× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4fcbc6ce3a5477e0320058596adf7be2bba6e94405c3efcb10d002cdb0601139
File name: SysRM124.exe
Detection ratio: 1 / 57
Analysis date: 2016-04-03 07:40:12 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
Baidu Win32.Virus.Lamer.g 20160402
Ad-Aware 20160403
AegisLab 20160403
AhnLab-V3 20160402
Alibaba 20160401
ALYac 20160403
Antiy-AVL 20160403
Arcabit 20160403
Avast 20160403
AVG 20160403
Avira (no cloud) 20160402
AVware 20160403
Baidu-International 20160402
BitDefender 20160403
Bkav 20160402
CAT-QuickHeal 20160402
ClamAV 20160402
CMC 20160401
Comodo 20160402
Cyren 20160403
DrWeb 20160403
Emsisoft 20160403
ESET-NOD32 20160403
F-Prot 20160403
F-Secure 20160403
Fortinet 20160403
GData 20160403
Ikarus 20160403
Jiangmin 20160403
K7AntiVirus 20160403
K7GW 20160403
Kaspersky 20160402
Kingsoft 20160403
Malwarebytes 20160403
McAfee 20160403
McAfee-GW-Edition 20160403
Microsoft 20160402
eScan 20160403
NANO-Antivirus 20160403
nProtect 20160401
Panda 20160402
Qihoo-360 20160403
Rising 20160403
Sophos AV 20160403
SUPERAntiSpyware 20160403
Symantec 20160331
Tencent 20160403
TheHacker 20160403
TotalDefense 20160402
TrendMicro 20160403
TrendMicro-HouseCall 20160403
VBA32 20160401
VIPRE 20160403
ViRobot 20160402
Yandex 20160316
Zillya 20160402
Zoner 20160403
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Setup Engine Copyright © 2004-2013 Indigo Rose Corporation

Product Setup Factory Runtime
Original name suf_launch.exe
Internal name suf_launch
File version 9.2.0.0
Description Setup Application
Comments Created with Setup Factory
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-27 19:10:44
Entry Point 0x000029E1
Number of sections 5
PE sections
Overlays
MD5 ad86269cb5406ddb03a700e5c08fbb17
File type data
Offset 72192
Size 5606132
Entropy 7.97
PE imports
GetTokenInformation
OpenProcessToken
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
lstrlenA
GetFileAttributesA
GetExitCodeProcess
QueryPerformanceCounter
HeapReAlloc
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
GetTempPathA
RemoveDirectoryA
RtlUnwind
LoadLibraryA
HeapSetInformation
GetCurrentProcess
_lwrite
GetFileType
GetStringTypeW
InterlockedIncrement
lstrcatA
CreateDirectoryA
DeleteFileA
GetCurrentDirectoryA
UnhandledExceptionFilter
InterlockedDecrement
_llseek
HeapSize
FreeEnvironmentStringsW
GetCPInfo
MultiByteToWideChar
GetProcAddress
_lread
EncodePointer
GetStartupInfoW
GetModuleFileNameW
_lclose
WideCharToMultiByte
LoadLibraryW
TlsFree
_lcreat
GetSystemTimeAsFileTime
DeleteCriticalSection
GetCurrentProcessId
SetUnhandledExceptionFilter
lstrcpyA
_lopen
DecodePointer
CloseHandle
IsProcessorFeaturePresent
GetCommandLineA
GetACP
GetDiskFreeSpaceA
MoveFileExA
GetModuleHandleW
FreeLibrary
LocalFree
TerminateProcess
GetModuleFileNameA
IsValidCodePage
HeapCreate
WriteFile
TlsGetValue
Sleep
SetLastError
GetTickCount
TlsSetValue
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
SetCurrentDirectoryA
GetOEMCP
CompareStringA
ShellExecuteExA
wsprintfA
LoadCursorA
DispatchMessageA
MessageBoxA
PeekMessageA
MsgWaitForMultipleObjects
TranslateMessage
SetCursor
Number of PE resources by type
RT_ICON 9
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 12
PE resources
ExifTool file metadata
CodeSize
22528

SubsystemVersion
5.1

Comments
Created with Setup Factory

InitializedDataSize
48640

ImageVersion
0.0

ProductName
Setup Factory Runtime

FileVersionNumber
9.2.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

LinkerVersion
10.0

FileTypeExtension
exe

OriginalFileName
suf_launch.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
9.2.0.0

TimeStamp
2013:08:27 21:10:44+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
suf_launch

ProductVersion
9.2.0.0

FileDescription
Setup Application

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
Setup Engine Copyright 2004-2013 Indigo Rose Corporation

MachineType
Intel 386 or later, and compatibles

LegalTrademarks
Setup Factory is a trademark of Indigo Rose Corporation.

FileSubtype
0

ProductVersionNumber
9.2.0.0

EntryPoint
0x29e1

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 833593d29b9078a8511f18969fab8b11
SHA1 209030c33dd6e00fc0c4f940d27512e9b3ca08f7
SHA256 4fcbc6ce3a5477e0320058596adf7be2bba6e94405c3efcb10d002cdb0601139
ssdeep
98304:KKYXeDcWA93rVd6uxcS3dutXJouitQbsgkZikubQvSGf6CUFbw:xYlWAFz6uGS3wZQ4QvSo6Cic

authentihash a467673e14bfd01c6c8c9cfb2d47a0f2fbbf945faf48c6e52f6115e863cd2396
imphash 1ff847646487d56f85778df99ff3728a
File size 5.4 MB ( 5678324 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (52.2%)
Win32 Executable MS Visual C++ (generic) (19.8%)
Win32 EXE Yoda's Crypter (16.9%)
Win32 Dynamic Link Library (generic) (4.1%)
Win32 Executable (generic) (2.8%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-04-10 13:38:22 UTC ( 4 years, 1 month ago )
Last submission 2019-05-03 13:40:08 UTC ( 3 weeks ago )
File names suf_launch.exe
SysRM124.exe
690867
SysResources Manager 12.4.exe
4FCBC6CE3A5477E0320058596ADF7BE2BBA6E94405C3EFCB10D002CDB0601139
ANVIRALT DFHO DUMETERALT LAUNCHERSW LOOKSW SKINSW - SOMEBADCOMMCOMONCNETASMAYBEVIRUSnCPUHOGnOKWHENUNINSTALLTHEYSAY - ALLMEDIAGRABBERAUTHORSW - SEESPDCNETnGAOTDCOMMCOM - CLEANSWASBYSPD - DFSPD - SysResources Manager .exe
SysRM124.exe
suf_launch
SysRM124.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications