× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6040a4a95d3674dd145662cb2cef42469647d568f5deab8f2730a14a8d458ca3
File name: Extensions-Trial.exe
Detection ratio: 0 / 67
Analysis date: 2018-06-09 16:26:02 UTC ( 5 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware 20180609
AegisLab 20180609
AhnLab-V3 20180609
Alibaba 20180608
ALYac 20180609
Antiy-AVL 20180609
Arcabit 20180609
Avast 20180609
Avast-Mobile 20180609
AVG 20180609
Avira (no cloud) 20180609
AVware 20180609
Babable 20180406
Baidu 20180608
BitDefender 20180609
Bkav 20180609
CAT-QuickHeal 20180609
ClamAV 20180609
CMC 20180609
Comodo 20180609
CrowdStrike Falcon (ML) 20180202
Cybereason 20180225
Cylance 20180609
Cyren 20180609
DrWeb 20180609
eGambit 20180609
Emsisoft 20180609
Endgame 20180507
ESET-NOD32 20180609
F-Prot 20180609
F-Secure 20180609
Fortinet 20180609
GData 20180609
Ikarus 20180609
Sophos ML 20180601
Jiangmin 20180609
K7AntiVirus 20180609
K7GW 20180609
Kaspersky 20180609
Kingsoft 20180609
Malwarebytes 20180609
MAX 20180609
McAfee 20180609
McAfee-GW-Edition 20180609
Microsoft 20180609
eScan 20180609
NANO-Antivirus 20180609
Palo Alto Networks (Known Signatures) 20180609
Panda 20180609
Rising 20180609
SentinelOne (Static ML) 20180225
Sophos AV 20180609
SUPERAntiSpyware 20180609
Symantec 20180609
Symantec Mobile Insight 20180605
TACHYON 20180608
Tencent 20180609
TheHacker 20180608
TotalDefense 20180609
TrendMicro 20180609
TrendMicro-HouseCall 20180609
Trustlook 20180609
VBA32 20180608
VIPRE 20180609
ViRobot 20180609
Webroot 20180609
Yandex 20180609
Zillya 20180608
ZoneAlarm by Check Point 20180609
Zoner 20180608
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Product Extensions for Windows
File version 1.0.4.10
Signature verification Signed file, verified signature
Signing date 3:45 PM 10/29/2008
Signers
[+] Extensoft
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 9/29/2008
Valid to 12:59 AM 9/30/2010
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint E71031902D1F5FEF8632CC95DB94EA1651F6F432
Serial number 00 99 F6 E7 22 2C 7F 19 FB 40 2A A6 4C 94 53 2D 9A
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbprint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
Counter signers
[+] Comodo Time Stamping Signer
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 5/17/2005
Valid to 12:59 AM 5/17/2010
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 95B2B8E34EB2CB768144ED07433EF0A3AFCAEEC0
Serial number 4F 63 D0 30 F8 15 A3 A5 B3 44 69 40 06 3D 16 89
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-06-23 17:24:20
Entry Point 0x000289C2
Number of sections 4
PE sections
Overlays
MD5 fd72db39220361e7a7fd885e221bc608
File type data
Offset 558592
Size 15353096
Entropy 7.97
PE imports
SetSecurityDescriptorOwner
LookupPrivilegeValueA
RegCloseKey
RegQueryValueExA
AccessCheck
AdjustTokenPrivileges
InitializeAcl
RegCreateKeyExA
SetSecurityDescriptorDacl
OpenProcessToken
DuplicateToken
AddAccessAllowedAce
RegOpenKeyExA
OpenThreadToken
GetUserNameA
GetLengthSid
RegEnumKeyExA
RegQueryInfoKeyA
FreeSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegSetValueExA
RegDeleteValueA
SetSecurityDescriptorGroup
IsValidSecurityDescriptor
ImageList_Create
Ord(17)
ImageList_Add
AddFontResourceA
SetMapMode
TextOutW
SaveDC
TextOutA
GetDeviceCaps
DeleteDC
RestoreDC
SetBkMode
GetTextExtentPoint32A
EndDoc
StartPage
DeleteObject
BitBlt
SetTextColor
CreateBitmap
CreateFontA
CreatePalette
GetStockObject
CreateDIBitmap
SetViewportOrgEx
SetTextAlign
CreateCompatibleDC
StretchDIBits
EndPage
RemoveFontResourceA
SelectObject
StartDocA
CreateScalableFontResourceA
CreateSolidBrush
SetBkColor
GetTextExtentPoint32W
CreateCompatibleBitmap
GetStdHandle
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
HeapDestroy
FreeEnvironmentStringsA
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
GetFileTime
GetTempPathA
GetCPInfo
GetStringTypeA
WriteFile
HeapReAlloc
GetStringTypeW
SetFileAttributesA
FreeLibrary
LocalFree
MoveFileA
GetThreadPriority
GetLogicalDriveStringsA
FindClose
FormatMessageA
GetSystemTime
DeviceIoControl
GetUserDefaultLangID
CopyFileA
HeapAlloc
GetModuleFileNameA
LoadLibraryExA
GetPrivateProfileStringA
SetThreadPriority
UnhandledExceptionFilter
MultiByteToWideChar
WritePrivateProfileSectionA
CreateMutexA
SetFilePointer
MulDiv
GetSystemDirectoryA
MoveFileExA
GlobalMemoryStatus
GlobalAlloc
SetEndOfFile
GetVersion
SetCurrentDirectoryA
HeapFree
VerLanguageNameA
SetHandleCount
lstrcmpiA
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
GetFileSize
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetProcAddress
GlobalReAlloc
lstrcmpA
FindFirstFileA
lstrcpyA
GetComputerNameA
FindNextFileA
TerminateProcess
GlobalLock
GetFileType
CreateFileA
ExitProcess
GetLastError
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
RemoveDirectoryA
GetShortPathNameA
GetEnvironmentStrings
CompareFileTime
WritePrivateProfileStringA
SetFileTime
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetCurrentThread
QueryPerformanceFrequency
GetModuleHandleA
ReadFile
CloseHandle
lstrcpynA
GetACP
CreateProcessA
WideCharToMultiByte
HeapCreate
VirtualFree
Sleep
VirtualAlloc
GetOEMCP
LoadTypeLib
RegisterTypeLib
SHChangeNotify
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
SHFileOperationA
SetFocus
GetMessageA
GetClassInfoExW
DrawEdge
EndDialog
RegisterClassExW
SetWindowTextW
OffsetRect
DefWindowProcW
MoveWindow
KillTimer
GetClassInfoExA
PostQuitMessage
DefWindowProcA
FindWindowA
LoadBitmapA
SetWindowPos
SendDlgItemMessageA
GetSystemMetrics
MessageBoxW
AppendMenuA
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
PostMessageA
SetRectEmpty
GetDlgItemTextA
ScreenToClient
MessageBoxA
PeekMessageA
SetWindowLongA
SendDlgItemMessageW
IsWindowEnabled
LoadImageA
CharUpperA
GetSysColor
GetDC
RegisterClassExA
GetCursorPos
ReleaseDC
SystemParametersInfoA
WaitMessage
SetWindowTextA
SendMessageW
DrawFocusRect
DialogBoxParamA
RegisterClassW
TranslateMessage
IsWindowVisible
SendMessageA
DestroyWindow
GetClientRect
CreateWindowExA
GetDlgItem
SetForegroundWindow
CreateDialogParamA
IsIconic
RegisterClassA
DeleteMenu
InvalidateRect
GetWindowLongA
GetWindowTextLengthA
SetTimer
LoadCursorA
LoadIconA
DrawTextA
EnumDisplaySettingsA
GetActiveWindow
ShowWindow
CopyRect
GetDesktopWindow
CallWindowProcA
GetSystemMenu
GetFocus
CreateWindowExW
MsgWaitForMultipleObjects
FillRect
GetWindowTextA
SetCursor
ExitWindowsEx
IsDialogMessageA
PtInRect
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
midiOutGetNumDevs
joyGetPos
waveOutGetNumDevs
PrintDlgA
GetOpenFileNameA
CoUninitialize
OleUninitialize
CoCreateInstance
CoInitialize
OleInitialize
Number of PE resources by type
RT_ICON 7
RT_DIALOG 4
RT_GROUP_CURSOR 1
RT_MANIFEST 1
RT_BITMAP 1
RT_CURSOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL DEFAULT 16
NEUTRAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x0017

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit, Removable run from swap, Net run from swap

CharacterSet
Unicode

InitializedDataSize
385024

EntryPoint
0x289c2

MIMEType
application/octet-stream

FileVersion
1.0.4.10

TimeStamp
2008:06:23 18:24:20+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0.4.10

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Extensoft

CodeSize
172544

ProductName
Extensions for Windows

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

PCAP parents
File identification
MD5 d0c4d87745bb29834eaa43b063051dbc
SHA1 d7b76e7d2d67ee2e4d8571fb987c4acae7a51d60
SHA256 6040a4a95d3674dd145662cb2cef42469647d568f5deab8f2730a14a8d458ca3
ssdeep
393216:HF+MrnUK3CoZ4wcT7j0l5ZB1SLOwKfb89Bze8EdTy0QXg7sk:HnDSoZe05ZWLfK4zzAgk

authentihash 744b3ae7487a8cf57a2668f1f717e6cc32036841b9f081bfd9f941ebdf619e27
imphash ffe03a1e6e87c11b399effd8f1681bb8
File size 15.2 MB ( 15911688 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay armadillo signed software-collection

VirusTotal metadata
First submission 2009-02-26 06:45:20 UTC ( 9 years, 9 months ago )
Last submission 2018-05-27 07:15:02 UTC ( 5 months, 4 weeks ago )
File names extensions-for-windows-1.0.4.10.exe
Extensions-Trial_29-10-2008.exe
extensions_for_windows.exe
file
16039579
Extensions-Trial_ 32bit.exe
1afd4df15b92f9776d2af2efccde939959b279aa94acef2e7bc7957d61861795e7b4f933104330cb73e6b0ad8da7883e8431e9e0e52c5a185e5cf7666400718b
Extensions-i386-1.0.4.10-trial.exe
6040A4A95D3674DD145662CB2CEF42469647D568F5DEAB8F2730A14A8D458CA3
octet-stream
Extensionsi3861.0.4.10trial.exe
extensionsi38610410trial.exe
extensions-i386-1.0.4.10-trial.exe
file-1348410_exe
Extensions-Trial.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!