× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4fc7a9cdab7bc43783ff5a595f637a20506815830d7ba7d50aa1fbb687c424da
File name: 231df332162d542684e9463df2227573_INF81BE.tmp
Detection ratio: 3 / 67
Analysis date: 2018-08-02 15:23:07 UTC ( 7 months, 2 weeks ago )
Antivirus Result Update
Emsisoft Application.Generic (A) 20180802
Microsoft PUA:Win32/InstallCore 20180802
Zillya Trojan.VobfusCRTD.Win32.6974 20180801
Ad-Aware 20180802
AegisLab 20180802
AhnLab-V3 20180802
Alibaba 20180713
ALYac 20180802
Antiy-AVL 20180802
Arcabit 20180802
Avast 20180802
Avast-Mobile 20180802
AVG 20180802
Avira (no cloud) 20180802
AVware 20180727
Babable 20180725
Baidu 20180802
BitDefender 20180802
Bkav 20180802
CAT-QuickHeal 20180802
ClamAV 20180802
CMC 20180802
Comodo 20180802
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20180802
Cyren 20180802
DrWeb 20180802
eGambit 20180802
Endgame 20180730
ESET-NOD32 20180802
F-Prot 20180802
F-Secure 20180802
Fortinet 20180802
GData 20180802
Sophos ML 20180717
Jiangmin 20180802
K7AntiVirus 20180802
K7GW 20180802
Kaspersky 20180802
Kingsoft 20180802
Malwarebytes 20180802
MAX 20180802
McAfee 20180802
McAfee-GW-Edition 20180802
eScan 20180802
NANO-Antivirus 20180802
Palo Alto Networks (Known Signatures) 20180802
Panda 20180802
Qihoo-360 20180802
Rising 20180802
SentinelOne (Static ML) 20180701
Sophos AV 20180802
SUPERAntiSpyware 20180802
Symantec 20180802
Symantec Mobile Insight 20180801
TACHYON 20180802
Tencent 20180802
TheHacker 20180802
TotalDefense 20180802
TrendMicro 20180802
TrendMicro-HouseCall 20180802
Trustlook 20180802
VBA32 20180802
VIPRE 20180802
ViRobot 20180802
Webroot 20180802
Yandex 20180731
ZoneAlarm by Check Point 20180802
Zoner 20180802
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright

Product Quick Web Player
File version
Description Quick Web Player Setup
Comments This installation was built with Inno Setup.
Signature verification Signed file, verified signature
Signing date 1:56 PM 10/3/2011
Signers
[+] Conversionads
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 6/6/2011
Valid to 12:59 AM 6/6/2012
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 0DF49F33BA68AEFB68EE2802819510EE4EA4059F
Serial number 00 C7 74 EE 3B 8D AE 0D 50 74 1C D0 F8 60 CE 60 1C
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbprint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 1:00 AM 6/15/2007
Valid to 12:59 AM 6/15/2012
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT INNO, appended
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00009C18
Number of sections 8
PE sections
Overlays
MD5 639d4b6f4aecc65b153367380a147849
File type data
Offset 54272
Size 719112
Entropy 8.00
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
CreateDirectoryA
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetLocaleInfoA
LocalAlloc
LockResource
IsDBCSLeadByte
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
CloseHandle
GetACP
GetFullPathNameA
LocalFree
CreateProcessA
GetModuleFileNameA
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
FindResourceA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 4
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
DUTCH 4
ENGLISH US 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
This installation was built with Inno Setup.

InitializedDataSize
17920

ImageVersion
6.0

ProductName
Quick Web Player

FileVersionNumber
0.0.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Unicode

LinkerVersion
2.25

FileTypeExtension
exe

MIMEType
application/octet-stream

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
Quick Web Player Setup

OSVersion
1.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
37888

FileSubtype
0

ProductVersionNumber
0.0.0.0

EntryPoint
0x9c18

ObjectFileType
Executable application

File identification
MD5 231df332162d542684e9463df2227573
SHA1 48bcaf63a46eab210e8f8e291438c54daed66991
SHA256 4fc7a9cdab7bc43783ff5a595f637a20506815830d7ba7d50aa1fbb687c424da
ssdeep
12288:F3CaAjxViJgvkM8y+WwcnOqQuC4ags0Z9L8+iDLLCwy5wvnKGMwDzdsKLQ4QQ:F3LaxViKvQy+WwCQ/fgHZF8pLC15wvnh

authentihash fdff6750d47b0489c2a287435e50b9587e674803da2558f806b5f4b9b0703e8d
imphash 884310b1928934402ea6fec1dbd3cf5e
File size 755.3 KB ( 773384 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (76.6%)
Win32 Executable Delphi generic (9.9%)
Win32 Dynamic Link Library (generic) (4.5%)
Win32 Executable (generic) (3.1%)
Win16/32 Executable Delphi generic (1.4%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2011-10-09 17:37:12 UTC ( 7 years, 5 months ago )
Last submission 2013-06-07 12:40:14 UTC ( 5 years, 9 months ago )
File names 48bcaf63a46eab210e8f8e291438c54daed66991.bin
1110459
file-3193481_exe
HLzG5rQ.reg
iVR_.bin
231df332162d542684e9463df2227573
14A6205A0877B631CDF60B7967158700D86F72D3.exe
4fc7a9cdab7bc43783ff5a595f637a20506815830d7ba7d50aa1fbb687c424da
setup.exe
231df332162d542684e9463df2227573_INF81BE.tmp
download.php
aa
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!