× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 57eb944690070ed7b0a9adca6a9317799e2e055ea90c8ef9dd1fe1b408b46214
File name: setupattacktracer.exe
Detection ratio: 0 / 70
Analysis date: 2019-01-09 14:18:21 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
Acronis 20181227
Ad-Aware 20190109
AegisLab 20190109
AhnLab-V3 20190109
Alibaba 20180921
ALYac 20190109
Antiy-AVL 20190109
Arcabit 20190109
Avast 20190109
Avast-Mobile 20190109
AVG 20190109
Avira (no cloud) 20190109
Babable 20180918
Baidu 20190109
BitDefender 20190109
Bkav 20190108
CAT-QuickHeal 20190109
ClamAV 20190109
CMC 20190109
Comodo 20190109
CrowdStrike Falcon (ML) 20181022
Cybereason 20190109
Cylance 20190109
Cyren 20190109
DrWeb 20190109
eGambit 20190109
Emsisoft 20190109
Endgame 20181108
ESET-NOD32 20190109
F-Prot 20190109
F-Secure 20190109
Fortinet 20190109
GData 20190109
Ikarus 20190109
Sophos ML 20181128
Jiangmin 20190109
K7AntiVirus 20190109
K7GW 20190109
Kaspersky 20190109
Kingsoft 20190109
MAX 20190109
McAfee 20190109
McAfee-GW-Edition 20190109
Microsoft 20190109
eScan 20190109
NANO-Antivirus 20190109
Palo Alto Networks (Known Signatures) 20190109
Panda 20190109
Qihoo-360 20190109
Rising 20190109
SentinelOne (Static ML) 20181223
Sophos AV 20190109
SUPERAntiSpyware 20190102
Symantec 20190109
TACHYON 20190109
Tencent 20190109
TheHacker 20190106
TotalDefense 20190109
Trapmine 20190103
TrendMicro 20190109
TrendMicro-HouseCall 20190109
Trustlook 20190109
VBA32 20190109
VIPRE 20190108
ViRobot 20190109
Webroot 20190109
Yandex 20181229
Zillya 20190109
ZoneAlarm by Check Point 20190109
Zoner 20190109
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (c) 2014 Flexera Software LLC. All Rights Reserved.

Product AttackTracer
Original name InstallShield Setup.exe
Internal name Setup
File version 1.25.0002
Description Setup Launcher Unicode
Signature verification Signed file, verified signature
Signing date 7:27 PM 2/19/2016
Signers
[+] Servolutions GmbH
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Go Daddy Secure Certificate Authority - G2
Valid from 10:47 AM 02/16/2016
Valid to 10:47 AM 02/16/2017
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint D7D1025FADDAD436526AD20C408AB405C0E10F58
Serial number 01 0D 46 2E 2B DA F3 76
[+] Go Daddy Secure Certificate Authority - G2
Status Valid
Issuer Go Daddy Root Certificate Authority - G2
Valid from 06:00 AM 05/03/2011
Valid to 06:00 AM 05/03/2031
Valid usage All
Algorithm sha256RSA
Thumbprint 27AC9369FAF25207BB2627CEFACCBE4EF9C319B8
Serial number 07
[+] Go Daddy Root Certificate Authority - G2
Status Valid
Issuer Go Daddy Class 2 Certification Authority
Valid from 07:00 AM 01/01/2014
Valid to 06:00 AM 05/30/2031
Valid usage All
Algorithm sha256RSA
Thumbprint 340B2880F446FCC04E59ED33F52B3D08D6242964
Serial number 1B E7 15
[+] Go Daddy Class 2 Certification Authority
Status Valid
Issuer Go Daddy Class 2 Certification Authority
Valid from 04:06 PM 06/29/2004
Valid to 04:06 PM 06/29/2034
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 2796BAE63F1801E277261BA0D77770028F20EEE4
Serial number 00
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 11:00 PM 10/17/2012
Valid to 11:59 PM 12/29/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 12/21/2012
Valid to 11:59 PM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 01/01/1997
Valid to 11:59 PM 12/31/2020
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-17 22:51:43
Entry Point 0x000A5F7C
Number of sections 4
PE sections
Overlays
MD5 9f50168618273f8ce83f254fe63246bf
File type data
Offset 1563648
Size 1730768
Entropy 8.00
PE imports
SetSecurityDescriptorOwner
RegCreateKeyExW
RegCloseKey
RegCreateKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW
SetSecurityDescriptorDacl
OpenProcessToken
RegEnumKeyW
RegOpenKeyExW
RegOpenKeyW
GetTokenInformation
RegQueryInfoKeyW
RegEnumKeyExW
OpenThreadToken
RegEnumValueW
RegSetValueExW
FreeSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
EqualSid
SetSecurityDescriptorGroup
GetDIBColorTable
SetMapMode
GetSystemPaletteEntries
PatBlt
PlayMetaFile
SaveDC
CreateHalftonePalette
SetStretchBltMode
SetMetaFileBitsEx
GetDeviceCaps
TranslateCharsetInfo
DeleteDC
RestoreDC
SetBkMode
CreateFontIndirectW
CreateBitmap
CreateFontW
SetPixel
SetWindowOrgEx
GetObjectW
BitBlt
RealizePalette
SetTextColor
CreatePatternBrush
GetTextExtentPoint32W
CreateDCW
CreatePalette
GetStockObject
CreateDIBitmap
SetViewportOrgEx
SelectPalette
UnrealizeObject
SelectClipRgn
CreateCompatibleDC
StretchBlt
CreateRectRgn
SelectObject
SetWindowExtEx
CreateSolidBrush
SetViewportExtEx
SetBkColor
DeleteObject
CreateCompatibleBitmap
DeleteMetaFile
GetPrivateProfileSectionNamesA
GetStdHandle
GetDriveTypeW
WaitForSingleObject
HeapAlloc
EncodePointer
GetFileAttributesW
DuplicateHandle
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
lstrcatA
UnhandledExceptionFilter
SetErrorMode
FreeEnvironmentStringsW
lstrcatW
GetThreadContext
GetLocaleInfoW
SetStdHandle
GetFileTime
GetPrivateProfileSectionW
GetCPInfo
lstrcmpiA
GetDiskFreeSpaceW
InterlockedExchange
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
FormatMessageW
ResumeThread
OutputDebugStringW
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
TlsGetValue
CopyFileW
GetUserDefaultLangID
LoadResource
RemoveDirectoryW
IsDebuggerPresent
ExitProcess
VerLanguageNameW
RaiseException
LoadLibraryExA
GetPrivateProfileStringA
SetConsoleCtrlHandler
WritePrivateProfileSectionW
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
FatalAppExitA
SetFilePointerEx
FlushInstructionCache
GetPrivateProfileStringW
CreateThread
MoveFileExW
GetSystemDirectoryW
GetExitCodeThread
CreateSemaphoreW
MulDiv
IsProcessorFeaturePresent
ExitThread
DecodePointer
SetThreadContext
TerminateProcess
SetUnhandledExceptionFilter
GetModuleHandleExW
SetCurrentDirectoryW
GlobalAlloc
SetEndOfFile
GetVersion
LeaveCriticalSection
WriteConsoleW
CreateToolhelp32Snapshot
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
lstrcmpiW
RtlUnwind
GetWindowsDirectoryW
GetFileSize
WriteProcessMemory
OpenProcess
GetPrivateProfileIntA
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
VirtualProtectEx
GetProcessHeap
GetTempFileNameW
CreateFileMappingW
WriteFile
CompareStringW
lstrcpyW
GetModuleFileNameW
ExpandEnvironmentStringsW
lstrcmpA
FindNextFileW
lstrcpyA
CompareStringA
FindFirstFileW
IsValidLocale
lstrcmpW
GetProcAddress
SetEvent
ReadConsoleW
CreateEventW
SearchPathW
CreateFileW
GetFileType
TlsSetValue
GetCurrentThreadId
InterlockedIncrement
GetLastError
IsValidCodePage
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
GetTimeFormatW
GetProcessTimes
GetEnvironmentStringsW
GlobalUnlock
VirtualQuery
lstrlenW
Process32NextW
FileTimeToLocalFileTime
SizeofResource
CompareFileTime
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
Process32FirstW
GetCurrentThread
lstrcpynW
GetSystemDefaultLangID
QueryPerformanceFrequency
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
GlobalLock
GetModuleHandleW
FreeResource
FindResourceExW
GetCurrentDirectoryW
UnmapViewOfFile
FindResourceW
CreateProcessW
Sleep
IsBadReadPtr
GetOEMCP
ResetEvent
VarBstrCmp
VarUI4FromStr
VarBstrCat
SysStringLen
SystemTimeToVariantTime
SysStringByteLen
CreateErrorInfo
SysAllocStringLen
VarBstrFromDate
VariantChangeType
VariantClear
SysAllocString
SysReAllocStringLen
RegisterTypeLib
LoadTypeLib
GetErrorInfo
SysFreeString
SysAllocStringByteLen
SetErrorInfo
UuidFromStringW
UuidCreate
UuidToStringW
RpcStringFreeW
SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetMalloc
CommandLineToArgvW
MapWindowPoints
DrawTextW
PostQuitMessage
SetWindowPos
IsWindow
EndPaint
SetActiveWindow
DispatchMessageW
MapDialogRect
GetDlgCtrlID
SendMessageW
GetClientRect
GetDlgItemTextW
LoadImageW
GetWindowTextW
MsgWaitForMultipleObjects
DestroyWindow
GetParent
UpdateWindow
GetPropW
GetMessageW
ShowWindow
SetPropW
PeekMessageW
EnableWindow
CharUpperW
TranslateMessage
GetWindow
RegisterClassW
DrawFocusRect
SetTimer
IsDialogMessageW
FillRect
MonitorFromPoint
CopyRect
WaitForInputIdle
GetSysColorBrush
CreateWindowExW
GetWindowLongW
CharNextW
SetFocus
BeginPaint
DefWindowProcW
KillTimer
CharPrevW
GetSystemMetrics
SetWindowLongW
GetWindowRect
InflateRect
DrawIcon
EnumChildWindows
SendDlgItemMessageW
PostMessageW
CreateDialogParamW
SetWindowTextW
GetDlgItem
RemovePropW
ScreenToClient
DialogBoxIndirectParamW
GetDesktopWindow
LoadCursorW
LoadIconW
FindWindowExW
GetDC
SetForegroundWindow
ExitWindowsEx
CreateDialogIndirectParamW
ReleaseDC
IntersectRect
EndDialog
FindWindowW
wvsprintfW
MessageBoxW
RegisterClassExW
MoveWindow
GetWindowDC
GetSysColor
SetDlgItemTextW
SubtractRect
SetRect
InvalidateRect
wsprintfA
CallWindowProcW
GetClassNameW
wsprintfW
SetCursor
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
GdipSetInterpolationMode
GdipCreateFromHDC
GdipFree
GdipGetImageHeight
GdipAlloc
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipGetImageWidth
GdipDrawImageRectI
GdipDeleteGraphics
GdipCreateBitmapFromResource
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CoTaskMemAlloc
ProgIDFromCLSID
GetRunningObjectTable
CoTaskMemRealloc
CLSIDFromProgID
CoInitializeSecurity
CoCreateGuid
CoCreateInstance
CoTaskMemFree
StringFromGUID2
CreateItemMoniker
Number of PE resources by type
RT_STRING 25
RT_DIALOG 23
RT_ICON 11
RT_BITMAP 6
RT_GROUP_ICON 3
GIF 2
RT_MANIFEST 2
PNG 2
RT_VERSION 1
Number of PE resources by language
NEUTRAL 48
ENGLISH US 27
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
600576

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.25.2.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Setup Launcher Unicode

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
11.0

InternalBuildNumber
147420

ISInternalVersion
21.0.338

OriginalFileName
InstallShield Setup.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.25.0002

TimeStamp
2014:12:17 23:51:43+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Setup

ProductVersion
1.25.0002

SubsystemVersion
5.1

ISInternalDescription
Setup Launcher Unicode

OSVersion
5.1

EntryPoint
0xa5f7c

FileOS
Win32

LegalCopyright
Copyright (c) 2014 Flexera Software LLC. All Rights Reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Servolutions

CodeSize
962048

ProductName
AttackTracer

ProductVersionNumber
1.25.2.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 0812f4b23207a262613e7d8438858379
SHA1 7e93ad3015a31ed173a1783559593498e5704bdf
SHA256 57eb944690070ed7b0a9adca6a9317799e2e055ea90c8ef9dd1fe1b408b46214
ssdeep
98304:u0kuRxzxAlEZ/18kVDH3DK70qKqst1DuDf:7Rxzxj/ukZ2KqQNaf

authentihash c74793134e8da5dfef8593df0599e6e1db4bc4ea3faed7b0269e492fae715425
imphash 0d45614ce1da2206df8b743dab46d7e4
File size 3.1 MB ( 3294416 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2016-02-28 09:51:30 UTC ( 2 years, 11 months ago )
Last submission 2019-01-07 20:57:20 UTC ( 1 month, 1 week ago )
File names InstallShield Setup.exe
SetupAttackTracer.exe
SetupAttackTracer.exe
810646
Setup
SetupAttackTracer.exe
57EB944690070ED7B0A9ADCA6A9317799E2E055EA90C8EF9DD1FE1B408B46214.exe
SetupAttackTracer.exe
setupattacktracer.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications