× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6a526fa9022d79faf84250a8139dd1e9a443a74b6ab0a1a46cc4b76a36af665e
File name: converter.exe
Detection ratio: 1 / 64
Analysis date: 2017-07-18 12:20:26 UTC ( 1 year, 10 months ago )
Antivirus Result Update
Kingsoft VIRUS_UNKNOWN 20170718
Ad-Aware 20170718
AegisLab 20170718
AhnLab-V3 20170718
Alibaba 20170718
ALYac 20170718
Antiy-AVL 20170718
Arcabit 20170718
Avast 20170718
AVG 20170718
Avira (no cloud) 20170718
AVware 20170718
Baidu 20170718
BitDefender 20170718
Bkav None
CAT-QuickHeal 20170718
ClamAV 20170718
CMC 20170718
Comodo 20170718
CrowdStrike Falcon (ML) 20170710
Cylance 20170718
Cyren 20170718
DrWeb 20170718
Emsisoft 20170718
Endgame 20170713
ESET-NOD32 20170718
F-Prot 20170718
F-Secure 20170718
Fortinet 20170718
GData 20170718
Ikarus 20170718
Sophos ML 20170607
Jiangmin 20170718
K7AntiVirus 20170718
K7GW 20170718
Kaspersky 20170718
Malwarebytes 20170718
MAX 20170718
McAfee 20170718
McAfee-GW-Edition 20170718
Microsoft 20170718
eScan 20170718
NANO-Antivirus 20170718
nProtect 20170718
Palo Alto Networks (Known Signatures) 20170718
Panda 20170718
Qihoo-360 20170718
Rising 20170718
SentinelOne (Static ML) 20170718
Sophos AV 20170718
SUPERAntiSpyware 20170718
Symantec 20170718
Symantec Mobile Insight 20170718
Tencent 20170718
TheHacker 20170717
TotalDefense 20170718
TrendMicro 20170718
TrendMicro-HouseCall 20170718
Trustlook 20170718
VBA32 20170718
VIPRE 20170718
ViRobot 20170718
Webroot 20170718
WhiteArmor 20170713
Yandex 20170717
Zillya 20170717
ZoneAlarm by Check Point 20170718
Zoner 20170718
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2005-2011 fCoder Group, Inc.

Product ImageConverter Plus
File version
Description ImageConverter Plus Setup
Comments This installation was built with Inno Setup.
Signature verification Signed file, verified signature
Signing date 8:40 AM 3/3/2013
Signers
[+] fCoder Group, Inc.
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2009-2 CA
Valid from 1:00 AM 6/16/2010
Valid to 12:59 AM 7/24/2013
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 3604B0673409D72FD9865D96ACF7622ECB897B41
Serial number 71 17 7E 29 0D 34 2E 84 AB E0 0E E3 5F B0 0E 18
[+] VeriSign Class 3 Code Signing 2009-2 CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 5/21/2009
Valid to 12:59 AM 5/21/2019
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 12D4872BC3EF019E7E0B6F132480AE29DB5B1CA3
Serial number 65 52 26 E1 B2 2E 18 E1 59 0F 29 85 AC 22 E7 5C
[+] VeriSign Class 3 Public Primary CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 1/29/1996
Valid to 12:59 AM 8/2/2028
Valid usage Email Protection, Client Auth, Code Signing, Server Auth
Algorithm md2RSA
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT INNO, appended, UTF-8
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-03-17 10:22:54
Entry Point 0x00016478
Number of sections 8
PE sections
Overlays
MD5 5e32d1657c8535c993992f63409f20a2
File type data
Offset 140800
Size 15643096
Entropy 8.00
PE imports
RegCloseKey
OpenProcessToken
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
InitCommonControls
GetLastError
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetThreadLocale
VirtualProtect
GetFileAttributesW
RtlUnwind
lstrlenW
GetLocalTime
CreateProcessW
DeleteCriticalSection
GetStartupInfoA
SizeofResource
GetWindowsDirectoryW
LocalAlloc
LockResource
GetDiskFreeSpaceW
GetCommandLineW
SetErrorMode
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
EnumCalendarInfoW
GetCPInfo
DeleteFileW
GetProcAddress
GetDateFormatW
InterlockedCompareExchange
GetLocaleInfoW
lstrcpynW
CompareStringW
RaiseException
WideCharToMultiByte
RemoveDirectoryW
SetFilePointer
GetFullPathNameW
ReadFile
GetEnvironmentVariableW
InterlockedExchange
CreateDirectoryW
WriteFile
GetCurrentProcess
CloseHandle
FindFirstFileW
GetACP
GetModuleHandleW
SignalObjectAndWait
SetEvent
FormatMessageW
LoadLibraryW
CreateEventW
GetExitCodeProcess
GetVersion
InitializeCriticalSection
LoadResource
FindResourceW
CreateFileW
VirtualQuery
VirtualFree
FindClose
TlsGetValue
Sleep
SetEndOfFile
TlsSetValue
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
GetFileSize
SetLastError
ResetEvent
VariantChangeType
SafeArrayGetLBound
SafeArrayPtrOfIndex
SysAllocStringLen
VariantClear
SafeArrayCreate
SysReAllocStringLen
SafeArrayGetUBound
VariantCopy
SysFreeString
VariantInit
GetSystemMetrics
SetWindowLongW
MessageBoxW
PeekMessageW
LoadStringW
MessageBoxA
CreateWindowExW
MsgWaitForMultipleObjects
TranslateMessage
CharUpperBuffW
CallWindowProcW
CharNextW
GetKeyboardType
ExitWindowsEx
DispatchMessageW
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 4
RT_RCDATA 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 9
ENGLISH US 4
DUTCH 4
PE resources
ExifTool file metadata
FileDescription
ImageConverter Plus Setup

Comments
This installation was built with Inno Setup.

InitializedDataSize
53760

ImageVersion
6.0

ProductName
ImageConverter Plus

FileVersionNumber
0.0.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
2.25

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

TimeStamp
2011:03:17 11:22:54+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
8.0.105 (build: 1102

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

LegalCopyright
Copyright 2005-2011 fCoder Group, Inc.

MachineType
Intel 386 or later, and compatibles

CompanyName
fCoder Group, Inc.

CodeSize
86016

FileSubtype
0

ProductVersionNumber
0.0.0.0

EntryPoint
0x16478

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 f40d25569b1fc81533c480bdb06185a5
SHA1 cf4823d76a291d5fd4b59a181139498a4f25b50d
SHA256 6a526fa9022d79faf84250a8139dd1e9a443a74b6ab0a1a46cc4b76a36af665e
ssdeep
393216:scFbWGmhHn3s3lKT5MiuFyo2na2u/0ZaW4PN+5:s+CJhH83gbuEo2ZucQc5

authentihash 543af2d2477674bbbbd499e390b30b5ae9e0e8a762c6f041f60b49e8c8d93438
imphash 483f0c4259a9148c34961abbda6146c1
File size 15.1 MB ( 15783896 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (77.7%)
Win32 Executable Delphi generic (10.0%)
Win32 Dynamic Link Library (generic) (4.6%)
Win32 Executable (generic) (3.1%)
Win16/32 Executable Delphi generic (1.4%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2013-04-04 23:13:37 UTC ( 6 years, 1 month ago )
Last submission 2017-06-23 16:48:16 UTC ( 1 year, 11 months ago )
File names aa
file-6750094_exe
converter.exe
Image Converter Plus.exe
UKrDug1.png
6A526FA9022D79FAF84250A8139DD1E9A443A74B6AB0A1A46CC4B76A36AF665E
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!