× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 590b15e01d45eb1ec0b536398fe76c20117802da5c180eb1b913d6c58058826d
File name: B1FreeArchiver_1.4.68.exe
Detection ratio: 0 / 47
Analysis date: 2013-11-11 18:40:09 UTC ( 5 years, 3 months ago ) View latest
Antivirus Result Update
Yandex 20131111
AhnLab-V3 20131111
AntiVir 20131111
Antiy-AVL 20131111
Avast 20131111
AVG 20131111
Baidu-International 20131111
BitDefender 20131111
Bkav 20131111
ByteHero 20131111
CAT-QuickHeal 20131111
ClamAV 20131111
Commtouch 20131111
Comodo 20131111
DrWeb 20131111
Emsisoft 20131111
ESET-NOD32 20131111
F-Prot 20131111
F-Secure 20131111
Fortinet 20131111
GData 20131111
Ikarus 20131111
Jiangmin 20131111
K7AntiVirus 20131111
K7GW 20131111
Kaspersky 20131111
Kingsoft 20130829
Malwarebytes 20131111
McAfee 20131111
McAfee-GW-Edition 20131111
Microsoft 20131111
eScan 20131111
NANO-Antivirus 20131111
Norman 20131111
nProtect 20131111
Panda 20131111
Rising 20131111
Sophos AV 20131111
SUPERAntiSpyware 20131111
Symantec 20131111
TheHacker 20131111
TotalDefense 20131108
TrendMicro 20131111
TrendMicro-HouseCall 20131111
VBA32 20131111
VIPRE 20131111
ViRobot 20131111
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2013

Product B1 Free Archiver Installer
Internal name SmartInstaller
File version 2, 4, 16, 0
Description B1 Free Archiver Installer
Signature verification A certificate was explicitly revoked by its issuer.
Signers
[+] Catalina Group Limited
Status Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer Go Daddy Secure Certification Authority
Valid from 11:34 AM 8/16/2013
Valid to 2:56 AM 9/27/2016
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint CE07B667622E7F412485AD0B1D42B9BC65F448BB
Serial number 4B 8F 32 52 06 20 F6
[+] Go Daddy Secure Certification Authority
Status Valid
Issuer Go Daddy Class 2 Certification Authority
Valid from 2:54 AM 11/16/2006
Valid to 2:54 AM 11/16/2026
Valid usage All
Algorithm sha1RSA
Thumbprint 7C4656C3061F7F4C0D67B319A855F60EBC11FC44
Serial number 03 01
[+] Go Daddy Class 2 Certification Authority
Status Valid
Issuer Go Daddy Class 2 Certification Authority
Valid from 6:06 PM 6/29/2004
Valid to 6:06 PM 6/29/2034
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 2796BAE63F1801E277261BA0D77770028F20EEE4
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-11-11 16:50:13
Entry Point 0x000270A0
Number of sections 5
PE sections
Overlays
MD5 17898b6baf488b265ab10e129e07b302
File type data
Offset 536064
Size 3568
Entropy 7.28
PE imports
RegCreateKeyExW
SetSecurityDescriptorOwner
RegCloseKey
ConvertSidToStringSidW
AccessCheck
AdjustTokenPrivileges
InitializeAcl
CreateProcessWithLogonW
RegDeleteKeyW
RegQueryValueExW
SetSecurityDescriptorDacl
OpenProcessToken
DuplicateToken
AddAccessAllowedAce
RegOpenKeyExW
LookupAccountNameW
GetTokenInformation
GetUserNameW
RegEnumValueW
RegEnumKeyExW
OpenThreadToken
GetLengthSid
RegDeleteValueW
LogonUserW
RegSetValueExW
FreeSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
LookupPrivilegeValueW
SetSecurityDescriptorGroup
IsValidSecurityDescriptor
CreateFontIndirectW
SetBkMode
GetStockObject
CreateSolidBrush
GetObjectW
SetBkColor
SetTextColor
GetStdHandle
GetConsoleOutputCP
SetEvent
GetFileAttributesW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
GetTempPathW
WaitForSingleObject
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
FormatMessageW
ResumeThread
InitializeCriticalSection
OutputDebugStringW
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
SetLastError
GetSystemTime
LoadResource
RemoveDirectoryW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
EnumSystemLocalesA
GetUserDefaultLCID
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
CreateThread
MoveFileExW
GetExitCodeThread
SetUnhandledExceptionFilter
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetVersionExW
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoA
GetFileSize
OpenProcess
GetStartupInfoW
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
GetProcessHeap
CompareStringW
WriteFile
GetFileSizeEx
GetModuleFileNameW
FindNextFileW
CompareStringA
FindFirstFileW
IsValidLocale
GetProcAddress
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
Process32NextW
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
InterlockedCompareExchange
Process32FirstW
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
FreeResource
IsValidCodePage
HeapCreate
FindResourceW
VirtualFree
Sleep
FindResourceA
VirtualAlloc
VariantInit
VariantClear
SysAllocString
SHBrowseForFolderW
Shell_NotifyIconW
ShellExecuteW
SHGetPathFromIDListW
ShellExecuteExW
SHGetSpecialFolderPathW
CommandLineToArgvW
SHStrDupW
StrStrIW
PathIsDirectoryW
SHGetValueW
SetFocus
GetParent
UpdateWindow
GetPropW
EnumWindows
DefWindowProcW
KillTimer
DialogBoxParamW
GetMessageW
ShowWindow
SetPropW
GetWindowThreadProcessId
SetWindowLongW
MessageBoxW
GetWindowRect
EnableWindow
EndDialog
EnumChildWindows
SetWindowPos
TranslateMessage
IsWindowEnabled
SendMessageTimeoutW
PostMessageW
SetDlgItemTextW
DispatchMessageW
CreateDialogParamW
SendMessageW
GetWindowLongW
IsWindowVisible
SetWindowTextW
GetDlgItem
RemovePropW
BringWindowToTop
SendMessageTimeoutA
SetTimer
CallWindowProcW
IsDialogMessageW
FillRect
IsDlgButtonChecked
GetClientRect
GetWindowTextW
CheckDlgButton
LoadCursorW
LoadIconW
GetWindowTextLengthW
CreateWindowExW
RegisterClassExW
DestroyWindow
ExitWindowsEx
SetCursor
CreateEnvironmentBlock
DestroyEnvironmentBlock
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
HttpQueryInfoW
InternetReadFile
InternetCloseHandle
InternetOpenUrlW
InternetCheckConnectionW
InternetOpenW
CredUIPromptForCredentialsW
CoInitializeEx
CoUninitialize
OleSetContainedObject
CoCreateInstance
CoCreateGuid
CoTaskMemFree
CoGetClassObject
Number of PE resources by type
RT_BITMAP 24
RT_DIALOG 10
RT_ICON 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 40
NEUTRAL 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.4.16.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x0017

CharacterSet
Unicode

InitializedDataSize
274432

EntryPoint
0x270a0

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2013

FileVersion
2, 4, 16, 0

TimeStamp
2013:11:11 17:50:13+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
SmartInstaller

ProductVersion
2, 4, 16, 0

FileDescription
B1 Free Archiver Installer

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
260608

ProductName
B1 Free Archiver Installer

ProductVersionNumber
2.4.16.0

FileTypeExtension
exe

ObjectFileType
Unknown

File identification
MD5 339f2c7efc404afbc12a7febd0fb7ebc
SHA1 1268802d5952fca12b7773468ac3db79bdad66f5
SHA256 590b15e01d45eb1ec0b536398fe76c20117802da5c180eb1b913d6c58058826d
ssdeep
12288:Sckw/7HgsutY+EKh3D2xjZNo/pWlvaTv/noPasH0WU6:Tkw/DJjkD4jLo/YYTvsa2NN

authentihash 370ab876d69cbb0e3ddf069c7611fec346e2a898f4ad0eb55b42d2928438bc2a
imphash c805426348b451efda8350f2d205186b
File size 527.0 KB ( 539632 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (76.4%)
Win32 Executable (generic) (12.4%)
Generic Win/DOS Executable (5.5%)
DOS Executable Generic (5.5%)
Tags
revoked-cert peexe signed overlay

VirusTotal metadata
First submission 2013-11-11 18:40:09 UTC ( 5 years, 3 months ago )
Last submission 2013-11-14 20:14:12 UTC ( 5 years, 3 months ago )
File names B1FreeArchiver_1.1.0.exe
B1FreeArchiver_1.4.68.exe
SmartInstaller
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Set keys
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections