× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5ae34c910dac83f69d28cc3cd8c47f3f685fa0c4cf29d1385d97e2ed454d3b48
File name: setup.exe
Detection ratio: 0 / 57
Analysis date: 2015-03-03 00:56:16 UTC ( 1 day, 7 hours ago )
Antivirus Result Update
ALYac 20150303
AVG 20150302
AVware 20150228
Ad-Aware 20150303
AegisLab 20150303
Agnitum 20150228
AhnLab-V3 20150302
Alibaba 20150303
Antiy-AVL 20150302
Avast 20150303
Avira 20150303
Baidu-International 20150302
BitDefender 20150303
Bkav 20150302
ByteHero 20150303
CAT-QuickHeal 20150302
CMC 20150228
ClamAV 20150302
Comodo 20150302
Cyren 20150303
DrWeb 20150303
ESET-NOD32 20150303
Emsisoft 20150303
F-Prot 20150302
F-Secure 20150302
Fortinet 20150303
GData 20150303
Ikarus 20150302
Jiangmin 20150302
K7AntiVirus 20150302
K7GW 20150302
Kaspersky 20150303
Kingsoft 20150303
Malwarebytes 20150303
McAfee 20150303
McAfee-GW-Edition 20150303
MicroWorld-eScan 20150303
Microsoft 20150302
NANO-Antivirus 20150303
Norman 20150302
Panda 20150302
Qihoo-360 20150303
Rising 20150302
SUPERAntiSpyware 20150303
Sophos 20150303
Symantec 20150303
Tencent 20150303
TheHacker 20150302
TotalDefense 20150302
TrendMicro 20150303
TrendMicro-HouseCall 20150303
VBA32 20150302
VIPRE 20150303
ViRobot 20150303
Zillya 20150303
Zoner 20150302
nProtect 20150302
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Developer metadata
Copyright
© Microsoft Corporation. All rights reserved.

Publisher NORTHAMERICA\scottha
Original name setup.exe
Internal name setup.exe
File version 9.0.30729.1 built by: SP
Description Setup
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-07-29 13:45:50
Link date 1:45 PM 7/29/2008
Entry Point 0x00028EE8
Number of sections 4
PE sections
PE imports
GetObjectA
GetDeviceCaps
CreateCompatibleDC
DeleteDC
SelectObject
GetTextExtentPoint32A
GetStockObject
CreateFontIndirectA
GetTextMetricsA
GetObjectW
EnumFontFamiliesExA
DeleteObject
GetStdHandle
GetConsoleOutputCP
GetFileAttributesA
WaitForSingleObject
GetFileAttributesW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetTempPathA
WideCharToMultiByte
GetStringTypeA
InterlockedExchange
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
LocalFree
FormatMessageW
InitializeCriticalSection
LoadResource
FindClose
BeginUpdateResourceW
FormatMessageA
BeginUpdateResourceA
SetLastError
GetEnvironmentVariableA
CopyFileW
UpdateResourceW
GetModuleFileNameW
CopyFileA
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
UpdateResourceA
HeapSetInformation
EnumSystemLocalesA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
CreateThread
GetSystemDirectoryW
SetUnhandledExceptionFilter
MulDiv
GetSystemDirectoryA
InterlockedDecrement
GetDiskFreeSpaceExA
WriteConsoleA
GlobalAlloc
SetEndOfFile
GetVersion
GetProcAddress
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
EndUpdateResourceA
RtlUnwind
FreeLibrary
GetStartupInfoA
GetDateFormatA
OpenProcess
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
GetTempFileNameW
WriteFile
FindFirstFileA
GetCurrentThreadId
InterlockedIncrement
CompareStringA
GetTempFileNameA
FindNextFileA
IsValidLocale
ExpandEnvironmentStringsA
CreateFileW
CreateEventA
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
lstrlenW
Process32NextW
SizeofResource
GetCurrentProcessId
LockResource
GetCPInfo
HeapSize
GetCommandLineA
Process32FirstW
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetEnvironmentStrings
IsValidCodePage
HeapCreate
FindResourceW
VirtualFree
Sleep
TerminateProcess
FindResourceA
VirtualAlloc
GetOEMCP
GetTimeFormatA
ShellExecuteExA
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetMalloc
ShellExecuteA
SetFocus
ReleaseDC
CreateDialogIndirectParamA
ShowWindow
SetClassLongA
SendDlgItemMessageA
ShowScrollBar
MessageBoxW
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
MoveWindow
MessageBoxA
PeekMessageA
TranslateMessage
GetDC
SystemParametersInfoA
SetWindowTextA
GetSystemMetrics
SendMessageA
GetClientRect
GetDlgItem
CreateDialogParamA
DrawTextW
ScreenToClient
LoadCursorA
LoadIconA
CharNextA
GetDialogBaseUnits
LoadImageA
GetFocus
MsgWaitForMultipleObjects
SetForegroundWindow
DestroyWindow
ExitWindowsEx
IsDialogMessageA
SetCursor
CoUninitialize
CoInitialize
Number of PE resources by type
Struct(43) 92
RT_ICON 11
RT_DIALOG 3
Struct(44) 3
Struct(40) 3
Struct(45) 2
RT_GROUP_ICON 2
RT_MANIFEST 1
Struct(41) 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 101
ENGLISH US 18
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
9.0

FileVersionNumber
9.0.30729.1

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
168448

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
9.0.30729.1 built by: SP

TimeStamp
2008:07:29 13:45:50+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
setup.exe

ProductVersion
9.0.30729.1

FileDescription
Setup

OSVersion
5.0

OriginalFilename
setup.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
297984

FileSubtype
0

ProductVersionNumber
9.0.30729.1

EntryPoint
0x28ee8

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
File identification
MD5 f116db02dcae4133a47fdaa09aace69d
SHA1 565fde101058d9add1975e4ed3088c6eca0ecba2
SHA256 5ae34c910dac83f69d28cc3cd8c47f3f685fa0c4cf29d1385d97e2ed454d3b48
ssdeep
6144:+XaNjt6LuPHmLyiBvuJiFkJ+2Qw+MMq6FlOUeKJ6qjagojDuUli1I:WYYuUx65QwDMq6TOUBeDuUlkI

authentihash e11026f7c3ded631e4ab9de2b93f69713b398ef1a57fc000071e6bcbe0706280
imphash 784112ee3c1da4bbf1f4ee95a0d306fb
File size 457.5 KB ( 468432 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2008-11-29 21:41:15 UTC ( 6 years, 3 months ago )
Last submission 2015-02-25 15:08:46 UTC ( 6 days, 17 hours ago )
File names setup.exe
setup.exe
BabyMash.exe
file-3193684_exe
setup.exe.6gthn5l.partial
setup.exe
setup[1].exe
Baby Smash setup.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections