× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 60f2b6603c6a7899a821162aa727691609b1df5d882b4ecada9da111cab4c1d6
File name: setup.exe
Detection ratio: 31 / 54
Analysis date: 2016-02-02 08:46:25 UTC ( 3 years, 1 month ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.180682 20160204
AhnLab-V3 Trojan/Win32.Teslacrypt 20160204
ALYac Gen:Variant.Zusy.180682 20160204
Antiy-AVL Trojan[Ransom]/Win32.Bitman 20160204
Arcabit Trojan.Zusy.D2C1CA 20160204
Avast Win32:Malware-gen 20160204
AVG Generic_r.HCP 20160204
Avira (no cloud) TR/Crypt.ZPACK.192774 20160204
BitDefender Gen:Variant.Zusy.180682 20160204
Cyren W32/Rovnix.C.gen!Eldorado 20160204
DrWeb Trojan.Packed.29794 20160204
Emsisoft Gen:Variant.Zusy.180682 (B) 20160204
ESET-NOD32 a variant of Win32/Kryptik.EMNJ 20160204
F-Prot W32/Agent.XL.gen!Eldorado 20160129
F-Secure Gen:Variant.Zusy.180682 20160204
Fortinet W32/Zbot.EMNJ!tr 20160204
GData Gen:Variant.Zusy.180682 20160204
Ikarus Trojan.Win32.Crypt 20160204
K7GW Hacktool ( 655367771 ) 20160204
Kaspersky Trojan-Spy.Win32.Zbot.wjbs 20160204
Malwarebytes Ransom.TeslaCrypt 20160204
McAfee Trojan-FHTW!B95D7F907F5C 20160204
McAfee-GW-Edition BehavesLike.Win32.BadFile.fh 20160204
eScan Gen:Variant.Zusy.180682 20160204
Panda Trj/CI.A 20160203
Qihoo-360 QVM10.1.Malware.Gen 20160204
Rising PE:Trojan.Kryptik!1.A32E [F] 20160204
Sophos AV Mal/Wonton-CB 20160204
TrendMicro TROJ_FORUCON.BMC 20160204
TrendMicro-HouseCall TROJ_FORUCON.BMC 20160204
ViRobot Trojan.Win32.U.Agent.376832[h] 20160204
AegisLab 20160204
Yandex 20160203
Alibaba 20160204
Baidu-International 20160204
Bkav 20160204
ByteHero 20160204
CAT-QuickHeal 20160204
ClamAV 20160203
Comodo 20160204
Jiangmin 20160204
K7AntiVirus 20160204
Microsoft 20160204
NANO-Antivirus 20160204
nProtect 20160204
SUPERAntiSpyware 20160204
Symantec 20160203
Tencent 20160204
TheHacker 20160203
TotalDefense 20160204
VBA32 20160204
VIPRE 20160204
Zillya 20160204
Zoner 20160204
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-02-02 07:12:30
Entry Point 0x0001186A
Number of sections 8
PE sections
Overlays
MD5 04fbaa2a67a3d91325f98023fd9b6c4c
File type data
Offset 359424
Size 512
Entropy 7.58
PE imports
RegDeleteKeyA
LookupPrivilegeValueA
RegCloseKey
RegEnumValueA
RegQueryValueExA
AdjustTokenPrivileges
InitializeAcl
RegCreateKeyExA
SetSecurityDescriptorDacl
RegOpenKeyA
OpenProcessToken
RegQueryValueA
AddAccessAllowedAce
RegOpenKeyExA
EqualSid
GetTokenInformation
InitiateSystemShutdownA
CryptReleaseContext
CryptAcquireContextA
CryptGenRandom
OpenThreadToken
GetLengthSid
FreeSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegSetValueExA
RegDeleteValueA
GetPixelFormat
CreateICA
GetSystemPaletteEntries
FloodFill
CreateFontIndirectA
GetGlyphOutlineA
GetRandomRgn
GetDeviceCaps
TranslateCharsetInfo
DeleteDC
SetBkMode
GetWindowOrgEx
GetBitmapDimensionEx
FillPath
BitBlt
RealizePalette
SetTextColor
GetObjectA
GetColorSpace
SetMiterLimit
CreateFontA
CreatePalette
GetStockObject
CreateDIBitmap
SelectPalette
SaveDC
SetTextAlign
CreateCompatibleDC
ScaleWindowExtEx
CloseEnhMetaFile
SelectObject
GetTextExtentPoint32A
CreateSolidBrush
DeleteObject
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
FindNextFileA
HeapDestroy
SignalObjectAndWait
GetFileAttributesW
SetInformationJobObject
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
GetSystemDefaultLCID
ExpandEnvironmentStringsA
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetFileTime
GetTempPathA
GetCPInfo
GetStringTypeA
LocalFree
GetTempPathW
MoveFileA
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
GetStringTypeW
SetFileAttributesA
GetExitCodeProcess
QueryDosDeviceA
FormatMessageW
IsWow64Process
ResumeThread
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
InterlockedDecrement
FormatMessageA
SetFileAttributesW
SetLastError
GetUserDefaultUILanguage
VerLanguageNameA
DeviceIoControl
GetEnvironmentVariableA
ReadFile
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
lstrcmpiW
RaiseException
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
MoveFileW
GetModuleHandleA
CreateThread
SetEnvironmentVariableW
GetSystemDirectoryW
GetExitCodeThread
SetUnhandledExceptionFilter
MulDiv
ClearCommError
GetSystemDirectoryA
MoveFileExA
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetVersion
LeaveCriticalSection
SetCurrentDirectoryA
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
GetSystemTime
SetHandleCount
TerminateThread
lstrcmpiA
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
SystemTimeToFileTime
GetFileSize
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
CompareStringW
lstrcpyW
RemoveDirectoryW
ExpandEnvironmentStringsW
lstrcmpA
FindNextFileW
GetCurrentThreadId
lstrcpyA
CompareStringA
GetTempFileNameA
CreateFileMappingA
FindFirstFileW
lstrcmpW
WaitForMultipleObjects
GetProcAddress
SetEvent
GetProcessAffinityMask
RemoveDirectoryA
CreateEventW
CreateFileW
CreateEventA
CopyFileA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
PrepareTape
InterlockedIncrement
GetLastError
DosDateTimeToFileTime
LCMapStringW
HeapCreate
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
HeapReAlloc
GetEnvironmentStringsW
GlobalUnlock
VirtualQuery
lstrlenW
GetShortPathNameA
SizeofResource
CompareFileTime
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
GetCurrentDirectoryA
ClearCommBreak
HeapSize
GetCommandLineA
GetCurrentThread
SuspendThread
QueryPerformanceFrequency
MapViewOfFile
TlsFree
SetFilePointer
SetDllDirectoryA
GlobalFlags
SearchPathA
FindFirstFileA
CloseHandle
lstrcpynA
GetACP
GlobalLock
GetModuleHandleW
OpenEventA
GetEnvironmentStrings
CreateProcessA
WideCharToMultiByte
IsValidCodePage
UnmapViewOfFile
WriteFile
VirtualFree
Sleep
IsBadReadPtr
IsBadCodePtr
FindResourceA
VirtualAlloc
GetOEMCP
ResetEvent
CharLowerBuffA
PostQuitMessage
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
VkKeyScanA
PeekMessageA
GetDC
GetAsyncKeyState
ReleaseDC
GetDlgCtrlID
GetClassInfoA
SendMessageW
SendMessageA
GetClientRect
DrawTextW
GetNextDlgTabItem
GetWindowTextLengthA
LoadImageW
ClientToScreen
GetWindowTextW
ExcludeUpdateRgn
GetWindowTextLengthW
MsgWaitForMultipleObjects
GetWindowTextA
DestroyWindow
GetMessageA
GetParent
UpdateWindow
ShowWindow
GetDesktopWindow
EnableWindow
CharUpperW
GetDlgItemTextA
GetClipboardFormatNameW
GetSystemMenu
TranslateMessage
IsWindowEnabled
GetWindow
LoadStringA
PaintDesktop
SetParent
GetWindowPlacement
IsCharLowerW
EnableMenuItem
RegisterClassA
GetWindowLongA
CreateMenu
FillRect
MonitorFromPoint
CharNextA
WaitForInputIdle
GetSysColorBrush
GetWindowLongW
IsDialogMessageA
SetFocus
CharPrevA
BeginPaint
DefWindowProcW
KillTimer
GetComboBoxInfo
SetTimer
DefWindowProcA
IsHungAppWindow
SendDlgItemMessageA
GetSystemMetrics
SetWindowLongW
GetWindowRect
PostMessageA
DrawIcon
SetWindowLongA
DrawCaption
CreateDialogParamW
SetWindowTextA
GetLastActivePopup
DrawIconEx
SetWindowTextW
CreateWindowExA
GetDlgItem
CreateDialogParamA
ScreenToClient
LoadCursorA
LoadIconA
DialogBoxIndirectParamW
ValidateRect
LoadIconW
NotifyWinEvent
ExitWindowsEx
GetScrollBarInfo
IntersectRect
EndDialog
FindWindowA
MessageBeep
wvsprintfW
MoveWindow
MessageBoxA
GetWindowDC
wvsprintfA
DialogBoxParamA
GetSysColor
SetDlgItemTextW
GetKeyState
GetWindowRgn
DestroyIcon
SubtractRect
SystemParametersInfoW
SetRect
wsprintfA
CallWindowProcW
CallWindowProcA
wsprintfW
GetAncestor
SetCursor
CoUninitialize
CoInitialize
CreateItemMoniker
GetRunningObjectTable
CoCreateInstance
StgOpenStorage
StringFromCLSID
CoCreateGuid
CoTaskMemFree
StgIsStorageFile
Number of PE resources by type
RT_GROUP_CURSOR 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:02:02 08:12:30+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
125440

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
232960

SubsystemVersion
5.0

EntryPoint
0x1186a

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 b95d7f907f5c9927db504e1260f07d61
SHA1 69fa3895a339b5b2620f04a6bb4c06d114b32e8b
SHA256 60f2b6603c6a7899a821162aa727691609b1df5d882b4ecada9da111cab4c1d6
ssdeep
6144:6cNGYPixSGwOvV1OtAOoYWR0HvWh+aF8PX7IAGIN8YTNr:6cxPixSmottW1ufcAnDTNr

authentihash 5748e41d4022a7461860b701ac34044ae4acf8b7e934aaf4012054de36ff78f4
imphash bdff099752b1c1fcd0639e0db853cbd0
File size 351.5 KB ( 359936 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (generic) (35.9%)
Win32 Executable MS Visual C++ (generic) (27.0%)
Win64 Executable (generic) (23.9%)
Win32 Dynamic Link Library (generic) (5.6%)
Win32 Executable (generic) (3.9%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-02-02 08:46:25 UTC ( 3 years, 1 month ago )
Last submission 2016-02-02 08:46:25 UTC ( 3 years, 1 month ago )
File names setup.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications