× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5670b5d7acb51b38142cc73ddd5853864c7741230f96fcde8eedcd7e2cedce32
File name: 32bwsx.exe
Detection ratio: 0 / 68
Analysis date: 2018-01-09 17:50:34 UTC ( 1 year, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware 20180109
AegisLab 20180109
AhnLab-V3 20180109
Alibaba 20180109
ALYac 20180109
Antiy-AVL 20180109
Arcabit 20180109
Avast 20180109
Avast-Mobile 20180109
AVG 20180109
Avira (no cloud) 20180109
AVware 20180103
Baidu 20180109
BitDefender 20180109
Bkav 20180106
CAT-QuickHeal 20180109
ClamAV 20180109
CMC 20180109
Comodo 20180109
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20180109
Cyren 20180109
DrWeb 20180109
eGambit 20180109
Emsisoft 20180109
Endgame 20171130
ESET-NOD32 20180109
F-Prot 20180109
F-Secure 20180109
Fortinet 20180109
GData 20180109
Ikarus 20180109
Sophos ML 20170914
Jiangmin 20180109
K7AntiVirus 20180109
K7GW 20180109
Kaspersky 20180109
Kingsoft 20180109
Malwarebytes 20180109
MAX 20180109
McAfee 20180109
McAfee-GW-Edition 20180109
Microsoft 20180109
eScan 20180109
NANO-Antivirus 20180109
nProtect 20180109
Palo Alto Networks (Known Signatures) 20180109
Panda 20180109
Qihoo-360 20180109
Rising 20180106
SentinelOne (Static ML) 20171224
Sophos AV 20180109
SUPERAntiSpyware 20180109
Symantec 20180109
Symantec Mobile Insight 20180109
Tencent 20180109
TheHacker 20180108
TotalDefense 20180109
TrendMicro 20180109
TrendMicro-HouseCall 20180109
Trustlook 20180109
VBA32 20180109
VIPRE 20180109
ViRobot 20180109
Webroot 20180109
WhiteArmor 20171226
Yandex 20180109
Zillya 20180108
ZoneAlarm by Check Point 20180109
Zoner 20180109
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © since 1990

Product 32bit Web Browser Installation
Original name 32bwsx.exe
Internal name 32bwsx.exe
File version 10.06.01
Description 32bit Web Browser Installer
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 2:57 AM 9/23/2018
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-11-30 00:41:17
Entry Point 0x0000800D
Number of sections 4
PE sections
Overlays
MD5 2212a4423dc31c7b72b5cbf1f0e4a899
File type data
Offset 1048576
Size 4304
Entropy 7.26
PE imports
RegDeleteKeyA
RegCloseKey
RegSetValueExA
RegQueryValueExA
GetUserNameA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
SetMapMode
PatBlt
SaveDC
TextOutA
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetBkMode
DeleteObject
IntersectClipRect
BitBlt
SetTextColor
GetObjectA
CreateBitmap
RectVisible
GetStockObject
CreateDIBitmap
SetViewportOrgEx
ScaleWindowExtEx
ExtTextOutA
PtVisible
GetTextExtentPointA
CreateCompatibleDC
ScaleViewportExtEx
SelectObject
SetWindowExtEx
CreateSolidBrush
Escape
SetBkColor
SetViewportExtEx
GetStdHandle
FileTimeToSystemTime
GetFileAttributesA
GetDriveTypeA
HeapDestroy
IsBadCodePtr
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetCurrentDirectoryA
LocalAlloc
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetFileTime
WideCharToMultiByte
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
GetOEMCP
LocalFree
MoveFileA
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
InterlockedDecrement
SetLastError
GetEnvironmentVariableA
GlobalFindAtomA
HeapAlloc
GetVersionExA
RemoveDirectoryA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
SetFileAttributesA
GlobalAddAtomA
SetUnhandledExceptionFilter
MulDiv
SetEnvironmentVariableA
TerminateProcess
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
SetCurrentDirectoryA
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
FreeLibrary
GetTickCount
IsBadWritePtr
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GlobalDeleteAtom
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetProcAddress
CompareStringW
GlobalReAlloc
lstrcmpA
FindFirstFileA
lstrcpyA
GetProfileStringA
CompareStringA
FindNextFileA
GlobalLock
GetTimeZoneInformation
CopyFileA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LocalReAlloc
LCMapStringW
lstrlenA
GlobalFree
LCMapStringA
GlobalGetAtomNameA
GetEnvironmentStringsW
GlobalUnlock
GetModuleFileNameA
FileTimeToLocalFileTime
GetEnvironmentStrings
WritePrivateProfileStringA
LockResource
SetFileTime
GetCPInfo
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
lstrcpynA
GetACP
GetVersion
SizeofResource
HeapCreate
VirtualFree
Sleep
IsBadReadPtr
GetProcessVersion
FindResourceA
VirtualAlloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc
SHGetSpecialFolderPathA
ShellExecuteA
MapWindowPoints
SetDlgItemTextA
GetMessagePos
SetMenuItemBitmaps
DestroyMenu
PostQuitMessage
GetForegroundWindow
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
GrayStringA
WindowFromPoint
GetMessageTime
SetActiveWindow
GetMenuItemID
GetCursorPos
ReleaseDC
GetDlgCtrlID
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
GetNextDlgTabItem
CallNextHookEx
GetWindowTextLengthA
ClientToScreen
GetTopWindow
ExcludeUpdateRgn
GetActiveWindow
GetWindowTextA
DestroyWindow
GetMessageA
GetParent
UpdateWindow
SetPropA
GetMenuState
ShowWindow
GetPropA
ValidateRect
EnableWindow
LoadImageA
GetDlgItemTextA
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
CheckRadioButton
LoadStringA
GetWindowPlacement
IsIconic
RegisterClassA
TabbedTextOutA
GetWindowLongA
CreateWindowExA
CopyRect
GetSysColorBrush
IsWindowUnicode
PtInRect
IsDialogMessageA
SetFocus
BeginPaint
OffsetRect
RegisterWindowMessageA
DefWindowProcA
DrawFocusRect
SendDlgItemMessageA
GetSystemMetrics
EnableMenuItem
GetWindowRect
InflateRect
PostMessageA
DrawIcon
SetWindowLongA
RemovePropA
SetWindowTextA
ShowCaret
GetSubMenu
GetLastActivePopup
GetDlgItem
GetMenuCheckMarkDimensions
ScreenToClient
GetClassLongA
CreateDialogIndirectParamA
LoadCursorA
LoadIconA
SetWindowsHookExA
GetMenuItemCount
IsDlgButtonChecked
GetDesktopWindow
GetDC
SetForegroundWindow
PostThreadMessageA
DrawTextA
IntersectRect
EndDialog
HideCaret
CharNextA
GetCapture
CheckMenuItem
UnhookWindowsHookEx
RegisterClipboardFormatA
MessageBoxA
GetWindowDC
AdjustWindowRectEx
GetSysColor
GetKeyState
SystemParametersInfoA
IsWindowVisible
WinHelpA
InvalidateRect
wsprintfA
DefDlgProcA
CallWindowProcA
GetClassNameA
GetFocus
ModifyMenuA
SetCursor
OpenPrinterA
DocumentPropertiesA
ClosePrinter
OleUninitialize
OleInitialize
CoRevokeClassObject
OleFlushClipboard
CoCreateInstance
CoFreeUnusedLibraries
CoRegisterMessageFilter
OleIsCurrentClipboard
Number of PE resources by type
RT_STRING 12
RT_RCDATA 7
RT_BITMAP 5
RT_DIALOG 4
RT_ICON 2
RT_CURSOR 2
RT_GROUP_CURSOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 35
PE resources
ExifTool file metadata
CodeSize
118784

SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
32bit Web Browser Installer

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
950272

EntryPoint
0x800d

OriginalFileName
32bwsx.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright since 1990

FileVersion
10.06.01

TimeStamp
2017:11:30 01:41:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
32bwsx.exe

ProductVersion
10.06.01

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
ElectraSoft

LegalTrademarks
ElectraSoft, 32bit Web Browser

ProductName
32bit Web Browser Installation

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 6a2f41ed121be7306a3b96f6068dc9d5
SHA1 a757185b02a809e9dd09ac4a63edb8f6d0c7a798
SHA256 5670b5d7acb51b38142cc73ddd5853864c7741230f96fcde8eedcd7e2cedce32
ssdeep
12288:HP2wrnIwS3eTHG/3unrtTi/LsfV2AgygwuX0yFyz:HP2wrn7SmQgi/LsfVeygwk0yFyz

authentihash 952914b4be4eb309d28d6e6c12a1842f97b3ce08f7a7c7acd2230807652adb58
imphash 3939abde5434dd98e9c954580939d71d
File size 1.0 MB ( 1052880 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (36.1%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win64 Executable (generic) (23.2%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-11-30 07:40:14 UTC ( 1 year, 2 months ago )
Last submission 2018-05-14 17:30:39 UTC ( 9 months, 2 weeks ago )
File names 1034657
32bwsx.exe
32bwsx.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs