× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 57b89dd46c912e17dbd3680672135629301e004b124cd08a1ae694ebb3948b7d
File name: BCompare-4.2.0.22302.exe
Detection ratio: 1 / 61
Analysis date: 2017-05-04 14:51:27 UTC ( 5 months, 2 weeks ago ) View latest
Antivirus Result Update
Palo Alto Networks (Known Signatures) generic.pup 20170504
Ad-Aware 20170504
AegisLab 20170504
AhnLab-V3 20170504
Alibaba 20170504
ALYac 20170504
Antiy-AVL 20170504
Arcabit 20170504
Avast 20170504
AVG 20170504
Avira (no cloud) 20170504
AVware 20170504
Baidu 20170503
BitDefender 20170504
Bkav 20170504
CAT-QuickHeal 20170504
ClamAV 20170504
CMC 20170503
Comodo 20170504
CrowdStrike Falcon (ML) 20170130
Cyren 20170504
DrWeb 20170504
Emsisoft 20170504
Endgame 20170503
ESET-NOD32 20170504
F-Prot 20170504
F-Secure 20170504
Fortinet 20170504
GData 20170504
Ikarus 20170504
Sophos ML 20170413
Jiangmin 20170504
K7AntiVirus 20170504
K7GW 20170426
Kaspersky 20170504
Kingsoft 20170504
Malwarebytes 20170504
McAfee 20170504
McAfee-GW-Edition 20170504
Microsoft 20170504
eScan 20170504
NANO-Antivirus 20170504
nProtect 20170504
Panda 20170504
Qihoo-360 20170504
Rising 20170504
SentinelOne (Static ML) 20170330
Sophos AV 20170504
SUPERAntiSpyware 20170504
Symantec 20170504
Symantec Mobile Insight 20170504
Tencent 20170504
TheHacker 20170504
TrendMicro 20170504
TrendMicro-HouseCall 20170504
Trustlook 20170504
VBA32 20170504
VIPRE 20170504
ViRobot 20170504
Webroot 20170504
WhiteArmor 20170502
Yandex 20170503
Zillya 20170504
ZoneAlarm by Check Point 20170504
Zoner 20170504
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2017 Scooter Software, Inc.

Product Beyond Compare 4
File version 4.2.0.22302
Description Beyond Compare 4 Setup
Comments This installation was built with Inno Setup.
Signature verification Signed file, verified signature
Signing date 5:43 PM 4/27/2017
Signers
[+] Scooter Software Inc
Status Valid
Issuer COMODO SHA-256 Code Signing CA
Valid from 1:00 AM 1/15/2016
Valid to 12:59 AM 1/15/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint E85A027E7B7B59564F5D6F943B8B24800A7FD95D
Serial number 3D 90 00 BB 44 34 96 8E 08 07 0C 93 B6 70 D4 ED
[+] COMODO SHA-256 Code Signing CA
Status Valid
Issuer AddTrust External CA Root
Valid from 1:00 AM 12/22/2014
Valid to 11:48 AM 5/30/2020
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint D09E349FD5615F147CF855ACCD3C03B0833A2BC4
Serial number 00 ED 72 DF 71 20 8F 78 36 D0 AB 00 9F CA 97 E0 1F
[+] The USERTrust Network™
Status Valid
Issuer AddTrust External CA Root
Valid from 11:48 AM 5/30/2000
Valid to 11:48 AM 5/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbprint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
Counter signers
[+] COMODO SHA-1 Time Stamping Signer
Status Valid
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 12/31/2015
Valid to 7:40 PM 7/9/2019
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 03A5B14663EB12023091B84A6D6A68BC871DE66B
Serial number 16 88 F0 39 25 5E 63 8E 69 14 39 07 E6 33 0B
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
Packers identified
F-PROT INNO, appended, UTF-8, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-04-27 16:40:27
Entry Point 0x00018824
Number of sections 9
PE sections
Overlays
MD5 6a370b96d7d1b10e3237ecbf9a9bf822
File type data
Offset 475136
Size 21163648
Entropy 8.00
PE imports
RegCloseKey
OpenProcessToken
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
InitCommonControls
GetUserDefaultUILanguage
GetLastError
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
lstrcmpiA
WaitForSingleObject
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetThreadLocale
VirtualProtect
EnumSystemLocalesW
LoadLibraryA
GetCommandLineW
RtlUnwind
lstrlenW
GetExitCodeProcess
CreateProcessW
DeleteCriticalSection
GetStartupInfoA
SizeofResource
GetWindowsDirectoryW
LocalAlloc
LockResource
GetDiskFreeSpaceW
GetModuleHandleW
SetErrorMode
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
EnumCalendarInfoW
GetCPInfo
DeleteFileW
GetProcAddress
GetLocaleInfoW
lstrcpynW
RemoveDirectoryW
CompareStringW
RaiseException
WideCharToMultiByte
GetModuleFileNameW
SetFilePointer
GetSystemDefaultUILanguage
GetFullPathNameW
ReadFile
GetEnvironmentVariableW
InterlockedExchange
CreateDirectoryW
WriteFile
GetCurrentProcess
CloseHandle
ResetEvent
FindFirstFileW
IsValidLocale
GetACP
GetCurrentThreadId
SetEvent
LocalFree
FormatMessageW
GetFileAttributesW
LoadLibraryW
GetSystemDirectoryW
InitializeCriticalSection
LoadResource
FindResourceW
CreateFileW
VirtualQuery
VirtualFree
FindClose
TlsGetValue
Sleep
CreateEventW
SetEndOfFile
TlsSetValue
ExitProcess
GetVersion
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysReAllocStringLen
SysFreeString
SysAllocStringLen
SetWindowLongW
MessageBoxW
PeekMessageW
CharUpperW
LoadStringW
MessageBoxA
CreateWindowExW
MsgWaitForMultipleObjects
TranslateMessage
CallWindowProcW
CharNextW
ExitWindowsEx
DispatchMessageW
DestroyWindow
Number of PE resources by type
RT_ICON 10
RT_STRING 6
RT_RCDATA 3
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 13
NEUTRAL 9
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
This installation was built with Inno Setup.

