× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6a6b5e013b5c91baab663b8fae93b89e2ef757b36c821fc45a6a38a28bf9f52b
File name: sysplayer_5f3406fd88_setup.exe
Detection ratio: 5 / 47
Analysis date: 2013-11-09 13:38:25 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
AVG MalSign.Skodna.A8D 20131109
McAfee Artemis!1B40E274890F 20131109
McAfee-GW-Edition Artemis!1B40E274890F 20131109
TrendMicro-HouseCall TROJ_GEN.F47V1106 20131109
VIPRE Goobzo (fs) 20131109
Agnitum 20131109
AhnLab-V3 20131109
AntiVir 20131109
Antiy-AVL 20131107
Avast 20131109
Baidu-International 20131109
BitDefender 20131109
Bkav 20131109
ByteHero 20131105
CAT-QuickHeal 20131109
ClamAV 20131109
Commtouch 20131109
Comodo 20131109
DrWeb 20131109
ESET-NOD32 20131109
Emsisoft 20131109
F-Prot 20131109
F-Secure 20131109
Fortinet 20131109
GData 20131109
Ikarus 20131109
Jiangmin 20131109
K7AntiVirus 20131108
K7GW 20131108
Kaspersky 20131109
Kingsoft 20130829
Malwarebytes 20131109
MicroWorld-eScan 20131109
Microsoft 20131109
NANO-Antivirus 20131109
Norman 20131109
Panda 20131109
Rising 20131108
SUPERAntiSpyware 20131109
Sophos 20131109
Symantec 20131109
TheHacker 20131107
TotalDefense 20131108
TrendMicro 20131109
VBA32 20131108
ViRobot 20131109
nProtect 20131109
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
Copyright (C) 2013

Publisher Goobzo LTD
File version 1.0.4.3
Signature verification Signed file, verified signature
Signing date 2:14 PM 10/28/2013
Signers
[+] Goobzo LTD
Status Valid
Valid from 1:00 AM 5/2/2013
Valid to 12:59 AM 5/3/2015
Valid usage Code Signing, 1.3.6.1.4.1.311.2.1.22
Algorithm SHA1
Thumbrint 75400F0D813073FFE1A848739654239065D9EF7B
Serial number 12 0B 25 DD E5 7B 88 63 6A D4 D9 7D 23 B9 9C 88
[+] Thawte Code Signing CA - G2
Status Valid
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbrint 808D62642B7D1C4A9A83FD667F7A2A9D243FB1C7
Serial number 47 97 4D 78 73 A5 BC AB 0D 2F B3 70 19 2F CE 5E
[+] thawte
Status Valid
Valid from 1:00 AM 11/17/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm SHA1
Thumbrint 91C6D6EE3E8AC86384E548C299295C756C817B81
Serial number 34 4E D5 57 20 D5 ED EC 49 F4 2F CE 37 DB 2B 6D
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm MD5
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-10-28 13:14:38
Entry Point 0x00048E9B
Number of sections 5
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
RegNotifyChangeKeyValue
RegEnumKeyW
RegDeleteKeyW
InitializeSecurityDescriptor
RegQueryValueExW
SetSecurityDescriptorDacl
GetSidSubAuthorityCount
GetSidSubAuthority
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExW
RegOpenKeyW
LookupAccountNameW
RegQueryValueW
GetUserNameW
IsValidSid
GetSidIdentifierAuthority
RegQueryInfoKeyW
RegDeleteValueW
RegEnumKeyExW
GetSecurityDescriptorSacl
RegEnumValueW
RegSetValueExW
FreeSid
AllocateAndInitializeSid
CheckTokenMembership
InitCommonControlsEx
GetDeviceCaps
SetLayout
CreateFontW
GetStdHandle
InterlockedPopEntrySList
SetEvent
EncodePointer
GetFileAttributesW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
GetConsoleMode
SetErrorMode
FreeEnvironmentStringsW
FileTimeToSystemTime
SetStdHandle
GetCPInfo
InterlockedExchange
WriteFile
WaitForSingleObject
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
FormatMessageW
InterlockedPushEntrySList
InitializeCriticalSection
OutputDebugStringW
TlsGetValue
DebugBreak
GetEnvironmentVariableW
SetLastError
DeviceIoControl
InterlockedDecrement
CopyFileW
LoadResource
OpenEventW
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
HeapSetInformation
SetConsoleCtrlHandler
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SystemTimeToTzSpecificLocalTime
FlushInstructionCache
GetPrivateProfileStringW
CreateEventW
CreateThread
SetEnvironmentVariableW
MoveFileExW
GetSystemDirectoryW
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
ExitThread
DecodePointer
SetEnvironmentVariableA
TerminateProcess
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
LoadLibraryW
GetComputerNameW
GetVersionExW
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
lstrcmpiW
RtlUnwind
FreeLibrary
GetDateFormatA
GetFileSize
GetStartupInfoW
CreateDirectoryW
GetProcAddress
GetProcessHeap
GetTempFileNameW
CreateFileMappingW
CompareStringW
GetTimeFormatA
DuplicateHandle
WaitForMultipleObjects
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
UnmapViewOfFile
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
FindResourceW
GetEnvironmentStringsW
lstrlenW
Process32NextW
CreateProcessW
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
WideCharToMultiByte
HeapSize
InterlockedCompareExchange
Process32FirstW
WritePrivateProfileStringW
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetFileAttributesExW
IsValidCodePage
HeapCreate
GetTempPathW
VirtualFree
Sleep
SetThreadPriority
VirtualAlloc
ResetEvent
VarUI4FromStr
SysFreeString
VariantClear
VariantInit
SysAllocString
UuidToStringA
RpcStringFreeA
SHGetFolderPathW
SHFileOperationW
ShellExecuteW
ShellExecuteExW
SHGetSpecialFolderPathW
Ord(680)
MapWindowPoints
GetMonitorInfoW
GetParent
EndDialog
DefWindowProcW
FindWindowW
DialogBoxParamW
GetMessageW
ShowWindow
SetWindowPos
GetWindowThreadProcessId
GetSystemMetrics
SetWindowLongW
MessageBoxW
PeekMessageW
GetWindowRect
MoveWindow
EnumChildWindows
TranslateMessage
GetWindow
MsgWaitForMultipleObjectsEx
GetDC
CreateDialogParamW
ReleaseDC
SendMessageW
UnregisterClassA
GetWindowLongW
IsWindowVisible
LoadStringW
GetClientRect
GetDlgItem
MonitorFromWindow
SetTimer
GetClassNameW
GetActiveWindow
IsDialogMessageW
FindWindowExW
SetWindowTextW
GetWindowTextW
LoadIconW
SendMessageTimeoutW
DispatchMessageW
wsprintfW
SetForegroundWindow
CharNextW
DestroyWindow
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
HttpQueryInfoW
InternetGetLastResponseInfoW
InternetQueryDataAvailable
InternetConnectW
InternetWriteFile
InternetReadFile
HttpEndRequestW
HttpSendRequestExW
InternetCloseHandle
InternetSetOptionW
HttpSendRequestW
InternetOpenW
HttpOpenRequestW
HttpAddRequestHeadersW
getaddrinfo
socket
send
WSACleanup
WSAStartup
connect
htons
closesocket
WSAGetLastError
CoInitializeEx
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoCreateGuid
CoTaskMemRealloc
CoCreateInstance
CoInitializeSecurity
CoTaskMemFree
Number of PE resources by type
RT_ICON 7
RT_DIALOG 5
RT_GROUP_ICON 2
RT_MANIFEST 1
RT_STRING 1
RT_MENU 1
RT_RCDATA 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 19
HEBREW DEFAULT 1
ENGLISH NEUTRAL 1
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileVersionNumber
1.0.4.3

