× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6eea1545400275592817bd3f9d29ea7518a8ae78c38a6431453c0dbbc4cb38d0
File name: dwgseepro.exe
Detection ratio: 0 / 56
Analysis date: 2016-04-01 16:39:43 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware 20160401
AegisLab 20160401
AhnLab-V3 20160401
Alibaba 20160401
ALYac 20160401
Antiy-AVL 20160401
Arcabit 20160401
Avast 20160401
AVG 20160401
AVware 20160401
Baidu 20160331
Baidu-International 20160401
BitDefender 20160401
Bkav 20160401
CAT-QuickHeal 20160401
ClamAV 20160401
CMC 20160322
Comodo 20160401
Cyren 20160401
DrWeb 20160401
Emsisoft 20160401
ESET-NOD32 20160401
F-Prot 20160401
F-Secure 20160401
Fortinet 20160401
GData 20160401
Ikarus 20160401
Jiangmin 20160401
K7AntiVirus 20160401
K7GW 20160401
Kaspersky 20160401
Kingsoft 20160401
Malwarebytes 20160401
McAfee 20160401
McAfee-GW-Edition 20160401
Microsoft 20160401
eScan 20160401
NANO-Antivirus 20160401
nProtect 20160401
Panda 20160401
Qihoo-360 20160401
Rising 20160401
Sophos AV 20160401
SUPERAntiSpyware 20160401
Symantec 20160331
Tencent 20160401
TheHacker 20160330
TotalDefense 20160330
TrendMicro 20160401
TrendMicro-HouseCall 20160401
VBA32 20160401
VIPRE 20160401
ViRobot 20160401
Yandex 20160316
Zillya 20160401
Zoner 20160401
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2009 Acresso Software Inc. and/or InstallShield Co. Inc. All Rights Reserved.

Product InstallShield
Original name Setup.exe
Internal name Setup
File version 16.0.328
Description InstallScript Setup Launcher
Signature verification Certificate out of its validity period
Signers
[+] Hangzhou Taishi Technology Co.,Ltd.
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer WoSign Class 3 Code Signing CA G2
Valid from 7:20 AM 11/23/2015
Valid to 7:20 AM 1/23/2017
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 749B4FE844914E38C42A2A77B36A960840935305
Serial number 31 FC 56 F2 AB A1 BB 70 EF 42 DA 3C FF 1A 01 C8
[+] WoSign Class 3 Code Signing CA G2
Status Valid
Issuer Certification Authority of WoSign
Valid from 1:58 AM 11/8/2014
Valid to 1:58 AM 11/8/2029
Valid usage Code Signing, 1.3.6.1.4.1.311.2.1.22
Algorithm sha256RSA
Thumbprint FDF066448E05E060B1B14E542F6DE002B59B0C71
Serial number 37 A6 0E 92 5F 23 F8 0C FD CD 97 65 92 98 C3 54
[+] WoSign
Status Valid
Issuer Certification Authority of WoSign
Valid from 2:00 AM 8/8/2009
Valid to 2:00 AM 8/8/2039
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint B94294BF91EA8FB64BE61097C7FB001359B676CB
Serial number 5E 68 D6 11 71 94 63 50 56 00 68 F3 3E C9 C5 91
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-06-10 17:24:16
Entry Point 0x0003D474
Number of sections 4
PE sections
Overlays
MD5 df06430e71486469946fc2fea40f893d
File type data
Offset 801792
Size 25045552
Entropy 7.99
PE imports
RegDeleteKeyA
SetSecurityDescriptorOwner
LookupPrivilegeValueA
RegCloseKey
RegEnumValueA
RegQueryValueExA
AdjustTokenPrivileges
RegCreateKeyExA
SetSecurityDescriptorDacl
RegOpenKeyA
OpenProcessToken
RegOpenKeyExA
EqualSid
GetTokenInformation
OpenThreadToken
RegEnumKeyA
RegEnumKeyExA
FreeSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegSetValueExA
RegDeleteValueA
SetSecurityDescriptorGroup
GetDIBColorTable
SetMapMode
GetSystemPaletteEntries
CreateHalftonePalette
PlayMetaFile
SaveDC
TextOutA
CreateFontIndirectA
SetStretchBltMode
GetDeviceCaps
CreateDCA
TranslateCharsetInfo
DeleteDC
RestoreDC
SetBkMode
SetMetaFileBitsEx
SetPixel
SetWindowOrgEx
BitBlt
RealizePalette
SetTextColor
CreatePatternBrush
GetObjectA
CreateBitmap
CreatePalette
GetStockObject
CreateDIBitmap
SetViewportOrgEx
SelectPalette
UnrealizeObject
SelectClipRgn
CreateCompatibleDC
StretchBlt
CreateRectRgn
SelectObject
GetTextExtentPoint32A
PatBlt
SetWindowExtEx
CreateSolidBrush
SetViewportExtEx
SetBkColor
DeleteObject
CreateCompatibleBitmap
DeleteMetaFile
GetPrivateProfileSectionNamesA
GetStdHandle
ReleaseMutex
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
HeapDestroy
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
GetThreadContext
SetStdHandle
GetFileTime
GetTempPathA
WideCharToMultiByte
GetStringTypeA
InterlockedExchange
WriteFile
GetDiskFreeSpaceA
GetStringTypeW
SetFileAttributesA
FreeLibrary
LocalFree
ResumeThread
GetEnvironmentVariableA
LoadResource
FindClose
InterlockedDecrement
FormatMessageA
SetLastError
VerLanguageNameA
InitializeCriticalSection
WriteProcessMemory
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
RaiseException
GetPrivateProfileStringA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
FlushInstructionCache
CreateMutexA
GetModuleHandleA
CreateThread
SetUnhandledExceptionFilter
MulDiv
ExitThread
MoveFileExA
SetThreadContext
TerminateProcess
VirtualQuery
SearchPathA
GetVersion
LeaveCriticalSection
SetCurrentDirectoryA
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GetSystemDirectoryA
GetStartupInfoA
GetDateFormatA
GetFileSize
OpenProcess
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
SetEvent
GetProcAddress
VirtualProtectEx
GetProcessHeap
CompareStringW
lstrcmpA
FindFirstFileA
lstrcpyA
CompareStringA
GetTempFileNameA
CreateFileMappingA
FindNextFileA
DuplicateHandle
ExpandEnvironmentStringsA
RemoveDirectoryA
CreateEventA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
HeapCreate
GetSystemInfo
lstrlenA
GlobalFree
LCMapStringA
HeapReAlloc
GetProcessTimes
GlobalUnlock
GetEnvironmentStringsW
FindResourceExA
IsDBCSLeadByte
GlobalAlloc
lstrlenW
GetCPInfo
FileTimeToLocalFileTime
GetEnvironmentStrings
CompareFileTime
GetCurrentProcessId
LockResource
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetCurrentThread
GetSystemDefaultLangID
QueryPerformanceFrequency
MapViewOfFile
SetFilePointer
ReadFile
CloseHandle
GetTimeFormatA
lstrcpynA
GetACP
GlobalLock
GetCurrentThreadId
FreeResource
SizeofResource
CreateProcessA
UnmapViewOfFile
VirtualFree
Sleep
IsBadReadPtr
IsBadCodePtr
FindResourceA
VirtualAlloc
GetOEMCP
ResetEvent
LZCopy
LZClose
LZOpenFileA
VariantChangeType
SysStringLen
SysAllocStringLen
VariantClear
SysAllocString
SysReAllocStringLen
GetErrorInfo
SysFreeString
RpcStringFreeA
UuidToStringA
UuidCreate
ShellExecuteExA
SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListA
SetFocus
GetMessageA
SetDlgItemTextA
GetParent
MapDialogRect
ReleaseDC
SetPropA
EndDialog
BeginPaint
DrawIcon
CreateDialogIndirectParamA
DefWindowProcA
ShowWindow
DrawFocusRect
GetPropA
MapWindowPoints
SendDlgItemMessageA
GetSystemMetrics
IsWindow
GetWindowRect
InflateRect
EndPaint
UpdateWindow
PostMessageA
MoveWindow
EnumChildWindows
GetDlgItemTextA
CallWindowProcA
IntersectRect
MessageBoxA
PeekMessageA
GetWindowDC
SetWindowLongA
GetWindowLongA
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
SetActiveWindow
GetDC
RegisterClassExA
SystemParametersInfoA
RemovePropA
SetWindowTextA
LoadStringA
IsWindowVisible
SendMessageA
GetWindowTextA
GetClientRect
CreateWindowExA
GetDlgItem
CreateDialogParamA
SetWindowPos
EnableMenuItem
ScreenToClient
InvalidateRect
wsprintfA
FindWindowExA
GetSysColor
LoadIconA
DrawTextA
FillRect
CopyRect
WaitForInputIdle
GetDesktopWindow
DispatchMessageA
LoadImageA
GetClassNameA
IsDialogMessageA
MsgWaitForMultipleObjects
EnableWindow
SetForegroundWindow
ExitWindowsEx
DialogBoxIndirectParamA
DestroyWindow
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Ord(136)
Ord(87)
Ord(8)
Ord(141)
Ord(168)
CoUninitialize
CoInitialize
CoInitializeSecurity
Number of PE resources by type
RT_STRING 25
RT_DIALOG 23
RT_ICON 11
RT_BITMAP 6
RT_GROUP_ICON 3
RT_MANIFEST 1
GIF 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 45
ENGLISH US 26
PE resources
ExifTool file metadata
FileTypeExtension
exe

SubsystemVersion
5.0

InitializedDataSize
385024

ImageVersion
0.0

ProductName
InstallShield

FileVersionNumber
16.0.0.328

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

InternalBuildNumber
90563

OriginalFileName
Setup.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
16.0.328

TimeStamp
2009:06:10 18:24:16+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Setup

ProductVersion
16.0

FileDescription
InstallScript Setup Launcher

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright (C) 2009 Acresso Software Inc. and/or InstallShield Co. Inc. All Rights Reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Acresso Software Inc.

CodeSize
415744

FileSubtype
0

ProductVersionNumber
16.0.0.0

EntryPoint
0x3d474

ObjectFileType
Dynamic link library

File identification
MD5 0500c72de1a326f2a75d9c9fbc7b8659
SHA1 66e90e8efc62197881b9dfe46c1fc71de0b58fda
SHA256 6eea1545400275592817bd3f9d29ea7518a8ae78c38a6431453c0dbbc4cb38d0
ssdeep
393216:o3OjLLW4EVahZP+qHPS22vE0H4c2d6bBE+z4RqmfKPiFSq4ZEkMGQ615G5dJNp:o3WW47ZPbS5vEYfbeg4ROiFSpZfQ60n

authentihash 0109acf4c6fdee3e7cee70d8f16bbc3a7b829a258f28b8d970873c5a67fea80a
imphash fc349687b82a59bedb5788849f9f2c0e
File size 24.6 MB ( 25847344 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID DirectShow filter (44.1%)
Windows ActiveX control (25.5%)
Win32 EXE PECompact compressed (v2.x) (12.9%)
Win32 EXE PECompact compressed (generic) (9.0%)
Win64 Executable (generic) (6.0%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2016-01-14 23:10:42 UTC ( 3 years, 4 months ago )
Last submission 2016-04-15 00:50:29 UTC ( 3 years, 1 month ago )
File names Setup.exe
Setup
779089
dwgseepro.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!