LinkerVersion
2.25

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
4.2.0.22302

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
377344

EntryPoint
0x18824

MIMEType
application/octet-stream

LegalCopyright
Copyright 2017 Scooter Software, Inc.

FileVersion
4.2.0.22302

TimeStamp
2017:04:27 17:40:27+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

ProductVersion
4.2.0.22302

FileDescription
Beyond Compare 4 Setup

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Scooter Software

CodeSize
96768

ProductName
Beyond Compare 4

ProductVersionNumber
4.2.0.22302

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 e0abd454aa32440d7d0f0ad00d3785ae
SHA1 288e170f29775951694a679978e26bad73740667
SHA256 57b89dd46c912e17dbd3680672135629301e004b124cd08a1ae694ebb3948b7d
ssdeep
393216:cdpdkzFsjT/SZdFH48BIAqiD4Ow8nge2qwgObGfb6/NVfaM2YcwqaCSLToRUfVf:c32zFw/AdFHdBIAqew8x2hgObGfONFqi

authentihash 5e36e0563332a26ad35e1aeb977c824e92fd587bfff13b7d2b441752f365ec30
imphash 514b3f9d429bd0444983f80d69d43bed
File size 20.6 MB ( 21638784 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (45.2%)
Win32 EXE PECompact compressed (generic) (43.6%)
Win32 Executable (generic) (4.7%)
Win16/32 Executable Delphi generic (2.1%)
Generic Win/DOS Executable (2.1%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2017-04-28 22:01:48 UTC ( 5 months, 3 weeks ago )
Last submission 2017-06-02 20:20:46 UTC ( 4 months, 2 weeks ago )
File names BCompareSetup.exe
BCUpdate.exe
BCompare-4.2.0.22302.exe
BCompare-4.2.0.22302.exe
BCUpdate.exe
57B89DD46C912E17DBD3680672135629301E004B124CD08A1AE694EBB3948B7D.exe
BCompare-4.2.0.22302.exe
BCompare-4.2.0.22302.exe
BCUpdate.exe
Beyond.Compare.4.2.Build.22302.exe
BCUpdate.exe
BCompare-4.2.0.22302[1].exe
BCUpdate.exe
BCompare-4.2.0.22302_Downloadly.ir.exe
BCompare-4.2.0.22302.exe
BCUpdate.exe
BCompare-4.2.0.22302.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!