LanguageCode
Unknown (0009)

FileFlagsMask
0x0017

CharacterSet
Unicode

InitializedDataSize
420352

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.4.3

TimeStamp
2013:10:28 14:14:38+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2014:11:05 05:26:35+01:00

ProductVersion
1.0.4.3

SubsystemVersion
5.1

OSVersion
5.1

FileCreateDate
2014:11:05 05:26:35+01:00

FileOS
Win32

LegalCopyright
Copyright (C) 2013

MachineType
Intel 386 or later, and compatibles

CompanyName
Goobzo LTD

CodeSize
411136

FileSubtype
0

ProductVersionNumber
1.0.4.3

EntryPoint
0x48e9b

ObjectFileType
Executable application

File identification
MD5 1b40e274890fd02d0d48abd29f13838a
SHA1 794d6c6d7b13153f90798e3050d7f98c853c19ab
SHA256 6a6b5e013b5c91baab663b8fae93b89e2ef757b36c821fc45a6a38a28bf9f52b
ssdeep
24576:7uiFUaLnQTQr+HrITef1LRdBaT9p6kPNM:7PFjLnjr+HreKJRdBm9p6kPNM

authentihash fda661f7031427189ed9d750eec04d34aec0f026786bc749204d79b57e6f0443
imphash 63ce86232fc71916f72fc1f35749e210
File size 819.9 KB ( 839552 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (83.4%)
Win32 Executable (generic) (8.7%)
Generic Win/DOS Executable (3.8%)
DOS Executable Generic (3.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe signed

VirusTotal metadata
First submission 2013-11-06 17:59:43 UTC ( 1 year, 4 months ago )
Last submission 2014-10-30 10:13:07 UTC ( 5 months ago )
File names file
sysplayer_08c64347b3_setup.exe
file-6240915_exe
1b40e274890fd02d0d48abd29f13838a
sysplayer_5f3406fd88_setup.exe
sysplayer_ds_setup.exe
sysplayer_sysds_setup.exe
sysplayer_fa11d7b14a_setup.exe
sysplayer_7d2b72f7d3_setup.exe
sysplayer_90dc041c6a_setup.exe
sysplayer_969c5f3d4a_setup.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Set keys
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications