× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5777c587ba38b47dea20ed0a48f08696d58aeae7655c7e68d77bcd1bb1267141
File name: 1and1MailFree4.9.exe
Detection ratio: 0 / 64
Analysis date: 2017-09-25 05:44:34 UTC ( 3 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware 20170924
AegisLab 20170924
AhnLab-V3 20170923
Alibaba 20170911
ALYac 20170924
Antiy-AVL 20170924
Arcabit 20170924
Avast 20170924
Avast-Mobile 20170923
AVG 20170924
Avira (no cloud) 20170923
AVware 20170923
Baidu 20170922
BitDefender 20170924
CAT-QuickHeal 20170923
ClamAV 20170924
CMC 20170920
Comodo 20170924
CrowdStrike Falcon (ML) 20170804
Cylance 20170925
Cyren 20170924
DrWeb 20170924
Emsisoft 20170924
Endgame 20170821
ESET-NOD32 20170924
F-Prot 20170924
F-Secure 20170924
Fortinet 20170924
GData 20170924
Ikarus 20170924
Sophos ML 20170914
Jiangmin 20170924
K7AntiVirus 20170924
K7GW 20170924
Kaspersky 20170924
Kingsoft 20170925
Malwarebytes 20170924
MAX 20170924
McAfee 20170924
McAfee-GW-Edition 20170924
Microsoft 20170924
eScan 20170924
NANO-Antivirus 20170924
Palo Alto Networks (Known Signatures) 20170925
Panda 20170924
Qihoo-360 20170925
Rising 20170924
SentinelOne (Static ML) 20170806
Sophos AV 20170923
SUPERAntiSpyware 20170924
Symantec 20170923
Symantec Mobile Insight 20170922
Tencent 20170925
TheHacker 20170921
TotalDefense 20170924
TrendMicro 20170924
TrendMicro-HouseCall 20170924
Trustlook 20170925
VBA32 20170922
VIPRE 20170924
ViRobot 20170924
Webroot 20170925
WhiteArmor 20170829
Yandex 20170908
Zillya 20170922
ZoneAlarm by Check Point 20170924
Zoner 20170924
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
(C) 1and1 Soft

