× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 66f660ef7c260b1a9da9be0466882043efc01b86de44a6baf849e49c66893237
File name: download.exe
Detection ratio: 12 / 47
Analysis date: 2013-10-15 13:56:06 UTC ( 6 months ago )
Antivirus Result Update
AVG MalSign.Generic.2EF 20131015
AntiVir APPL/InstallRex.L 20131015
Avast Win32:InstalleRex-AI [PUP] 20131015
DrWeb Adware.Downware.1442 20131015
ESET-NOD32 Win32/InstalleRex.K 20131015
Fortinet Riskware/InstalleRex 20131015
Kingsoft Win32.Troj.Undef.(kcloud) 20130829
Malwarebytes PUP.Optional.InstalleRex 20131015
Rising Trojan.Win32.Fednu.upv 20131015
Sophos InstallRex 20131015
VBA32 Downware.TSU 20131015
VIPRE Installerex/WebPick (fs) 20131015
Agnitum 20131015
AhnLab-V3 20131015
Antiy-AVL 20131015
Baidu-International 20131015
BitDefender 20131012
ByteHero 20131011
CAT-QuickHeal 20131015
ClamAV 20131015
Commtouch 20131015
Comodo 20131015
Emsisoft 20131015
F-Prot 20131015
F-Secure 20131015
GData 20131015
Ikarus 20131015
Jiangmin 20131014
K7AntiVirus 20131014
K7GW 20131014
Kaspersky 20131015
McAfee 20131015
McAfee-GW-Edition 20131015
MicroWorld-eScan 20131015
Microsoft 20131015
NANO-Antivirus 20131015
Norman 20131015
PCTools 20131002
Panda 20131015
SUPERAntiSpyware 20131015
Symantec 20131015
TheHacker 20131015
TotalDefense 20131011
TrendMicro 20131015
TrendMicro-HouseCall 20131015
ViRobot 20131015
nProtect 20131015
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
Authenticode signature block
Copyright
Copyright © 2012 SummerSoft

Publisher Ivan Kostin
Product SummerSoft
Version 1.0.0.1
Original name TSULoader.exe
Internal name TSULoader
File version 2013.10.10.1735
Description Installer for SummerSoft
Comments WinNT (x86) Unicode Lib Rel
Signature verification Signed file, verified signature
Signing date 2:56 PM 10/15/2013
Signers
[+] Ivan Kostin
Status Valid
Valid from 1:00 AM 8/25/2013
Valid to 12:59 AM 8/26/2014
Valid usage Code Signing
Algorithm SHA1
Thumbrint 0432CB44B9C12244EDB8E2499E4915750651DF5C
Serial number 00 EB 11 D2 4C E6 DD BB F7 52 FE 4D C3 D6 83 D2 BF
[+] COMODO Code Signing CA 2
Status Valid
Valid from 1:00 AM 8/24/2011
Valid to 11:48 AM 5/30/2020
Valid usage Code Signing
Algorithm SHA1
Thumbrint B64771392538D1EB7A9281998791C14AFD0C5035
Serial number 10 70 9D 4F F5 54 08 D7 30 60 01 D8 EA 91 75 BB
[+] UTN-USERFirst-Object
Status Valid
Valid from 9:09 AM 6/7/2005
Valid to 11:48 AM 5/30/2020
Valid usage All
Algorithm SHA1
Thumbrint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] USERTrust
Status Valid
Valid from 11:48 AM 5/30/2000
Valid to 11:48 AM 5/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm SHA1
Thumbrint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-12 08:51:45
Entry Point 0x000014DB
Number of sections 7
PE sections
PE imports
GetLastError
HeapFree
CreateFileMappingW
LoadLibraryW
FreeLibrary
ExitProcess
GetFileAttributesW
lstrlenW
GetTickCount
GetFileSize
SetFileTime
GetCommandLineW
MultiByteToWideChar
DeleteFileW
GetProcAddress
GetProcessHeap
lstrcpynW
GetModuleFileNameW
MapViewOfFile
SetFilePointer
ReadFile
GetCurrentThreadId
GetTempPathW
CloseHandle
GetSystemTimeAsFileTime
GetModuleHandleW
UnmapViewOfFile
WriteFile
CreateFileW
Sleep
SetFileAttributesW
HeapAlloc
OutputDebugStringA
GetCurrentProcessId
MessageBoxA
PostMessageW
wvsprintfA
wsprintfW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
Number of PE resources by type
RT_ICON 3
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 6
File identification
MD5 e8c9c2db3514f375f74b60cb9dfcd4ef
SHA1 a274a7fb228e74366d903d0aaf23804a49e16a70
SHA256 66f660ef7c260b1a9da9be0466882043efc01b86de44a6baf849e49c66893237
ssdeep
6144:Frkp9uEo2S1YnQmCX492DkwNP3qpYFqrtZJ9jEvyQzjBR2JYRcK7uYS:Frk/u6/eIo49PJ9YvBzlm

File size 303.2 KB ( 310496 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe signed

VirusTotal metadata
First submission 2013-10-15 13:56:06 UTC ( 6 months ago )
Last submission 2013-10-15 13:56:06 UTC ( 6 months ago )
File names TSULoader
TSULoader.exe
download.exe
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!