× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6f1108f9081e96dd302fae2304203cb9daf9bd9984a6352331065778bb90b167
File name: AdAwareService.exe
Detection ratio: 0 / 56
Analysis date: 2015-01-03 02:27:44 UTC ( 4 years, 2 months ago )
Antivirus Result Update
Ad-Aware 20150103
AegisLab 20150103
Yandex 20150101
AhnLab-V3 20150102
ALYac 20150103
Antiy-AVL 20150102
Avast 20150103
AVG 20150103
Avira (no cloud) 20150102
AVware 20150103
Baidu-International 20150102
BitDefender 20150103
Bkav 20141230
ByteHero 20150103
CAT-QuickHeal 20150102
ClamAV 20150103
CMC 20150102
Comodo 20150102
Cyren 20150103
DrWeb 20150103
Emsisoft 20150103
ESET-NOD32 20150103
F-Prot 20150103
F-Secure 20150103
Fortinet 20150103
GData 20150103
Ikarus 20150102
Jiangmin 20150102
K7AntiVirus 20150102
K7GW 20150102
Kaspersky 20150103
Kingsoft 20150103
Malwarebytes 20150102
McAfee 20150103
McAfee-GW-Edition 20150103
Microsoft 20150103
eScan 20150103
NANO-Antivirus 20150103
Norman 20150102
nProtect 20150102
Panda 20150102
Qihoo-360 20150103
Rising 20141231
Sophos AV 20150103
SUPERAntiSpyware 20150103
Symantec 20150103
Tencent 20150103
TheHacker 20141229
TotalDefense 20150103
TrendMicro 20150103
TrendMicro-HouseCall 20150103
VBA32 20150102
VIPRE 20150103
ViRobot 20150102
Zillya 20150103
Zoner 20141228
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© Lavasoft Limited. All Rights Reserved.

Publisher Lavasoft Limited
Product Ad-Aware Antivirus Service
Original name Ad-Aware Antivirus Service.exe
Internal name Ad-Aware Antivirus Service.exe
File version 10,5,2,4379
Description Ad-Aware Antivirus Service
Signature verification Signed file, verified signature
Signing date 11:25 AM 3/18/2013
Signers
[+] Lavasoft Limited
Status Valid
Issuer None
Valid from 1:00 AM 1/30/2013
Valid to 12:59 AM 2/19/2015
Valid usage Code Signing
Algorithm SHA1
Thumbprint C8FC064877686B525B9820360F4B743784DD389B
Serial number 01 51 F1 A5 A7 DA 24 B1 AA 30 00 EE 3B 4D D7 FF
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer None
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer None
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm SHA1
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer None
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer None
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer None
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm MD5
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-18 10:15:33
Entry Point 0x00070635
Number of sections 6
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
OpenServiceW
ControlService
RegDeleteKeyW
DeleteService
RegQueryValueExW
GetSecurityDescriptorLength
CloseServiceHandle
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegisterEventSourceW
OpenProcessToken
DeregisterEventSource
SetServiceStatus
RegOpenKeyExW
CreateProcessAsUserW
SetTokenInformation
CreateServiceW
DuplicateTokenEx
GetUserNameW
RegQueryInfoKeyW
RegisterServiceCtrlHandlerW
RegEnumKeyExW
OpenThreadToken
GetLengthSid
ConvertStringSidToSidW
SetSecurityInfo
RegDeleteValueW
RevertToSelf
RegSetValueExW
OpenSCManagerW
ReportEventW
StartServiceCtrlDispatcherW
ImpersonateLoggedOnUser
SetThreadToken
GetStdHandle
WaitForSingleObject
EncodePointer
GetFileAttributesW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
FormatMessageW
CreateEventW
LoadResource
InterlockedDecrement
FormatMessageA
SetLastError
DeviceIoControl
InitializeCriticalSection
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
HeapSetInformation
EnumSystemLocalesA
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetModuleHandleA
CreateThread
SetEnvironmentVariableW
SetUnhandledExceptionFilter
CreateMutexW
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
TerminateProcess
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
lstrcmpiW
RtlUnwind
GetDateFormatA
OpenProcess
GetStartupInfoW
SetEvent
GetUserDefaultLCID
GetProcessHeap
CompareStringW
CreateDirectoryW
GetTimeFormatA
IsValidLocale
GetProcAddress
GetTimeZoneInformation
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
GetProcessTimes
GetEnvironmentStringsW
lstrlenW
SizeofResource
GetCurrentProcessId
GetCommandLineW
GetCPInfo
HeapSize
InterlockedCompareExchange
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
TlsGetValue
IsValidCodePage
HeapCreate
FindResourceW
CreateProcessW
Sleep
OpenEventA
ResetEvent
LoadRegTypeLib
SysStringLen
UnRegisterTypeLib
RegisterTypeLib
VariantClear
SysAllocString
LoadTypeLib
SysFreeString
VarUI4FromStr
SHGetFolderPathW
SHGetSpecialFolderPathW
GetSystemMetrics
MessageBoxW
PostThreadMessageW
TranslateMessage
CharUpperW
LoadStringW
GetMessageW
CharNextW
DispatchMessageW
CreateEnvironmentBlock
UnloadUserProfile
DestroyEnvironmentBlock
CoInitializeEx
CoUninitialize
CoTaskMemAlloc
CoRevokeClassObject
CoAddRefServerProcess
CoTaskMemRealloc
CoCreateInstance
CoInitializeSecurity
CoResumeClassObjects
OleRun
CoReleaseServerProcess
CoTaskMemFree
CoRegisterClassObject
StringFromGUID2
Number of PE resources by type
RT_ICON 5
REGISTRY 2
TYPELIB 1
RT_MANIFEST 1
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 11
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
10.5.2.4379

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
601600

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
Lavasoft Limited. All Rights Reserved.

FileVersion
10,5,2,4379

TimeStamp
2013:03:18 11:15:33+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Ad-Aware Antivirus Service.exe

FileAccessDate
2015:01:03 03:27:58+01:00

ProductVersion
10,5,2,4379

FileDescription
Ad-Aware Antivirus Service

OSVersion
5.1

FileCreateDate
2015:01:03 03:27:58+01:00

OriginalFilename
Ad-Aware Antivirus Service.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Lavasoft Limited

CodeSize
627200

ProductName
Ad-Aware Antivirus Service

ProductVersionNumber
10.5.2.4379

EntryPoint
0x70635

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 9d90344179ed6a05959de40fc934a022
SHA1 1efbfb2cce6aff32eedf2ae491f20a058cfb8fe8
SHA256 6f1108f9081e96dd302fae2304203cb9daf9bd9984a6352331065778bb90b167
ssdeep
24576:bRC463hs5Y2ygUWtmvlfQmcM2JfHf1QOLx:bRV55ygU6mvlfQmYftvx

authentihash 1e23f3c49be4af897e829ae35f72d04d5ae87d00622c87023735791af97fb2b5
imphash 93a3dc6b61e0019939b0ec4308870066
File size 1.2 MB ( 1236336 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (48.1%)
Win32 Executable MS Visual C++ (generic) (34.9%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Generic Win/DOS Executable (2.2%)
Tags
peexe signed

VirusTotal metadata
First submission 2013-04-14 05:58:37 UTC ( 5 years, 11 months ago )
Last submission 2015-01-03 02:27:44 UTC ( 4 years, 2 months ago )
File names AdAwareService.exe
adawareservice.exe
AdAwareService.exe
AdAwareService.exe
vt-upload-lW4Tr_
Ad-Aware Antivirus Service.exe
file-5407418_exe
adawareservice.exe
adawareservice.exe
AdAwareService.exe
AdAwareService.exe
AdAwareService.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
UDP communications