× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 542244892cf530c1f8e50be45c4f12c4b5ce076c0144487acf8a3a9d813e52df
File name: SETUP.EXE
Detection ratio: 56 / 68
Analysis date: 2017-12-29 19:40:26 UTC ( 6 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Worm.Generic.227211 20171225
AegisLab W32.W.Koobface.kZ1f 20171229
AhnLab-V3 Win32/Koobface.worm.43008.IR 20171229
ALYac Worm.Generic.227211 20171229
Antiy-AVL Worm[Net]/Win32.Koobface 20171229
Arcabit Worm.Generic.D3778B 20171229
Avast Win32:AutoRun-BFD [Trj] 20171229
AVG Win32:AutoRun-BFD [Trj] 20171229
Avira (no cloud) TR/Crypt.XPACK.Gen 20171229
AVware Worm.Win32.Koobface.u (v) 20171229
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9972 20171227
BitDefender Worm.Generic.227211 20171229
Bkav HW32.Packed.4908 20171229
ClamAV Win.Worm.Koobface-619 20171229
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20171016
Cybereason malicious.1b8fb7 20171103
Cylance Unsafe 20171229
Cyren W32/Koobface.J.gen!Eldorado 20171229
DrWeb Trojan.Packed.19706 20171229
Emsisoft Worm.Generic.227211 (B) 20171229
Endgame malicious (high confidence) 20171130
ESET-NOD32 Win32/Koobface.NCL 20171229
F-Prot W32/Worm.BKWU 20171229
F-Secure Worm.Generic.227211 20171229
Fortinet W32/Krap.AR!tr 20171229
GData Worm.Generic.227211 20171229
Ikarus Net-Worm.Win32.Koobface 20171229
Sophos ML heuristic 20170914
Jiangmin Worm/Koobface.aky 20171229
K7AntiVirus NetWorm ( 00133d201 ) 20171229
K7GW NetWorm ( 00133d201 ) 20171229
Kaspersky Net-Worm.Win32.Koobface.fag 20171229
MAX malware (ai score=87) 20171229
McAfee W32/Koobface.worm.gen.aj 20171229
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.pc 20171229
Microsoft Worm:Win32/Koobface.U 20171229
eScan Worm.Generic.227211 20171229
NANO-Antivirus Trojan.Win32.Koobface.rogv 20171229
nProtect Worm/W32.Koobface.43008.E 20171229
Panda W32/Koobface.II.worm 20171229
Qihoo-360 Malware.Radar01.Gen 20171229
SentinelOne (Static ML) static engine - malicious 20171224
Sophos AV Mal/Ramnit-ZZ 20171229
Symantec Trojan.Sasfis 20171228
Tencent Win32.Worm-net.Koobface.Pbpn 20171229
TheHacker W32/Koobface.ewz 20171229
TotalDefense Win32/Koobface.KH 20171229
TrendMicro WORM_KUBFACE.SMF 20171229
TrendMicro-HouseCall WORM_KUBFACE.SMF 20171229
VBA32 TScope.Malware-Cryptor.SB 20171229
VIPRE Worm.Win32.Koobface.u (v) 20171229
ViRobot Worm.Win32.Net-Koobface.43008.C 20171229
Webroot W32.Malware.Gen 20171229
Yandex Worm.Koobface!DlbxfwZnqro 20171225
Zillya Worm.Koobface.Win32.5291 20171229
ZoneAlarm by Check Point Net-Worm.Win32.Koobface.fag 20171229
Alibaba 20171229
Avast-Mobile 20171229
CAT-QuickHeal 20171229
CMC 20171229
Comodo 20171228
eGambit 20171229
Kingsoft 20171229
Malwarebytes 20171229
Palo Alto Networks (Known Signatures) 20171229
Rising 20171229
SUPERAntiSpyware 20171229
Symantec Mobile Insight 20171228
Trustlook 20171229
WhiteArmor 20171226
Zoner 20171229
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© 2004-2006 by Alexander Avdonin

Product TaskSwitchXP
File version 2.0.12.0
Description TaskSwitchXP Installer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2000-06-28 10:00:58
Entry Point 0x00001063
Number of sections 4
PE sections
PE imports
RegQueryValueExA
ImageList_SetIconSize
GetSaveFileNameA
UnrealizeObject
ImmSetCompositionWindow
CreateStreamOnHGlobal
GetErrorInfo
SysFreeString
SafeArrayPtrOfIndex
SHGetSpecialFolderLocation
Shell_NotifyIconA
CreateWindowExA
GetKeyboardType
VerQueryValueA
OpenPrinterA
WSACleanup
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2000:06:28 11:00:58+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
6144

LinkerVersion
7.1

FileTypeExtension
exe

InitializedDataSize
6144

SubsystemVersion
4.0

EntryPoint
0x1063

OSVersion
4.0

ImageVersion
5.1

UninitializedDataSize
26624

File identification
MD5 464f25d0b68452cc65cb972a0c739473
SHA1 780c9a88bbd12f6f703f86310bf58f2e856e498b
SHA256 542244892cf530c1f8e50be45c4f12c4b5ce076c0144487acf8a3a9d813e52df
ssdeep
768:sUSTzphi72/iybVKrV+t3DZd9XTNcLHYFsfJHFxpaTvzTmIbfdbp632UIas:xSTzn/9n9XwYKfFTETPdbq2UIz

authentihash a40a7942b13405d3d014f3a49d9cba146cba9263efdc98a0acc73c471cf4f836
imphash 6dc4b5266d666e2620830d6bc1f700e2
File size 42.0 KB ( 43008 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows screen saver (46.4%)
Win32 Dynamic Link Library (generic) (23.3%)
Win32 Executable (generic) (15.9%)
Generic Win/DOS Executable (7.1%)
DOS Executable Generic (7.0%)
Tags
peexe

VirusTotal metadata
First submission 2010-02-07 15:01:21 UTC ( 8 years, 5 months ago )
Last submission 2017-12-29 19:40:26 UTC ( 6 months, 2 weeks ago )
File names SETUP.EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!