× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 66ab001c3e9e4288012bc3617d27dc7e749b6f0e1f5d12b2dfb09f22a8ad998e
File name: installer
Detection ratio: 40 / 56
Analysis date: 2015-03-23 15:28:14 UTC ( 2 months ago )
Antivirus Result Update
AVG InstallBrain.5BA 20150323
AVware InstallBrain (fs) 20150323
Ad-Aware Application.Bundler.InstallBrain.A 20150323
Agnitum Adware.BrainInst! 20150322
AhnLab-V3 Win-PUP/InstallBrain 20150323
Antiy-AVL GrayWare[AdWare:not-a-virus]/Win32.BrainInst.u 20150323
Avast Win32:InstallBrain-T [PUP] 20150323
BitDefender Application.Bundler.InstallBrain.A 20150323
Bkav W32.HfsAdware.7FE7 20150323
CAT-QuickHeal TrojanDownloader.Brantall.A5 20150323
Comodo Application.Win32.InstallBrain.AI 20150323
Cyren W32/IBrain.C.gen!Eldorado 20150323
DrWeb Adware.Downware.1295 20150323
ESET-NOD32 a variant of Win32/InstallBrain.N potentially unwanted 20150323
F-Prot W32/IBrain.C.gen!Eldorado 20150323
F-Secure Trojan:W32/InstallBrain.A 20150323
Fortinet Adware/InstallBrain.OP 20150323
GData Application.Bundler.InstallBrain.A 20150323
K7AntiVirus Unwanted-Program ( 004a9ccd1 ) 20150323
K7GW Unwanted-Program ( 004a9ccd1 ) 20150323
Kaspersky not-a-virus:AdWare.Win32.BrainInst.u 20150323
Malwarebytes PUP.BundleInstaller.IB 20150323
McAfee Artemis!9789E2095A57 20150323
MicroWorld-eScan Application.Bundler.InstallBrain.A 20150323
Microsoft TrojanDownloader:Win32/Brantall.C 20150323
NANO-Antivirus Trojan.Win32.Downware2.bcidto 20150323
Panda PUP/Ibups 20150318
Qihoo-360 Win32/Application.76a 20150323
Rising PE:Trojan.DL.Win32.Brantall.a!1075356204 20150323
SUPERAntiSpyware Adware.InstallBrain/Variant 20150321
Sophos InstallBrain 20150323
Symantec Trojan.ADH.2 20150323
Tencent Trojan.Win32.Qudamah.Gen.4 20150323
TheHacker Adware/Downware 20150322
TrendMicro TROJ_GEN.R0CBC0DA615 20150323
TrendMicro-HouseCall TROJ_GEN.R0CBC0DA615 20150323
VBA32 Signed-AdWare.BrainInst.PerformersoftLLC 20150322
VIPRE InstallBrain (fs) 20150323
Zillya Adware.BrainInst.Win32.27 20150322
nProtect Trojan-Clicker/W32.BrainInst.605952 20150323
ALYac 20150323
AegisLab 20150323
Alibaba 20150323
Avira 20150324
Baidu-International 20150323
ByteHero 20150323
CMC 20150323
ClamAV 20150323
Emsisoft 20150323
Ikarus 20150323
Kingsoft 20150323
McAfee-GW-Edition 20150323
Norman 20150323
TotalDefense 20150323
ViRobot 20150323
Zoner 20150323
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
Copyright 2012

Publisher Performersoft LLC
Product Installer
Original name installer.exe
Internal name installer
File version 14.12.8.9
Description Installer
Signature verification Signed file, verified signature
Signing date 5:05 PM 11/1/2012
Signers
[+] Performersoft LLC
Status Valid
Valid from 9:28 PM 6/27/2012
Valid to 9:28 PM 6/27/2015
Valid usage Code Signing
Algorithm SHA1
Thumbprint 275867B185996CA733E09CC9249C243C3F31B3D0
Serial number 07 DA C5 F7 3C 67 73
[+] Go Daddy Secure Certification Authority
Status Valid
Valid from 2:54 AM 11/16/2006
Valid to 2:54 AM 11/16/2026
Valid usage All
Algorithm SHA1
Thumbprint 7C4656C3061F7F4C0D67B319A855F60EBC11FC44
Serial number 03 01
[+] Go Daddy Class 2 Certification Authority
Status Valid
Valid from 6:06 PM 6/29/2004
Valid to 6:06 PM 6/29/2034
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm SHA1
Thumbprint 2796BAE63F1801E277261BA0D77770028F20EEE4
Serial number 00
Counter signers
[+] Symantec Time Stamping Services Signer - G3
Status Certificate out of its validity period
Valid from 1:00 AM 5/1/2012
Valid to 12:59 AM 1/1/2013
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 8FD99D63FB3AFBD534A4F6E31DACD27F59504021
Serial number 79 A2 A5 85 F9 D1 15 42 13 D9 B8 3E F6 B6 8D ED
[+] VeriSign Time Stamping Services CA
Status Certificate out of its validity period
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm MD5
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-11-01 15:50:44
Entry Point 0x0000F931
Number of sections 5
PE sections
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyW
ImageList_LoadImageW
CreateStatusWindowW
GetStockObject
GetObjectW
GetStdHandle
InterlockedPopEntrySList
HeapDestroy
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
InterlockedPushEntrySList
LoadResource
InterlockedDecrement
SetLastError
TlsGetValue
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
lstrcmpiW
HeapSetInformation
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
FlushInstructionCache
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoW
GetProcAddress
GetProcessHeap
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
lstrlenA
GetConsoleCP
FindResourceW
GetEnvironmentStringsW
lstrlenW
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
WideCharToMultiByte
HeapSize
InterlockedCompareExchange
lstrcpynW
RaiseException
TlsFree
SetFilePointer
CloseHandle
lstrcpynA
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
FindResourceExW
VirtualFree
Sleep
IsBadReadPtr
VirtualAlloc
VarUI4FromStr
SetFocus
MapWindowPoints
GetMonitorInfoW
GetParent
EndDialog
DefWindowProcW
DestroyMenu
PostQuitMessage
ShowWindow
MessageBeep
SetWindowPos
RemoveMenu
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
RegisterClassExW
UnregisterClassA
DialogBoxParamW
AppendMenuW
CharNextW
GetWindow
PostMessageW
InvalidateRect
CreatePopupMenu
SendMessageW
LoadStringA
GetWindowLongW
IsWindowVisible
LoadStringW
GetClientRect
GetMenuItemInfoW
SetMenuDefaultItem
MonitorFromWindow
TrackPopupMenuEx
SetMenuItemInfoW
CallWindowProcW
GetMenuItemCount
MonitorFromPoint
GetClassInfoExW
LoadCursorW
CreateWindowExW
GetActiveWindow
TranslateAcceleratorW
PtInRect
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
CoTaskMemAlloc
Number of PE resources by type
BDATA 7
RT_ICON 4
RT_MANIFEST 1
RT_GROUP_ICON 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 12
ENGLISH US 2
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
14.12.8.9

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
472576

OriginalFilename
installer.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2012

FileVersion
14.12.8.9

TimeStamp
2012:11:01 16:50:44+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
installer

ProductVersion
14.12.8.9

FileDescription
Installer

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
124928

ProductName
Installer

ProductVersionNumber
14.12.8.9

EntryPoint
0xf931

ObjectFileType
Executable application

File identification
MD5 9789e2095a57b858bc25ecf350f94ef5
SHA1 34efb136b032261b44d80e9a7c96f4ad72b57ff0
SHA256 66ab001c3e9e4288012bc3617d27dc7e749b6f0e1f5d12b2dfb09f22a8ad998e
ssdeep
12288:SOhxlLGZaygq0qbYVu0o4ljMNImZ4oQOJ6+7KHU/FLlR6W83VLqdT:SbZaTqscYA+5n+u05ll831qdT

authentihash 722a4e52caefe8c1d61b063d7c1eb13d14cf3863f7cd00b7f4cc13715ac7c7ff
imphash 185b26911fd67b8e8d37f7887a07216e
File size 591.8 KB ( 605952 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe signed

VirusTotal metadata
First submission 2013-01-08 08:46:29 UTC ( 2 years, 4 months ago )
Last submission 2013-09-15 17:42:48 UTC ( 1 year, 8 months ago )
File names ibsvc.exe
installer.exe
eTypeSetup.exe
installer
eType Setup403515.exe
eTypeSetup.exe
ibsvc.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications