× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4ffe8bd70885fd704868a4f900e7212d73526d7701dde1767023c54148cd9c96
File name: 4ffe8bd70885fd704868a4f900e7212d73526d7701dde1767023c54148cd9c96
Detection ratio: 0 / 53
Analysis date: 2016-01-18 05:31:10 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware 20160121
AegisLab 20160121
Yandex 20160120
AhnLab-V3 20160121
Alibaba 20160121
Antiy-AVL 20160121
Arcabit 20160121
Avast 20160121
AVG 20160121
Avira (no cloud) 20160121
Baidu-International 20160121
BitDefender 20160121
Bkav 20160121
ByteHero 20160121
CAT-QuickHeal 20160121
ClamAV 20160121
CMC 20160111
Comodo 20160121
Cyren 20160121
DrWeb 20160121
Emsisoft 20160121
ESET-NOD32 20160121
F-Prot 20160121
F-Secure 20160121
Fortinet 20160121
GData 20160121
Ikarus 20160121
Jiangmin 20160121
K7AntiVirus 20160121
K7GW 20160121
Kaspersky 20160121
Malwarebytes 20160121
McAfee 20160121
McAfee-GW-Edition 20160121
Microsoft 20160121
eScan 20160121
NANO-Antivirus 20160121
nProtect 20160121
Panda 20160120
Rising 20160121
Sophos AV 20160121
SUPERAntiSpyware 20160121
Symantec 20160120
Tencent 20160121
TheHacker 20160119
TotalDefense 20160121
TrendMicro 20160121
TrendMicro-HouseCall 20160121
VBA32 20160121
VIPRE 20160121
ViRobot 20160121
Zillya 20160121
Zoner 20160121
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2015 Lepide Software Private Limited. All rights reserved.

Product Kernel for Exchange Server
File version 15.9
Description Kernel for Exchange Server (Demo) Setup
Comments This installation was built with Inno Setup.
Signature verification Signed file, verified signature
Signing date 1:59 PM 10/23/2015
Signers
[+] Lepide Software Private Limited
Status Valid
Issuer GlobalSign Extended Validation CodeSigning CA - SHA256 - G2
Valid from 4:37 PM 4/22/2015
Valid to 4:37 PM 4/22/2018
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint F3AB6882AC6A3249C8388242704C1093AC7C62E0
Serial number 11 21 23 36 7A 63 FF D2 14 39 7D 34 19 9F F4 D6 A7 C6
[+] GlobalSign Extended Validation CodeSigning CA - SHA256 - G2
Status Valid
Issuer GlobalSign
Valid from 11:00 AM 8/2/2011
Valid to 11:00 AM 8/2/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 4F5EA6A9E4BA30A4575DEAD4E4E9D3B2DA66EA7B
Serial number 04 00 00 00 00 01 31 89 C6 4D E1
[+] GlobalSign
Status Valid
Issuer GlobalSign Root CA
Valid from 11:00 AM 11/18/2009
Valid to 11:00 AM 3/18/2019
Valid usage All
Algorithm sha256RSA
Thumbprint 4765557AF418C68A641199146A7E556AA8242996
Serial number 04 00 00 00 00 01 25 07 1D F9 AF
[+] GlobalSign
Status Valid
Issuer GlobalSign Root CA
Valid from 1:00 PM 9/1/1998
Valid to 1:00 PM 1/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbprint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
Counter signers
[+] GlobalSign TSA for Advanced - G2
Status Valid
Issuer GlobalSign Timestamping CA - SHA256 - G2
Valid from 1:00 AM 2/3/2015
Valid to 1:00 AM 3/3/2026
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 57AADEA34E3A84271197B259788D730C6AE22EC9
Serial number 11 21 16 C0 09 98 DC C6 8F A2 7D 25 C3 86 36 A8 83 BB
[+] GlobalSign Timestamping CA - SHA256 - G2
Status Valid
Issuer GlobalSign
Valid from 11:00 AM 8/2/2011
Valid to 11:00 AM 3/29/2029
Valid usage All
Algorithm sha256RSA
Thumbrint 91843BBD936D86EAFA42A3AFBF33E92831068F99
Serial number 04 00 00 00 00 01 31 89 C6 50 04
[+] GlobalSign
Status Valid
Issuer GlobalSign Root CA
Valid from 11:00 AM 11/18/2009
Valid to 11:00 AM 3/18/2019
Valid usage All
Algorithm sha256RSA
Thumbrint 4765557AF418C68A641199146A7E556AA8242996
Serial number 04 00 00 00 00 01 25 07 1D F9 AF
[+] GlobalSign
Status Valid
Issuer GlobalSign Root CA
Valid from 1:00 PM 9/1/1998
Valid to 1:00 PM 1/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbrint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
Packers identified
F-PROT INNO, appended, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0000A5F8
Number of sections 8
PE sections
Overlays
MD5 5c36ad297128c2bd22619a9f4893db78
File type data
Offset 78848
Size 18510456
Entropy 8.00
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
CreateDirectoryA
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetLocaleInfoA
LocalAlloc
LockResource
IsDBCSLeadByte
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
CloseHandle
GetACP
GetFullPathNameA
LocalFree
CreateProcessA
GetModuleFileNameA
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
FindResourceA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_ICON 8
RT_STRING 6
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 11
NEUTRAL 7
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
This installation was built with Inno Setup.

LinkerVersion
2.25

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
15.9.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
37376

EntryPoint
0xa5f8

MIMEType
application/octet-stream

LegalCopyright
Copyright 2015 Lepide Software Private Limited. All rights reserved.

FileVersion
15.9

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

ProductVersion
15.9

FileDescription
Kernel for Exchange Server (Demo) Setup

OSVersion
1.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Lepide Software Private Limited

CodeSize
40448

ProductName
Kernel for Exchange Server

ProductVersionNumber
15.9.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 ca29c4a8b11c1be4d97d7804950645d7
SHA1 9e6da8e1f414bc0d1555c7a5fba1eb62f0f1e4e1
SHA256 4ffe8bd70885fd704868a4f900e7212d73526d7701dde1767023c54148cd9c96
ssdeep
393216:pTAGVFyKExjJL2ZhpjA1/AcdUTV5yTb7GSU1kjPn:pTAbXjJC2DeV5E6yjv

authentihash fae23dbbf637fa2414ba64b9ca56cdd8b84de10cf79aeeac055fb87ac64cdf32
imphash 884310b1928934402ea6fec1dbd3cf5e
File size 17.7 MB ( 18589304 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (91.2%)
Win32 Executable (generic) (3.7%)
Win16/32 Executable Delphi generic (1.7%)
Generic Win/DOS Executable (1.6%)
DOS Executable Generic (1.6%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2015-10-31 01:24:18 UTC ( 3 years, 3 months ago )
Last submission 2016-03-31 08:41:01 UTC ( 2 years, 10 months ago )
File names kernel-exchange-server-demo.exe
kernel-exchange-server-demo.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Opened mutexes
Runtime DLLs