× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4d1fe62a45ef4b62dfbbf8f338b0809c93a3f616d7bca7f9038c9dd5337cc8bc
File name: BF45C5D9D8255C08245D0A4B258D2D00358FB9E2.exe
Detection ratio: 1 / 43
Analysis date: 2011-08-05 03:40:45 UTC ( 3 years, 7 months ago ) View latest
Antivirus Result Update
NOD32 probably a variant of Win32/InstallCore.A 20110805
AVG 20110805
AhnLab-V3 20110804
AntiVir 20110805
Antiy-AVL 20110804
Avast 20110804
Avast5 20110804
BitDefender 20110805
CAT-QuickHeal 20110804
ClamAV 20110805
Commtouch 20110805
Comodo 20110805
DrWeb 20110805
Emsisoft 20110805
F-Prot 20110805
F-Secure 20110805
Fortinet 20110805
GData 20110805
Ikarus 20110805
Jiangmin 20110804
K7AntiVirus 20110802
Kaspersky 20110805
McAfee 20110805
McAfee-GW-Edition 20110805
Microsoft 20110804
Norman 20110804
PCTools 20110805
Panda 20110804
Prevx 20110805
Rising 20110804
SUPERAntiSpyware 20110805
Sophos 20110805
Symantec 20110805
TheHacker 20110805
TrendMicro 20110805
TrendMicro-HouseCall 20110805
VBA32 20110804
VIPRE 20110805
ViRobot 20110804
VirusBuster 20110804
eSafe 20110804
eTrust-Vet 20110804
nProtect 20110804
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
Copyright InstallCore© Technology 4.1

Publisher Volonet Ltd
Product InstallCore© Installer SDK 4.1
Version 1, 0, 0, 9
Internal name InstallCore© Installer
File version 1, 0, 0, 9
Description InstallCore© Installer
Signature verification Signed file, verified signature
Signing date 2:31 PM 8/2/2011
Signers
[+] Volonet Ltd
Status Certificate out of its validity period
Valid from 1:00 AM 11/24/2010
Valid to 12:59 AM 11/24/2012
Valid usage Code Signing
Algorithm SHA1
Thumbrint 6DEC0D1BD0FEE8FCD4CC94FAA75AB4D7F23E3759
Serial number 27 22 80 02 C4 36 8B 89 85 B0 D5 7B C7 FE 75 CC
[+] UTN-USERFirst-Object
Status Valid
Valid from 9:09 AM 6/7/2005
Valid to 11:48 AM 5/30/2020
Valid usage All
Algorithm SHA1
Thumbrint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] USERTrust
Status Valid
Valid from 11:48 AM 5/30/2000
Valid to 11:48 AM 5/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm SHA1
Thumbrint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
Counter signers
[+] COMODO Time Stamping Signer
Status Valid
Valid from 1:00 AM 5/10/2010
Valid to 12:59 AM 5/11/2015
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 3DBB6DB5085C6DD5A1CA7F9CF84ECB1A3910CAC8
Serial number 47 8A 8E FB 59 E1 D8 3F 0C E1 42 D2 A2 87 07 BE
[+] UTN-USERFirst-Object
Status Valid
Valid from 9:09 AM 6/7/2005
Valid to 11:48 AM 5/30/2020
Valid usage All
Algorithm SHA1
Thumbrint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] USERTrust
Status Valid
Valid from 11:48 AM 5/30/2000
Valid to 11:48 AM 5/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm SHA1
Thumbrint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00119510
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
CoInternetCreateZoneManager
RegFlushKey
ImageList_Add
GetOpenFileNameA
SaveDC
OleDraw
VariantCopy
DragFinish
VerQueryValueA
Number of PE resources by type
RT_STRING 14
RT_BITMAP 14
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_RCDATA 6
RT_ICON 5
RT_DIALOG 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 43
ENGLISH US 11
ENGLISH UK 3
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
2.25

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.9

UninitializedDataSize
860160

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
372736

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1, 0, 0, 9

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
InstallCore Installer

ProductVersion
1, 0, 0, 9

FileDescription
InstallCore Installer

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright InstallCore Technology 4.1

MachineType
Intel 386 or later, and compatibles

CompanyName
InstallCore Technologies

CodeSize
290816

ProductName
InstallCore Installer SDK 4.1

ProductVersionNumber
1.0.0.9

EntryPoint
0x119510

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 a5ed44cb0dfa9dc9223a97f8a88f81cd
SHA1 2684d44353eaae70ae2378164ee81c384dd0b69b
SHA256 4d1fe62a45ef4b62dfbbf8f338b0809c93a3f616d7bca7f9038c9dd5337cc8bc
ssdeep
12288:rGlTGXZ7MNLGC12LZezXJyFz6f1WoqzlLOp9RNhgQ:rGIpoyBZUN96zlapLvgQ

File size 649.2 KB ( 664792 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (45.1%)
Win32 EXE Yoda's Crypter (39.2%)
Win32 Executable (generic) (6.6%)
Win16/32 Executable Delphi generic (3.0%)
Generic Win/DOS Executable (2.9%)
Tags
peexe signed upx

VirusTotal metadata
First submission 2011-08-02 22:12:02 UTC ( 3 years, 7 months ago )
Last submission 2013-04-10 08:48:26 UTC ( 1 year, 11 months ago )
File names file-4252764_exe
BF45C5D9D8255C08245D0A4B258D2D00358FB9E2.exe
a5ed44cb0dfa9dc9223a97f8a88f81cd
InstallCore© Installer
A0041421.exe$
a5ed44cb0dfa9dc9223a97f8a88f81cd.bin
InstallCore(c) Installer
4d1fe62a45ef4b62dfbbf8f338b0809c93a3f616d7bca7f9038c9dd5337cc8bc
file-2586287_exe
Facemoods(1).exe
Facemoods.exe
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/doc/pua.html .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!