× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 558ff5162e1bdc89ca0ad55609a3f49d2dc6aed42cd3f35c4a30f4e550f3b8e7
File name: DynomiteSetup-en.exe
Detection ratio: 1 / 69
Analysis date: 2018-08-20 10:05:27 UTC ( 6 months ago )
Antivirus Result Update
CAT-QuickHeal TrojanDropper.Dinwod 20180819
Ad-Aware 20180820
AegisLab 20180820
AhnLab-V3 20180819
Alibaba 20180713
ALYac 20180820
Antiy-AVL 20180820
Arcabit 20180820
Avast 20180820
Avast-Mobile 20180820
AVG 20180820
Avira (no cloud) 20180820
AVware 20180820
Babable 20180725
Baidu 20180820
BitDefender 20180820
Bkav 20180817
ClamAV 20180820
CMC 20180817
Comodo 20180820
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20180820
Cyren 20180820
DrWeb 20180820
eGambit 20180820
Emsisoft 20180820
Endgame 20180730
ESET-NOD32 20180820
F-Prot 20180820
F-Secure 20180820
Fortinet 20180820
GData 20180820
Ikarus 20180820
Sophos ML 20180717
Jiangmin 20180820
K7AntiVirus 20180820
K7GW 20180820
Kaspersky 20180820
Kingsoft 20180820
Malwarebytes 20180820
MAX 20180820
McAfee 20180820
McAfee-GW-Edition 20180820
Microsoft 20180820
eScan 20180820
NANO-Antivirus 20180820
Palo Alto Networks (Known Signatures) 20180820
Panda 20180819
Qihoo-360 20180820
Rising 20180820
SentinelOne (Static ML) 20180701
Sophos AV 20180820
SUPERAntiSpyware 20180820
Symantec 20180820
Symantec Mobile Insight 20180814
TACHYON 20180820
Tencent 20180820
TheHacker 20180818
TotalDefense 20180820
TrendMicro 20180820
TrendMicro-HouseCall 20180820
Trustlook 20180820
VBA32 20180817
VIPRE 20180820
ViRobot 20180820
Webroot 20180820
Yandex 20180818
Zillya 20180820
ZoneAlarm by Check Point 20180820
Zoner 20180819
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 8:13 PM 2/19/2008
Signers
[+] PopCap Games
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2004 CA
Valid from 1:00 AM 9/1/2006
Valid to 12:59 AM 9/22/2009
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint B1F4990C76941CFCE42088B7C4A415BD750A2063
Serial number 3C 61 DF 38 D5 BB 38 36 A8 B4 4B 98 5C 50 44 79
[+] VeriSign Class 3 Code Signing 2004 CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 7/16/2004
Valid to 12:59 AM 7/16/2014
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 197A4AEBDB25F0170079BB8C73CB2D655E0018A4
Serial number 41 91 A1 5A 39 78 DF CF 49 65 66 38 1D 4C 75 C2
[+] VeriSign Class 3 Public Primary CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 1/29/1996
Valid to 12:59 AM 8/2/2028
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm md2RSA
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 1:00 AM 6/15/2007
Valid to 12:59 AM 6/15/2012
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT CAB, appended, UTF-8
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-12-12 20:43:35
Entry Point 0x0002D9BE
Number of sections 4
PE sections
Overlays
MD5 a72f24539b52676c2e3b510103f7eb86
File type data
Offset 368640
Size 3506280
Entropy 8.00
PE imports
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegCreateKeyA
GetDeviceCaps
GetObjectA
BitBlt
DeleteDC
SetBkMode
CreateFontA
GetStockObject
GetTextMetricsA
CreateSolidBrush
DeleteObject
SelectObject
SetBkColor
CreateCompatibleDC
GetTextExtentPoint32W
SetTextColor
GetStdHandle
GetConsoleOutputCP
GetFileAttributesA
WaitForSingleObject
FindNextFileA
HeapDestroy
GetExitCodeProcess
FreeEnvironmentStringsA
DeleteCriticalSection
GetDiskFreeSpaceA
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
GetOEMCP
LocalFree
ResumeThread
InitializeCriticalSection
FindClose
TlsGetValue
SetLastError
InterlockedDecrement
CopyFileA
ExitProcess
GetVersionExA
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointer
CreateThread
SetUnhandledExceptionFilter
GetCurrentProcess
MulDiv
GetSystemDirectoryA
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
ExitThread
FreeLibrary
GetStartupInfoA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetUserDefaultLCID
GetProcessHeap
CompareStringW
ExpandEnvironmentStringsW
FindNextFileW
CompareStringA
FindFirstFileW
IsValidLocale
GetProcAddress
CreateEventA
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
DosDateTimeToFileTime
LCMapStringW
lstrlenA
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
RemoveDirectoryA
GetEnvironmentStrings
GetCurrentProcessId
SetFileTime
WideCharToMultiByte
HeapSize
GetCommandLineA
InterlockedCompareExchange
RaiseException
TlsFree
GetModuleHandleA
ReadFile
FindFirstFileA
CloseHandle
GetACP
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
ResetEvent
SysFreeString
VariantClear
VariantInit
SysAllocString
ShellExecuteExA
SHBrowseForFolderW
SHGetPathFromIDListW
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
MapWindowPoints
ReleaseDC
EndDialog
BeginPaint
SetWindowTextW
KillTimer
EnumChildWindows
SetWindowPos
SendDlgItemMessageA
BeginDeferWindowPos
MessageBoxW
SendMessageW
EndPaint
LoadImageA
DialogBoxParamW
AdjustWindowRectEx
DialogBoxParamA
GetSysColor
DeferWindowPos
GetDC
EndDeferWindowPos
DrawTextA
SetWindowTextA
DestroyIcon
GetWindowLongA
DrawIconEx
GetSystemMetrics
SendMessageA
LoadStringW
GetClientRect
CreateWindowExA
GetDlgItem
DrawFocusRect
SetTimer
FillRect
IsDlgButtonChecked
GetSysColorBrush
GetWindowTextW
GetDesktopWindow
IsWindowUnicode
EnableWindow
GetWindowTextA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
CoUninitialize
CoInitialize
CoCreateGuid
CoCreateInstance
CoInitializeSecurity
StringFromGUID2
Number of PE resources by type
RT_ICON 9
RT_DIALOG 8
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 19
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2007:12:12 21:43:35+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
270336

LinkerVersion
8.0

FileTypeExtension
exe

InitializedDataSize
94208

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x2d9be

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 5f7c2b4341e504f33f70c3db56d7a87b
SHA1 40d1343b80d36a331ba89547dbe216fbbda37cb7
SHA256 558ff5162e1bdc89ca0ad55609a3f49d2dc6aed42cd3f35c4a30f4e550f3b8e7
ssdeep
98304:v1iZkuGouKHGzKwGfjv0iVRXnWWiLMJeoRJD21SlHhhVFJjst:vQZTjuKmzU7vBuW7LU1AHdFJo

authentihash 9615c0f0a5da68b6c782e2e3a53ee1ea4ce98577ce617764fdc056f42b821a07
imphash 8d9abeb48c63383c5e688c3edf84514e
File size 3.7 MB ( 3874920 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (36.1%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win64 Executable (generic) (23.2%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.7%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2008-03-17 12:43:36 UTC ( 10 years, 11 months ago )
Last submission 2018-05-04 23:57:52 UTC ( 9 months, 2 weeks ago )
File names dynomite.exe
141498796238953-DynomiteSetup_en.exe
dynomitesetup-en.exe
ban trung - daniel-sharing.net.exe
DynomiteSetup-en.exe
DynomiteSetup-en2.exe
DynomiteSetup-en.exe
558FF5162E1BDC89CA0AD55609A3F49D2DC6AED42CD3F35C4A30F4E550F3B8E7.exe
filename
ban-trung-khung-long_271.exe
A0006946.EXE
dynomite-deluxe.exe
DynomiteSetup-en.exe
file-219197_exe
file-3176752_exe
5f7c2b4341e504f33f70c3db56d7a87b.40d1343b80d36a331ba89547dbe216fbbda37cb7
DynomiteSetupen.exe
file
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications