20171025
Symantec Mobile Insight 20171011
Tencent 20171025
TheHacker 20171024
TrendMicro 20171025
TrendMicro-HouseCall 20171025
Trustlook 20171025
VBA32 20171025
VIPRE 20171025
ViRobot 20171025
Webroot 20171025
WhiteArmor 20171024
Yandex 20171024
Zillya 20171025
ZoneAlarm by Check Point 20171025
Zoner 20171025
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2009

Product OpenAL Installer
Original name oalinst.exe
Internal name oalinst.exe
File version 2, 1, 0, 0
Description OpenAL Installer
Comments Installs OpenAL32.dll (6.14.357.25) and wrap_oal.dll (2.2.0.7)
Signature verification Signed file, verified signature
Signing date 8:20 PM 11/18/2009
Signers
[+] Creative Labs Inc
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2009-2 CA
Valid from 1:00 AM 7/21/2009
Valid to 12:59 AM 7/27/2012
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint A9BD869444000709C303F45B69C07FCE901DBFB5
Serial number 12 60 83 9D 65 3E AE AA 8C 6E 89 B6 5D C3 64 77
[+] VeriSign Class 3 Code Signing 2009-2 CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 5/21/2009
Valid to 12:59 AM 5/21/2019
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 12D4872BC3EF019E7E0B6F132480AE29DB5B1CA3
Serial number 65 52 26 E1 B2 2E 18 E1 59 0F 29 85 AC 22 E7 5C
[+] VeriSign Class 3 Public Primary CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 1/29/1996
Valid to 12:59 AM 8/2/2028
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm md2RSA
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 1:00 AM 6/15/2007
Valid to 12:59 AM 6/15/2012
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-11-18 19:20:07
Entry Point 0x00006C41
Number of sections 4
PE sections
Overlays
MD5 0b337885a80d86823c637c5b765e55fc
File type data
Offset 802816
Size 6744
Entropy 7.30
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
SelectObject
CreateCompatibleDC
GetStockObject
DeleteDC
BitBlt
GetStdHandle
GetConsoleOutputCP
GetFileAttributesA
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
MoveFileA
InitializeCriticalSection
LoadResource
TlsGetValue
SetLastError
CopyFileA
HeapAlloc
FlushFileBuffers
RemoveDirectoryA
EnumSystemLocalesA
SetConsoleCtrlHandler
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FatalAppExitA
SetFilePointer
SetUnhandledExceptionFilter
GetSystemDirectoryA
MoveFileExA
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
CreateDirectoryA
DeleteFileA
GetUserDefaultLCID
GetProcessHeap
CompareStringW
GetTimeFormatA
GetTempFileNameA
IsValidLocale
GetProcAddress
GetTimeZoneInformation
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GetModuleFileNameA
SizeofResource
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
FreeResource
GetEnvironmentStrings
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
CompareStringA
GetMessageA
CreateWindowExA
LoadCursorA
LoadIconA
DrawTextA
UpdateWindow
DispatchMessageA
EndPaint
PostQuitMessage
LoadImageA
MoveWindow
SendMessageA
DefWindowProcA
MessageBoxA
TranslateMessage
BeginPaint
ShowWindow
SetClassLongA
GetClientRect
RegisterClassExA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Number of PE resources by type
DLL 4
RT_ICON 2
RT_MANIFEST 2
RT_BITMAP 1
TXT 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 12
PE resources
Debug information
ExifTool file metadata
FileDescription
OpenAL Installer

Comments
Installs OpenAL32.dll (6.14.357.25) and wrap_oal.dll (2.2.0.7)

LinkerVersion
8.0

ImageVersion
0.0

ProductName
OpenAL Installer

FileVersionNumber
2.1.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
679936

FileTypeExtension
exe

OriginalFileName
oalinst.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2, 1, 0, 0

TimeStamp
2009:11:18 20:20:07+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
oalinst.exe

SubsystemVersion
4.0

ProductVersion
2, 1, 0, 0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2009

MachineType
Intel 386 or later, and compatibles

CompanyName
Creative Labs Inc.

CodeSize
118784

FileSubtype
0

ProductVersionNumber
2.1.0.0

EntryPoint
0x6c41

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Execution parents
Compressed bundles
File identification
MD5 4ab9c9898df4529eb05759c24f0a97fd
SHA1 edc44ffa27e997e2055cf659007c3c4a7f5c6ab4
SHA256 4c5f0233694184b2c59ce37373e2458aae8ec0164e9c6d8615cd63ebd1449a9f
ssdeep
6144:5KFF1+Oho771ZdsxZ5wDMvaeit7MY78XFNcQftvkSX1uRKa4kVMxgyb7x+85Lbmu:X/CMok7MYsK74kmx0gLSSh7jsY20HJn

authentihash 2d9ee279dcc5f699f0b354a337e2050428e2f594b905ec92296e6f380b7df131
imphash 1ff011c2e13ea492fe69b2fbfc802083
File size 790.6 KB ( 809560 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2010-02-01 15:24:53 UTC ( 8 years, 5 months ago )
Last submission 2018-06-26 08:02:54 UTC ( 2 weeks, 5 days ago )
File names OpenAL 2.1.0.0.exe
oalinst [1].exe
Oalinst.exe
tmpnujww0.drivedownload
OpenAL v2.1.0 Multilang.exe
OpenAL v2.1.0.exe
OALInst 2.1.exe
OpenAL 2.1 (oalinst).exe
oalinst.exe
OPENAL.EXE
set3296.tmp
set41d2.tmp
OALInst.exe
tmp2b7c.tmp
9DAE4D5F58982BC45A0F0CEE52741D00D6741838.exe
openalweax.exe
openalweax.exe
set29f7.tmp
oalinst OpenAL 2.1.0.0.exe
filename
OpenAL.exe
oalinst_2.exe
OALinst.exe
smona_4c5f0233694184b2c59ce37373e2458aae8ec0164e9c6d8615cd63ebd1449a9f.bin
OpenAL [oalinst].exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!