× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 55ea61f42f21ffff099127d221bdc419016763fc6c60a7d8063f0e328be57a7a
File name: setup.exe
Detection ratio: 0 / 56
Analysis date: 2016-03-25 06:10:08 UTC ( 10 months ago ) View latest
Probably harmless! There are strong indicators suggesting that this file is safe to use.
Antivirus Result Update
ALYac 20160325
AVG 20160325
AVware 20160325
Ad-Aware 20160325
AegisLab 20160325
Yandex 20160316
AhnLab-V3 20160324
Alibaba 20160323
Antiy-AVL 20160325
Arcabit 20160325
Avast 20160325
Avira (no cloud) 20160325
Baidu 20160324
Baidu-International 20160324
BitDefender 20160325
Bkav 20160324
ByteHero 20160325
CAT-QuickHeal 20160323
CMC 20160322
ClamAV 20160325
Comodo 20160325
Cyren 20160325
DrWeb 20160325
ESET-NOD32 20160325
Emsisoft 20160325
F-Prot 20160325
F-Secure 20160325
Fortinet 20160325
GData 20160325
Ikarus 20160325
Jiangmin 20160325
K7AntiVirus 20160325
K7GW 20160323
Kaspersky 20160325
Malwarebytes 20160325
McAfee 20160325
McAfee-GW-Edition 20160325
Microsoft 20160325
NANO-Antivirus 20160324
Panda 20160324
Qihoo-360 20160325
Rising 20160325
SUPERAntiSpyware 20160325
Sophos 20160325
Symantec 20160325
Tencent 20160325
TheHacker 20160325
TotalDefense 20160325
TrendMicro 20160325
TrendMicro-HouseCall 20160325
VBA32 20160324
VIPRE 20160325
ViRobot 20160325
Zillya 20160324
Zoner 20160325
nProtect 20160324
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© 2012 Kaspersky Lab ZAO. All Rights Reserved.

Product Kaspersky Installer
Original name Setup
File version 12.0.1.808.15
Description Kaspersky Installer [12.0.1.808.15]
Signature verification Signed file, verified signature
Signing date 9:34 AM 4/30/2015
Signers
[+] Kaspersky Lab
Status Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer DigiCert High Assurance Code Signing CA-1
Valid from 1:00 AM 4/10/2015
Valid to 1:00 PM 6/1/2017
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint F312907276B8C863A16E3261C7C181F91761ECEE
Serial number 01 36 F0 FB 19 F2 0B 6F C2 1F 52 5C 1E 25 60 1F
[+] DigiCert High Assurance Code Signing CA-1
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 1:00 PM 2/11/2011
Valid to 1:00 PM 2/10/2026
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint E308F829DC77E80AF15EDD4151EA47C59399AB46
Serial number 02 C4 D1 E5 8A 4A 68 0C 56 8D A3 04 7E 7E 4D 5F
[+] DigiCert High Assurance EV Root CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer GTE CyberTrust Global Root
Valid from 8:20 PM 1/13/2010
Valid to 7:19 PM 9/30/2015
Valid usage All
Algorithm sha1RSA
Thumbprint 6751188F0E5563593233300564359411585B0C33
Serial number 07 27 58 3D
[+] DigiCert Global Root
Status Valid
Issuer GTE CyberTrust Global Root
Valid from 1:29 AM 8/13/1998
Valid to 12:59 AM 8/14/2018
Valid usage Email Protection, Client Auth, Server Auth, Code Signing
Algorithm md5RSA
Thumbprint 97817950D81C9670CC34D809CF794431367EF474
Serial number 01 A5
Counter signers
[+] GlobalSign TSA for MS Authenticode - G2
Status Valid
Issuer GlobalSign Timestamping CA - G2
Valid from 1:00 AM 2/3/2015
Valid to 1:00 AM 3/3/2026
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint B36308B4D4CDED4FCFBD66B955FAE3BFB12C29E6
Serial number 11 21 06 A0 81 D3 3F D8 7A E5 82 4C C1 6B 52 09 4E 03
[+] GlobalSign Timestamping CA - G2
Status Valid
Issuer GlobalSign Root CA
Valid from 11:00 AM 4/13/2011
Valid to 1:00 PM 1/28/2028
Valid usage All
Algorithm sha1RSA
Thumbrint C0E49D2D7D90A5CD427F02D9125694D5D6EC5B71
Serial number 04 00 00 00 00 01 2F 4E E1 52 D7
[+] GlobalSign
Status Valid
Issuer GlobalSign Root CA
Valid from 1:00 PM 9/1/1998
Valid to 1:00 PM 1/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbrint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-30 08:02:46
Entry Point 0x00011ADA
Number of sections 4
PE sections
Overlays
MD5 d6645c45413e12c1a185affe2e7022bd
File type data
Offset 708608
Size 9048
Entropy 7.34
PE imports
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
InitCommonControlsEx
GetDeviceCaps
SelectClipRgn
DeleteObject
GetStockObject
CreateRectRgn
GetStdHandle
GetConsoleOutputCP
WaitForSingleObject
HeapDestroy
GetFileAttributesW
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
EnumResourceLanguagesW
WideCharToMultiByte
GetStringTypeA
GetDiskFreeSpaceW
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
FormatMessageW
InitializeCriticalSection
LoadResource
FindClose
TlsGetValue
MoveFileW
SetFileAttributesW
SetLastError
GetUserDefaultUILanguage
CopyFileW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
EnumSystemLocalesA
SetConsoleCtrlHandler
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FatalAppExitA
FlushInstructionCache
GetModuleHandleA
CreateThread
MoveFileExW
GetSystemDirectoryW
SetUnhandledExceptionFilter
CreateMutexW
IsProcessorFeaturePresent
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
SetCurrentDirectoryW
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
LoadLibraryW
GetVersionExW
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
GetFileSize
LCMapStringW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
GetTempFileNameW
EnumResourceNamesW
CompareStringW
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
GetTimeFormatA
FindFirstFileW
IsValidLocale
GetProcAddress
GetTempPathW
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
SetStdHandle
GlobalFree
GetConsoleCP
FindResourceW
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
InterlockedCompareExchange
GetCurrentThread
lstrcpynW
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GlobalLock
GetModuleHandleW
FreeResource
GetEnvironmentStrings
IsValidCodePage
HeapCreate
FindResourceExW
VirtualFree
Sleep
VirtualAlloc
GetOEMCP
CompareStringA
SysFreeString
UuidCreate
SHGetFolderPathW
ShellExecuteW
ShellExecuteExW
MapWindowPoints
GetParent
EndDialog
PostQuitMessage
DefWindowProcW
GetMessageW
ShowWindow
MessageBeep
SetWindowPos
wvsprintfW
SetWindowLongW
MessageBoxW
GetWindowRect
DialogBoxParamW
CharLowerW
TranslateMessage
GetWindow
PostMessageW
SetDlgItemTextW
DispatchMessageW
CreateDialogParamW
ReleaseDC
SendMessageW
UnregisterClassA
GetWindowLongW
SetWindowTextW
GetDlgItem
SystemParametersInfoW
IsWindow
LoadImageW
GetClassNameW
IsDialogMessageW
GetActiveWindow
GetClientRect
GetWindowTextW
CheckDlgButton
GetWindowTextLengthW
GetDC
wsprintfW
DestroyWindow
DrawThemeParentBackground
CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize
CoInitialize
Number of PE resources by type
RT_STRING 8
RT_DIALOG 5
RT_ICON 5
DLG_BACKGROUND 2
RT_MANIFEST 1
Struct(255) 1
EXTRAFILES 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 25
PE resources
Debug information
ExifTool file metadata
SpecialBuild
15

LegalTrademarks
Registered trademarks and service marks are the property of their respective owners.

SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
12.0.1.808

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Kaspersky Installer [12.0.1.808.15]

CharacterSet
Unicode

InitializedDataSize
475136

EntryPoint
0x11ada

OriginalFileName
Setup

MIMEType
application/octet-stream

LegalCopyright
2012 Kaspersky Lab ZAO. All Rights Reserved.

FileVersion
12.0.1.808.15

TimeStamp
2015:04:30 09:02:46+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
12.0.1.808.15

UninitializedDataSize
0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Kaspersky Lab

CodeSize
229376

ProductName
Kaspersky Installer

ProductVersionNumber
12.0.1.808

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
Compressed bundles
File identification
MD5 0d7e51c37a27951bbd527624b30f3b00
SHA1 14cc9e061d2838c96a561e4b259dea64daa1860d
SHA256 55ea61f42f21ffff099127d221bdc419016763fc6c60a7d8063f0e328be57a7a
ssdeep
6144:lzr2ikT8ex1kRTmpMS8+6iQn3uEVD7w0ZNF5LqiVE1xRV:tkT8E1rMbBV3JmiKxRV

authentihash 2278457eac1a717f0c868c4d996bea0dc695415270658d6372e39450d61fb752
imphash b6183d8b57a77633c78054bcff1561cc
File size 700.8 KB ( 717656 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
revoked-cert peexe signed overlay

VirusTotal metadata
First submission 2015-05-19 18:35:34 UTC ( 1 year, 8 months ago )
Last submission 2016-07-18 14:06:36 UTC ( 6 months, 1 week ago )
File names setup(1).exe
689372
kaspersky setup.exe
kaspersky-setup.exe
setup[1].exe
setup.exe
Kasperski SecurityScanner.exe
setup (2).exe
setup.exe
setup (4).exe
setup.exe
setup (2).exe
setup (2).exe
setup.exe
Kaspersky Security Scan setup.exe
setup (1).exe
setup.exe
setup-5.exe
Kaspersky2015.exe
Setup
setup.exe
setup-2.exe
setup.exe
setup.exe
setup-1.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.