× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5ed4180e64d3c4ce3191f456a47a525b1e3d685e95345512725b53b4d97da236
File name: Setup
Detection ratio: 28 / 55
Analysis date: 2014-10-10 07:50:09 UTC ( 4 years, 1 month ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1907272 20141010
Antiy-AVL Trojan/Win32.Bublik 20141010
Avast Win32:Malware-gen 20141010
AVG Zbot.OPQ 20141010
Avira (no cloud) TR/PSW.Zbot.16974 20141010
Baidu-International Trojan.Win32.Bublik.aRu 20141009
BitDefender Trojan.GenericKD.1907272 20141010
Emsisoft Trojan.GenericKD.1907272 (B) 20141010
ESET-NOD32 Win32/Spy.Zbot.AAO 20141010
F-Secure Trojan.GenericKD.1907272 20141010
Fortinet W32/Bublik.AAO!tr 20141010
GData Trojan.GenericKD.1907272 20141010
Ikarus Trojan-Spy.Agent 20141010
Kaspersky Trojan.Win32.Bublik.cuvh 20141010
Malwarebytes Trojan.Downloader.ED 20141010
McAfee RDN/Generic PWS.y!bb3 20141010
McAfee-GW-Edition BehavesLike.Win32.Sality.fc 20141009
Microsoft PWS:Win32/Zbot 20141010
eScan Trojan.GenericKD.1907272 20141010
Norman Troj_Generic.WFGOM 20141010
nProtect Trojan.GenericKD.1907272 20141008
Panda Trj/Chgt.H 20141009
Qihoo-360 HEUR/Malware.QVM10.Gen 20141010
Sophos AV Mal/Generic-S 20141010
Symantec WS.Reputation.1 20141010
Tencent Win32.Trojan.Bublik.Wogk 20141010
TrendMicro TROJ_GEN.R011C0DJ614 20141010
TrendMicro-HouseCall TROJ_GEN.R011C0DJ614 20141010
AegisLab 20141010
Yandex 20141010
AhnLab-V3 20141009
AVware 20141010
Bkav 20141009
ByteHero 20141010
CAT-QuickHeal 20141010
ClamAV 20141010
CMC 20141009
Comodo 20141010
Cyren 20141010
DrWeb 20141010
F-Prot 20141009
Jiangmin 20141009
K7AntiVirus 20141009
K7GW 20141009
Kingsoft 20141010
NANO-Antivirus 20141010
Rising 20141009
SUPERAntiSpyware 20141010
TheHacker 20141008
TotalDefense 20141009
VBA32 20141009
VIPRE 20141010
ViRobot 20141010
Zillya 20141009
Zoner 20141007
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2007 Macrovision Corporation

Publisher Macrovision Corporation
Product InstallShield
Original name Setup.exe
Internal name Setup
File version 1.4.0.1
Description Setup.exe
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-10-02 21:43:32
Entry Point 0x00005980
Number of sections 4
PE sections
PE imports
GetUserNameA
GetSidLengthRequired
LookupAccountNameA
GetMUILanguage
SetMapMode
SaveDC
TextOutA
CreateFontIndirectA
GetTextMetricsA
GetDeviceCaps
RestoreDC
SetBkMode
SetPixel
SetTextColor
GetTextExtentPointW
GetObjectA
GetStockObject
ExtTextOutA
GetDIBits
StretchBlt
CreateRectRgn
SelectObject
GetTextExtentPoint32A
CreateSolidBrush
SetBkColor
DeleteObject
GetStdHandle
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
InitializeCriticalSection
OutputDebugStringW
GlobalHandle
TlsGetValue
OutputDebugStringA
SetLastError
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
HeapSetInformation
GetPrivateProfileStringA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
_lclose
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
TerminateProcess
SearchPathW
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
RtlUnwind
GetStartupInfoW
CreateDirectoryW
GetProcAddress
GetProcessHeap
GetTempFileNameW
CompareStringW
GlobalReAlloc
lstrcpyA
HeapValidate
GetComputerNameA
GlobalLock
GetTimeZoneInformation
CreateFileW
GetConsoleWindow
GetFileType
TlsSetValue
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
lstrlenA
GetConsoleCP
GetEnvironmentStringsW
_lwrite
GetCurrentProcessId
HeapQueryInformation
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
CloseHandle
GetACP
GetModuleHandleW
GetLongPathNameW
IsValidCodePage
HeapCreate
Sleep
IsBadReadPtr
SafeArrayPtrOfIndex
SafeArrayGetRecordInfo
SafeArrayUnlock
VariantInit
SysAllocString
SysFreeString
SafeArrayLock
SHFileOperationA
StrRChrA
SetFocus
GetMessageA
GetForegroundWindow
UpdateWindow
GetScrollInfo
BeginPaint
OffsetRect
DefWindowProcA
ShowWindow
SetWindowPos
SendDlgItemMessageA
IsWindow
AppendMenuA
InflateRect
FrameRect
SetMenu
SetDlgItemTextA
PostMessageA
MoveWindow
MessageBoxA
GetWindowDC
SetWindowTextA
TranslateMessage
IsWindowEnabled
GetWindow
GetSysColor
GetDlgItemInt
SetActiveWindow
InsertMenuItemA
ReleaseDC
SystemParametersInfoA
GetDlgCtrlID
CreatePopupMenu
GetMenu
DrawFocusRect
GetLastActivePopup
IsWindowVisible
SendMessageA
GetWindowTextA
GetClientRect
CreateWindowExA
GetDlgItem
DrawMenuBar
MessageBoxW
RegisterClassA
DeleteMenu
GetMenuItemCount
LoadAcceleratorsA
wsprintfA
GetWindowTextLengthA
CreateMenu
LoadCursorA
LoadIconA
RegisterClassW
FillRect
GetUpdateRgn
GetSysColorBrush
CheckDlgButton
GetDesktopWindow
DispatchMessageA
GetSystemMenu
CreateWindowExW
TranslateAcceleratorA
GetUpdateRect
ScrollWindowEx
DestroyWindow
IsAppThemed
CLSIDFromString
CoCreateInstance
CoUninitialize
CoInitialize
CLSIDFromProgID
Number of PE resources by type
RT_STRING 3
RT_ICON 2
RT_BITMAP 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 10
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.4.0.1

UninitializedDataSize
0

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
217088

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2007 Macrovision Corporation

FileVersion
1.4.0.1

TimeStamp
2014:10:02 22:43:32+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Setup

FileAccessDate
2014:10:10 08:51:53+01:00

ProductVersion
1.4.0.1

FileDescription
Setup.exe

OSVersion
5.1

FileCreateDate
2014:10:10 08:51:53+01:00

OriginalFilename
Setup.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Macrovision Corporation

CodeSize
138752

ProductName
InstallShield

ProductVersionNumber
1.4.0.1

EntryPoint
0x5980

ObjectFileType
Executable application

File identification
MD5 60ce9583b6e76d157c577d2d624590ad
SHA1 08fcefcb9234c165b7711a0ece4f421579d4d44e
SHA256 5ed4180e64d3c4ce3191f456a47a525b1e3d685e95345512725b53b4d97da236
ssdeep
6144:YPo30DKkcvJAdxYfY1fn055eCDWs5mZG7LAxzc8R3OQNsf+Twzre0HiQc:YPPDfcvJAEQ1fniDWlGQWYOfmb0Hg

authentihash 456b24d84ecc16162c3023a2d8d4368291f6680e5d639b217f7ab110215fc734
imphash 7219f1079eca3ad18440ebd98aab8a3a
File size 348.5 KB ( 356864 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-10-07 09:08:32 UTC ( 4 years, 1 month ago )
Last submission 2014-10-07 09:08:32 UTC ( 4 years, 1 month ago )
File names Setup.exe
Setup
vt-upload-lmC2T
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests