× Cookies are disabled! This site requires cookies to be enabled to work properly
VirusTotal
SHA256: 50f96a25011d60be0a09e97796fe887ba4c3f3c3d31fcda08107069aca62b170
File name: pcperformersetup.exe
Detection ratio: 4 / 47
Analysis date: 2013-07-17 15:33:41 UTC ( 3 years, 2 months ago ) View latest
Antivirus Result Update
AntiVir APPL/InstallBrain.Gen 20130717
DrWeb Adware.Downware.1295 20130717
ESET-NOD32 a variant of Win32/InstallBrain.AJ 20130717
VIPRE InstallBrain (fs) 20130717
AVG 20130717
Yandex 20130717
AhnLab-V3 20130717
Antiy-AVL 20130717
Avast 20130717
BitDefender 20130717
ByteHero 20130710
CAT-QuickHeal 20130717
ClamAV 20130717
Commtouch 20130717
Comodo 20130717
Emsisoft 20130717
F-Prot 20130717
F-Secure 20130717
Fortinet 20130717
GData 20130717
Ikarus 20130717
Jiangmin 20130717
K7AntiVirus 20130716
K7GW 20130716
Kaspersky 20130717
Kingsoft 20130708
Malwarebytes 20130717
McAfee 20130717
McAfee-GW-Edition 20130717
eScan 20130717
Microsoft 20130717
NANO-Antivirus 20130717
Norman 20130717
PCTools 20130717
Panda 20130717
Rising 20130717
SUPERAntiSpyware 20130717
Sophos 20130717
Symantec 20130717
TheHacker 20130717
TotalDefense 20130717
TrendMicro 20130717
TrendMicro-HouseCall 20130717
VBA32 20130717
ViRobot 20130717
eSafe 20130714
nProtect 20130717
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright 2012

Publisher Performersoft LLC
Product Installer
Original name installer.exe
Internal name installer
File version 15.9.28.27
Description Installer
Signature verification Signed file, verified signature
Signing date 9:55 AM 7/15/2013
Signers
[+] Performersoft LLC
Status Certificate out of its validity period
Issuer None
Valid from 9:28 PM 6/27/2012
Valid to 9:28 PM 6/27/2015
Valid usage Code Signing
Algorithm SHA1
Thumbprint 275867B185996CA733E09CC9249C243C3F31B3D0
Serial number 07 DA C5 F7 3C 67 73
[+] Go Daddy Secure Certification Authority
Status Valid
Issuer None
Valid from 2:54 AM 11/16/2006
Valid to 2:54 AM 11/16/2026
Valid usage All
Algorithm SHA1
Thumbprint 7C4656C3061F7F4C0D67B319A855F60EBC11FC44
Serial number 03 01
[+] Go Daddy Class 2 Certification Authority
Status Valid
Issuer None
Valid from 6:06 PM 6/29/2004
Valid to 6:06 PM 6/29/2034
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm SHA1
Thumbprint 2796BAE63F1801E277261BA0D77770028F20EEE4
Serial number 00
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer None
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer None
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer None
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm MD5
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-07-15 08:51:26
Entry Point 0x0000AC58
Number of sections 5
PE sections
Overlays
MD5 b942e9b6787a19406157e43a420c17a3
File type data
Offset 659968
Size 8352
Entropy 7.42
PE imports
[+] GDI32.dll
DeleteObject
PtInRegion
CreatePolygonRgn
GetRgnBox
GetStockObject
[+] KERNEL32.dll
GetSystemTime
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
WaitForSingleObject
OpenEventW
FreeLibrary
QueryPerformanceCounter
HeapDestroy
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
LoadLibraryA
RtlUnwind
GetLocalTime
IsProcessorFeaturePresent
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
SizeofResource
GetFileType
DecodePointer
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
OpenMutexW
FreeEnvironmentStringsW
WaitForMultipleObjects
EncodePointer
GetProcessHeap
OpenMutexA
GetComputerNameW
GetModuleFileNameW
WriteFile
RaiseException
WideCharToMultiByte
GetProcAddress
TlsFree
GetSystemDirectoryW
HeapSetInformation
SetUnhandledExceptionFilter
FindResourceExW
InterlockedIncrement
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
ExitProcess
GetOEMCP
IsDebuggerPresent
TerminateProcess
CreateEventW
GetVersion
IsValidCodePage
LoadResource
FindResourceW
VirtualFree
TlsGetValue
Sleep
IsBadReadPtr
TlsSetValue
GetTickCount
GetCurrentThreadId
OpenEventA
VirtualAlloc
HeapCreate
SetLastError
LeaveCriticalSection
[+] USER32.dll
GetDesktopWindow
GetSystemMetrics
GetSysColor
IsWindow
GetParent
GetWindowRect
AdjustWindowRect
IsWindowVisible
IsZoomed
GetSysColorBrush
GetForegroundWindow
IsWindowUnicode
GetCursor
ChildWindowFromPoint
GetWindow
GetFocus
IsIconic
IsChild
GetClientRect
Number of PE resources by type
JPEG 8
RT_ICON 5
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 14
ENGLISH US 2
PE resources
ExifTool file metadata
SubsystemVersion
5.1

InitializedDataSize
565760

ImageVersion
0.0

ProductName
Installer

FileVersionNumber
15.9.28.27

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
10.0

FileTypeExtension
exe

OriginalFileName
installer.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
15.9.28.27

TimeStamp
2013:07:15 09:51:26+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
installer

ProductVersion
15.9.28.27

FileDescription
Installer

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2012

MachineType
Intel 386 or later, and compatibles

CodeSize
93184

FileSubtype
0

ProductVersionNumber
15.9.28.27

EntryPoint
0xac58

ObjectFileType
Executable application

File identification
MD5 d8c542ced7879d0ca4a1a69d0ca97a53
SHA1 fd4457781569b0f4c2246ee8a9bb41f2783fa00a
SHA256 50f96a25011d60be0a09e97796fe887ba4c3f3c3d31fcda08107069aca62b170
ssdeep
12288:UA9+Rn6S1v1hIDx5+vUTTSVyH3ixe4GlQpKF/OuF+Eu6FKwoJS3kOpUwO5DUd:Cp1NIuqCGmXuFp5FKwoJS3kOpUwO5wd

authentihash a1958918535090d6fba794a02df04f821ef687a0f590d25919126fa31a73f77d
imphash ba61eef3f0de57680d6a1a4bd3ffb5ad
File size 652.7 KB ( 668320 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2013-07-17 15:33:41 UTC ( 3 years, 2 months ago )
Last submission 2013-07-22 10:02:33 UTC ( 3 years, 2 months ago )
File names pcperformersetup.exe
installer
vti-rescan
installer.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!
More comments

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community
No votes. No one has voted on this item yet, be the first one to do so!
More votes
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
Blog | Twitter | | Google groups | ToS | Privacy policy