Product 1and1Mail
File version ${VIProductVersion}
Description 1and1Mail Free setup file
Comments 1and1Mail
Signature verification Signed file, verified signature
Signing date 5:07 AM 6/26/2017
Signers
[+] Shijiazhuang Zhengji Internet Technology Co., Ltd.
Status Valid
Issuer WoSign Class 3 Code Signing CA
Valid from 9:28 AM 12/1/2016
Valid to 9:28 AM 1/1/2018
Valid usage Code Signing, 1.3.6.1.4.1.311.2.1.22
Algorithm sha1RSA
Thumbprint 0A3D4D3D1F39853E976B392B539663F4857E1F2B
Serial number 60 33 BF 95 55 47 BC 64 03 B5 7F 43 9E EB AA FE
[+] WoSign Class 3 Code Signing CA
Status Valid
Issuer Certification Authority of WoSign
Valid from 2:00 AM 8/8/2009
Valid to 2:00 AM 8/8/2024
Valid usage Code Signing, 1.3.6.1.4.1.311.2.1.22
Algorithm sha1RSA
Thumbprint 1C554F5B2042DF153C43E156C56F08EED0973EC7
Serial number 46 BB B3 40 FA B9 C1 79 28 93 8C 93 DA 10 86 79
[+] WoSign
Status Valid
Issuer Certification Authority of WoSign
Valid from 2:00 AM 8/8/2009
Valid to 2:00 AM 8/8/2039
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint B94294BF91EA8FB64BE61097C7FB001359B676CB
Serial number 5E 68 D6 11 71 94 63 50 56 00 68 F3 3E C9 C5 91
Counter signers
[+] WoSign Time Stamping Signer
Status Valid
Issuer Certification Authority of WoSign
Valid from 2:00 AM 8/8/2009
Valid to 2:00 AM 8/8/2024
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 5409B56C89BB1A881DE1A32C950D40FD6B94C74E
Serial number 25 1F 5D 98 81 82 17 2E 3C 41 9E 01 4F B0 40 4C
[+] WoSign
Status Valid
Issuer Certification Authority of WoSign
Valid from 2:00 AM 8/8/2009
Valid to 2:00 AM 8/8/2039
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbrint B94294BF91EA8FB64BE61097C7FB001359B676CB
Serial number 5E 68 D6 11 71 94 63 50 56 00 68 F3 3E C9 C5 91
Packers identified
F-PROT NSIS, UTF-8
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-12-11 21:50:52
Entry Point 0x000031A3
Number of sections 5
PE sections
Overlays
MD5 ef7f8b5da7168e661478e7b3acfb879e
File type data
Offset 54272
Size 14025152
Entropy 8.00
PE imports
RegDeleteKeyA
LookupPrivilegeValueA
RegCloseKey
RegDeleteValueA
OpenProcessToken
RegSetValueExA
RegQueryValueExA
AdjustTokenPrivileges
RegEnumKeyA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SelectObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetBkColor
DeleteObject
SetTextColor
GetLastError
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
FreeLibrary
CopyFileA
ExitProcess
SetFileTime
GlobalUnlock
GetModuleFileNameA
DeleteFileA
RemoveDirectoryA
GetShortPathNameA
GetCurrentProcess
LoadLibraryExA
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
ExpandEnvironmentStringsA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GlobalLock
GetFullPathNameA
GetModuleHandleA
GetTempPathA
CreateThread
lstrcmpiA
SetFilePointer
lstrcmpA
ReadFile
WriteFile
FindFirstFileA
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
GetSystemDirectoryA
GetDiskFreeSpaceA
MoveFileExA
GetProcAddress
SetEnvironmentVariableA
SetFileAttributesA
GetExitCodeProcess
MoveFileA
CreateProcessA
lstrcpyA
GlobalAlloc
SearchPathA
FindClose
Sleep
CreateFileA
GetTickCount
GetVersion
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
SHFileOperationA
EmptyClipboard
GetMessagePos
CharPrevA
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
GetClassInfoA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
MessageBoxIndirectA
LoadImageA
GetDlgItemTextA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
FindWindowExA
ReleaseDC
SystemParametersInfoA
CreatePopupMenu
wsprintfA
ShowWindow
SetClipboardData
IsWindowVisible
SendMessageA
DialogBoxParamA
GetClientRect
SetTimer
GetDlgItem
SetForegroundWindow
CreateDialogParamA
SetWindowTextA
EnableMenuItem
ScreenToClient
InvalidateRect
GetWindowLongA
SendMessageTimeoutA
CreateWindowExA
LoadCursorA
TrackPopupMenu
DrawTextA
DestroyWindow
FillRect
RegisterClassA
CharNextA
CallWindowProcA
GetSystemMenu
EndPaint
CloseClipboard
OpenClipboard
ExitWindowsEx
SetCursor
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_DIALOG 5
RT_ICON 4
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 12
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
1and1Mail

InitializedDataSize
162816

ImageVersion
6.0

ProductName
1and1Mail

FileVersionNumber
4.9.0.0

UninitializedDataSize
1024

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
ASCII

LinkerVersion
6.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
${VIProductVersion}

TimeStamp
2016:12:11 22:50:52+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
1and1Mail Free setup file

OSVersion
4.0

FileOS
Win32

LegalCopyright
(C) 1and1 Soft

MachineType
Intel 386 or later, and compatibles

CompanyName
1and1 Soft

CodeSize
25088

FileSubtype
0

ProductVersionNumber
4.9.0.0

EntryPoint
0x31a3

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 696f942f8fa05f6827e51246cd3dc281
SHA1 2dd9ea280d7b973b1735f56ebe7dc784100fafa5
SHA256 5777c587ba38b47dea20ed0a48f08696d58aeae7655c7e68d77bcd1bb1267141
ssdeep
393216:lUb9IXz2atwYrvaTYyAucNhxA7rigG/oDHgvnSU:M9C2E50UhunigqyFU

authentihash 0d77dd40f49f94ffb8c4a656068bcdfa8532f3ddef8f8f38af7c4618b286914a
imphash b78ecf47c0a3e24a6f4af114e2d1f5de
File size 13.4 MB ( 14079424 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
nsis peexe signed overlay

VirusTotal metadata
First submission 2017-06-27 01:44:39 UTC ( 6 months, 3 weeks ago )
Last submission 2017-08-05 16:46:48 UTC ( 5 months, 2 weeks ago )
File names 1and1MailFree4.9.exe
5777C587BA38B47DEA20ED0A48F08696D58AEAE7655C7E68D77BCD1BB1267141.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created mutexes
Runtime DLLs
UDP communications