× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 57007de9bed989f32ce99017d92c0a2fe22f0779092b756bdbb91af94cf25dce
File name: tunesgo_setup_full2710.exe
Detection ratio: 1 / 67
Analysis date: 2018-01-22 05:52:04 UTC ( 5 months, 3 weeks ago ) View latest
Antivirus Result Update
VBA32 suspected of Trojan.Downloader.gen.h 20180120
Ad-Aware 20180122
AegisLab 20180122
AhnLab-V3 20180121
Alibaba 20180122
ALYac 20180121
Antiy-AVL 20180122
Arcabit 20180122
Avast 20180122
Avast-Mobile 20180121
AVG 20180122
Avira (no cloud) 20180121
AVware 20180121
Baidu 20180122
BitDefender 20180122
Bkav 20180122
CAT-QuickHeal 20180120
ClamAV 20180122
CMC 20180121
Comodo 20180122
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20180122
Cyren 20180122
DrWeb 20180122
eGambit 20180122
Emsisoft 20180122
Endgame 20171130
ESET-NOD32 20180121
F-Prot 20180122
F-Secure 20180122
Fortinet 20180122
GData 20180122
Ikarus 20180121
Sophos ML 20180121
Jiangmin 20180122
K7AntiVirus 20180122
K7GW 20180121
Kaspersky 20180122
Kingsoft 20180122
Malwarebytes 20180121
MAX 20180122
McAfee 20180122
McAfee-GW-Edition 20180122
Microsoft 20180120
eScan 20180122
NANO-Antivirus 20180122
nProtect 20180122
Palo Alto Networks (Known Signatures) 20180122
Panda 20180121
Qihoo-360 20180122
Rising 20180122
SentinelOne (Static ML) 20180115
Sophos AV 20180122
SUPERAntiSpyware 20180121
Symantec 20180122
Symantec Mobile Insight 20180119
Tencent 20180122
TheHacker 20180119
TotalDefense 20180118
TrendMicro 20180122
TrendMicro-HouseCall 20180122
Trustlook 20180122
VIPRE 20180121
ViRobot 20180122
Webroot 20180122
Yandex 20180112
Zillya 20180119
ZoneAlarm by Check Point 20180122
Zoner 20180122
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright©2017 Wondershare. All rights reserved.

Product Wondershare TunesGo (Win) - iOS & Android Devices
File version 2.0.3.3
Description wondershare-tunesgo-(win)---ios-&-android-devices_setup_full2710.exe
Signature verification Signed file, verified signature
Signing date 3:14 AM 5/3/2017
Signers
[+] Wondershare Technology Co.,Ltd
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 2/23/2017
Valid to 12:59 AM 2/24/2018
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint DA678EAB92B7B634C6B7EE0382F5AEF60F736EFC
Serial number 5C CA A8 23 69 A2 6A EE 30 D0 17 61 6B 1C EB 69
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-03 00:46:50
Entry Point 0x00050575
Number of sections 5
PE sections
Overlays
MD5 8a2d07fc0bdc017257e2878c91ffa1d8
File type data
Offset 971776
Size 18072
Entropy 7.38
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
FreeSid
RegQueryInfoKeyW
RegEnumKeyExW
AllocateAndInitializeSid
CheckTokenMembership
RegOpenKeyExW
RegQueryValueExW
Ord(17)
_TrackMouseEvent
GetCharABCWidthsW
GetTextMetricsW
TextOutW
CreateFontIndirectW
SetStretchBltMode
CreatePen
SaveDC
CreateRectRgnIndirect
CombineRgn
GetClipBox
Rectangle
GetDeviceCaps
LineTo
DeleteDC
RestoreDC
SetBkMode
CreateSolidBrush
DeleteObject
GetObjectW
BitBlt
CreateDIBSection
SetTextColor
GetObjectA
ExtTextOutW
MoveToEx
GetStockObject
ExtSelectClipRgn
CreateRoundRectRgn
SelectClipRgn
RoundRect
StretchBlt
CreateCompatibleDC
SelectObject
SetWindowOrgEx
SetBkColor
GetTextExtentPoint32W
CreateCompatibleBitmap
CreatePenIndirect
GetAdaptersAddresses
GetStdHandle
GetConsoleOutputCP
WaitForSingleObject
HeapDestroy
GetFileAttributesW
lstrcmpW
GetExitCodeProcess
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
GetSystemDefaultLCID
SetErrorMode
FreeEnvironmentStringsW
lstrcatW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetEvent
CreateEventW
LoadResource
TlsGetValue
MoveFileW
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
DeviceIoControl
InitializeCriticalSection
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
GetVolumeInformationA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointerEx
SetFilePointer
CreateThread
CreateSemaphoreW
MulDiv
ExitThread
SetEnvironmentVariableA
SetPriorityClass
TerminateProcess
SetUnhandledExceptionFilter
WriteConsoleA
VirtualQuery
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetSystemDirectoryA
GetStartupInfoA
GetDateFormatA
SystemTimeToFileTime
GetFileSize
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CompareStringW
GetFileSizeEx
GetTimeFormatA
IsValidLocale
DuplicateHandle
WaitForMultipleObjects
GetUserDefaultLCID
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
DosDateTimeToFileTime
LCMapStringW
lstrlenA
GetConsoleCP
FindResourceW
LCMapStringA
GetEnvironmentStringsW
lstrlenW
CreateProcessW
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
SetFileTime
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
EnumSystemLocalesA
GetACP
GetModuleHandleW
FreeResource
GetFileAttributesExW
FindResourceExW
SizeofResource
IsValidCodePage
HeapCreate
WriteFile
VirtualFree
Sleep
VirtualAlloc
CompareStringA
SysFreeString
VariantClear
VariantInit
SysAllocString
SHGetFolderPathW
SHBrowseForFolderW
SHFileOperationW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
Shell_NotifyIconW
SHGetMalloc
Ord(165)
PathFileExistsW
SetFocus
MapWindowPoints
GetMonitorInfoW
ReleaseCapture
IntersectRect
GetWindow
GetPropW
PostQuitMessage
GetMessageW
OffsetRect
DefWindowProcW
FindWindowW
GetParent
KillTimer
RegisterClassExW
GetUpdateRect
CharPrevW
ShowWindow
GetWindowLongW
SetWindowPos
EndPaint
wvsprintfW
GetSystemMetrics
IsIconic
MessageBoxW
LoadCursorW
GetWindowRect
InflateRect
EnableWindow
CallWindowProcW
SetCapture
MoveWindow
AppendMenuW
SetPropW
AdjustWindowRectEx
TranslateMessage
GetFocus
PostMessageW
DispatchMessageW
SetActiveWindow
GetDC
GetKeyState
GetCursorPos
ReleaseDC
BeginPaint
CreatePopupMenu
SendMessageW
GetLastActivePopup
PtInRect
IsZoomed
DestroyWindow
SetWindowTextW
SetWindowLongW
DrawTextW
BringWindowToTop
IsWindow
MonitorFromWindow
ScreenToClient
SetRect
InvalidateRect
LoadImageW
SetTimer
GetClientRect
TrackPopupMenu
RegisterClassW
FillRect
GetMenu
CreateAcceleratorTableW
GetWindowTextW
GetClassInfoExW
IsRectEmpty
LoadIconW
GetWindowTextLengthW
CreateWindowExW
wsprintfW
SetForegroundWindow
InvalidateRgn
CharNextW
SetWindowRgn
SetCursor
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
WinHttpConnect
WinHttpQueryHeaders
WinHttpSendRequest
WinHttpCloseHandle
WinHttpSetTimeouts
WinHttpCrackUrl
WinHttpAddRequestHeaders
WinHttpReceiveResponse
WinHttpOpen
WinHttpOpenRequest
socket
closesocket
send
ioctlsocket
WSAStartup
gethostbyname
select
WSACleanup
inet_ntoa
htons
recv
WSAGetLastError
connect
GdipCloneBrush
GdipCreateFontFromDC
GdiplusShutdown
GdipCreateFromHDC
GdipCreateFontFromLogfontA
GdipFree
GdipDrawString
GdipSetStringFormatAlign
GdipCreateStringFormat
GdipDeleteStringFormat
GdipAlloc
GdiplusStartup
GdipDeleteBrush
GdipCreateLineBrushI
GdipSetStringFormatLineAlign
GdipSetTextRenderingHint
GdipDeleteGraphics
GdipDeleteFont
OleLockRunning
CoUninitialize
CoInitialize
CoCreateGuid
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
Number of PE resources by type
RT_ICON 8
XML 3
PNG 2
RT_GROUP_ICON 2
EXE 1
RT_MANIFEST 1
ZIPRES 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 17
NEUTRAL 2
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.0.3.3

