× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 649f255ca963b2ce2de5fe85ae26332646f0647f05bfe7768dd067f92d51b695
File name: BejeweledSetup-en.exe
Detection ratio: 0 / 64
Analysis date: 2017-07-24 02:42:00 UTC ( 2 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware 20170723
AegisLab 20170723
AhnLab-V3 20170723
Alibaba 20170721
ALYac 20170723
Antiy-AVL 20170724
Arcabit 20170724
Avast 20170724
AVG 20170724
Avira (no cloud) 20170723
AVware 20170721
Baidu 20170721
BitDefender 20170724
Bkav 20170722
CAT-QuickHeal 20170722
ClamAV 20170724
CMC 20170721
Comodo 20170724
CrowdStrike Falcon (ML) 20170710
Cylance 20170724
Cyren 20170724
DrWeb 20170724
Emsisoft 20170724
Endgame 20170721
ESET-NOD32 20170724
F-Prot 20170724
F-Secure 20170724
Fortinet 20170724
GData 20170724
Ikarus 20170723
Sophos ML 20170607
Jiangmin 20170724
K7AntiVirus 20170723
K7GW 20170724
Kaspersky 20170724
Kingsoft 20170724
Malwarebytes 20170724
MAX 20170724
McAfee 20170723
McAfee-GW-Edition 20170723
Microsoft 20170724
eScan 20170724
NANO-Antivirus 20170724
nProtect 20170724
Palo Alto Networks (Known Signatures) 20170724
Panda 20170723
Qihoo-360 20170724
Rising 20170724
SentinelOne (Static ML) 20170718
Sophos AV 20170724
SUPERAntiSpyware 20170723
Symantec 20170723
Symantec Mobile Insight 20170720
Tencent 20170724
TheHacker 20170723
TotalDefense 20170723
TrendMicro 20170724
TrendMicro-HouseCall 20170724
Trustlook 20170724
VBA32 20170721
VIPRE 20170724
ViRobot 20170723
Webroot 20170724
WhiteArmor 20170721
Yandex 20170721
Zillya 20170721
ZoneAlarm by Check Point 20170724
Zoner 20170724
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 11:26 PM 2/8/2008
Signers
[+] PopCap Games
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2004 CA
Valid from 1:00 AM 9/1/2006
Valid to 12:59 AM 9/22/2009
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint B1F4990C76941CFCE42088B7C4A415BD750A2063
Serial number 3C 61 DF 38 D5 BB 38 36 A8 B4 4B 98 5C 50 44 79
[+] VeriSign Class 3 Code Signing 2004 CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 7/16/2004
Valid to 12:59 AM 7/16/2014
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 197A4AEBDB25F0170079BB8C73CB2D655E0018A4
Serial number 41 91 A1 5A 39 78 DF CF 49 65 66 38 1D 4C 75 C2
[+] VeriSign Class 3 Public Primary CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 1/29/1996
Valid to 12:59 AM 8/2/2028
Valid usage Email Protection, Client Auth, Code Signing, Server Auth
Algorithm md2RSA
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 1:00 AM 6/15/2007
Valid to 12:59 AM 6/15/2012
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT CAB, appended, UTF-8
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-12-12 20:43:35
Entry Point 0x0002D9BE
Number of sections 4
PE sections
Overlays
MD5 7685556004dab4ccab38df4499bbbf08
File type data
Offset 368640
Size 2669400
Entropy 8.00
PE imports
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegCreateKeyA
GetDeviceCaps
GetObjectA
BitBlt
DeleteDC
SetBkMode
CreateFontA
GetStockObject
GetTextMetricsA
CreateSolidBrush
DeleteObject
SelectObject
SetBkColor
CreateCompatibleDC
GetTextExtentPoint32W
SetTextColor
GetStdHandle
GetConsoleOutputCP
GetFileAttributesA
WaitForSingleObject
FindNextFileA
HeapDestroy
GetExitCodeProcess
FreeEnvironmentStringsA
DeleteCriticalSection
GetDiskFreeSpaceA
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
GetOEMCP
LocalFree
ResumeThread
InitializeCriticalSection
FindClose
TlsGetValue
SetLastError
InterlockedDecrement
CopyFileA
ExitProcess
GetVersionExA
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointer
CreateThread
SetUnhandledExceptionFilter
GetCurrentProcess
MulDiv
GetSystemDirectoryA
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
ExitThread
FreeLibrary
GetStartupInfoA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetUserDefaultLCID
GetProcessHeap
CompareStringW
ExpandEnvironmentStringsW
FindNextFileW
CompareStringA
FindFirstFileW
IsValidLocale
GetProcAddress
CreateEventA
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
DosDateTimeToFileTime
LCMapStringW
lstrlenA
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
RemoveDirectoryA
GetEnvironmentStrings
GetCurrentProcessId
SetFileTime
WideCharToMultiByte
HeapSize
GetCommandLineA
InterlockedCompareExchange
RaiseException
TlsFree
GetModuleHandleA
ReadFile
FindFirstFileA
CloseHandle
GetACP
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
ResetEvent
SysFreeString
VariantClear
VariantInit
SysAllocString
ShellExecuteExA
SHBrowseForFolderW
SHGetPathFromIDListW
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
MapWindowPoints
ReleaseDC
EndDialog
BeginPaint
SetWindowTextW
KillTimer
EnumChildWindows
SetWindowPos
SendDlgItemMessageA
BeginDeferWindowPos
MessageBoxW
SendMessageW
EndPaint
LoadImageA
DialogBoxParamW
AdjustWindowRectEx
DialogBoxParamA
GetSysColor
DeferWindowPos
GetDC
EndDeferWindowPos
DrawTextA
SetWindowTextA
DestroyIcon
GetWindowLongA
DrawIconEx
GetSystemMetrics
SendMessageA
LoadStringW
GetClientRect
CreateWindowExA
GetDlgItem
DrawFocusRect
SetTimer
FillRect
IsDlgButtonChecked
GetSysColorBrush
GetWindowTextW
GetDesktopWindow
IsWindowUnicode
EnableWindow
GetWindowTextA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
CoUninitialize
CoInitialize
CoCreateGuid
CoCreateInstance
CoInitializeSecurity
StringFromGUID2
Number of PE resources by type
RT_ICON 9
RT_DIALOG 8
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 19
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2007:12:12 21:43:35+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
270336

LinkerVersion
8.0

EntryPoint
0x2d9be

InitializedDataSize
94208

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Execution parents
File identification
MD5 33a9d7b495f4307a714370b418876d72
SHA1 79b4543152b9e9ff652f719cec5bde7b2f340534
SHA256 649f255ca963b2ce2de5fe85ae26332646f0647f05bfe7768dd067f92d51b695
ssdeep
49152:+1bOZaCamvYL5kBsB3LgFRVwtp/Loe8Cc6l67m5bDenBxLonbN9hjkqhTx9CYmS:+1iZIc4tgF0tZLofV6l6ICjGbN9hjHzt

authentihash f2bf71893d058ca0b7cab7c477a153e361a05e304173e91e7f6ffea7b7042f73
imphash 8d9abeb48c63383c5e688c3edf84514e
File size 2.9 MB ( 3038040 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (36.8%)
Win32 Executable MS Visual C++ (generic) (26.6%)
Win64 Executable (generic) (23.6%)
Win32 Dynamic Link Library (generic) (5.6%)
Win32 Executable (generic) (3.8%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2008-03-19 04:56:26 UTC ( 9 years, 7 months ago )
Last submission 2017-07-24 02:42:00 UTC ( 2 months, 3 weeks ago )
File names file
BejeweledSetup-en.exe
BejeweledSetup-en.exe
BejeweledSetup-en.exe
Bejeweled_Setup-en.exe
BejeweledSetup-en.exe
file-1238555_exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!