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Unicode

InitializedDataSize
523264

EntryPoint
0x50575

MIMEType
application/octet-stream

LegalCopyright
Copyright 2017 Wondershare. All rights reserved.

FileVersion
2.0.3.3

TimeStamp
2017:05:03 01:46:50+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
9.2.1

FileDescription
wondershare-tunesgo-(win)---ios-&-android-devices_setup_full2710.exe

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
447488

ProductName
Wondershare TunesGo (Win) - iOS & Android Devices

ProductVersionNumber
2.0.3.3

Warning
Possibly corrupt Version resource

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
Compressed bundles
File identification
MD5 533fa5c05ea0ae40b8d35517c71bfa4f
SHA1 8ab7aa67256f2f1f173bc7bc783b5f435f61397e
SHA256 57007de9bed989f32ce99017d92c0a2fe22f0779092b756bdbb91af94cf25dce
ssdeep
12288:5Oc9UQpY5GcD5bv0WFl8bESyrq5GBLMQHItrimz4nUtfvHB1+jIQC0V:pyoWFliuq5GecKJz4nUFvv+8p0V

authentihash 5611de9922b855af813fa05e869a17dc6908e172575d7d676cab201a9ca31098
imphash 1d1faa225fe6488361a631ee872ccea3
File size 966.6 KB ( 989848 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows ActiveX control (70.6%)
Win32 Executable MS Visual C++ (generic) (18.9%)
Win32 Dynamic Link Library (generic) (3.9%)
Win32 Executable (generic) (2.7%)
OS/2 Executable (generic) (1.2%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2017-05-03 11:35:18 UTC ( 1 year, 2 months ago )
Last submission 2018-05-22 15:48:06 UTC ( 1 month, 3 weeks ago )
File names ?????.????,??????,???????.exe
tunesgo_setup_full2710.exe
tunesgo_setup_full2710.exe
tunesgo_setup_full2710 (1).exe
1018234
tunesgo_setup_full2710.exe
wondershare-tunesgo-9-5-1.exe
tunesgo_setup_full2710.exe
tunesgo_setup_full2710.exe
tunesgo_setup_full2710.exe
tunesgo_setup_full2710.exe
tunesgo_setup_full2710.exe
tunesgo_full2710.exe
tunesgo_setup_full2710.exe
57007DE9BED989F32CE99017D92C0A2FE22F0779092B756BDBB91AF94CF25DCE.exe
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Searched windows
Hooking activity
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications