× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6f63b0e2accc36f4f9bb2f3c14410b8e1e1d91e184713aa6e4289f1efaae9236
File name: SetupCloneDVD2933Slysoft.exe
Detection ratio: 0 / 68
Analysis date: 2018-09-09 12:32:50 UTC ( 7 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware 20180909
AegisLab 20180909
AhnLab-V3 20180909
Alibaba 20180713
ALYac 20180909
Antiy-AVL 20180905
Arcabit 20180909
Avast 20180909
Avast-Mobile 20180909
AVG 20180909
Avira (no cloud) 20180909
AVware 20180909
Babable 20180907
Baidu 20180906
BitDefender 20180909
Bkav 20180906
CAT-QuickHeal 20180909
ClamAV 20180909
CMC 20180908
Comodo 20180909
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20180909
Cyren 20180909
DrWeb 20180909
eGambit 20180909
Emsisoft 20180909
Endgame 20180730
ESET-NOD32 20180909
F-Prot 20180909
F-Secure 20180909
Fortinet 20180909
GData 20180909
Ikarus 20180909
Sophos ML 20180717
Jiangmin 20180909
K7AntiVirus 20180909
K7GW 20180909
Kaspersky 20180909
Kingsoft 20180909
Malwarebytes 20180909
MAX 20180909
McAfee 20180909
McAfee-GW-Edition 20180909
Microsoft 20180909
eScan 20180909
NANO-Antivirus 20180909
Palo Alto Networks (Known Signatures) 20180909
Panda 20180909
Qihoo-360 20180909
Rising 20180909
SentinelOne (Static ML) 20180830
Sophos AV 20180909
SUPERAntiSpyware 20180907
Symantec 20180908
Symantec Mobile Insight 20180905
TACHYON 20180909
Tencent 20180909
TheHacker 20180906
TotalDefense 20180909
TrendMicro 20180909
TrendMicro-HouseCall 20180909
Trustlook 20180909
VBA32 20180907
VIPRE 20180909
ViRobot 20180909
Webroot 20180909
Yandex 20180908
Zillya 20180908
ZoneAlarm by Check Point 20180909
Zoner 20180908
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 11:41 PM 7/20/2015
Signers
[+] Elaborate Bytes AG
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer GlobalSign CodeSigning CA - G2
Valid from 03:35 PM 11/27/2012
Valid to 05:09 PM 11/27/2015
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 89DBFB62F8A2924A5F12F4AF5DC09DED9B6F65D9
Serial number 11 21 9E C2 90 16 D7 3F 2C C8 8E B9 CC 8B 4F 8E 78 FB
[+] GlobalSign CodeSigning CA - G2
Status Valid
Issuer GlobalSign Root CA
Valid from 10:00 AM 04/13/2011
Valid to 10:00 AM 04/13/2019
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 9000401777DD2B43393D7B594D2FF4CBA4516B38
Serial number 04 00 00 00 00 01 2F 4E E1 35 5C
[+] GlobalSign Root CA - R1
Status Valid
Issuer GlobalSign Root CA
Valid from 12:00 PM 09/01/1998
Valid to 01:00 PM 01/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbprint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 12:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 01:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 01:00 AM 01/01/1997
Valid to 12:59 AM 01/01/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT NSIS, UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-05-13 10:16:44
Entry Point 0x000264E0
Number of sections 3
PE sections
Overlays
MD5 25e19cc2e0e94bede25bf6c6ed4de912
File type data
Offset 26624
Size 5236296
Entropy 8.00
PE imports
BitBlt
LoadLibraryA
ExitProcess
GetProcAddress
SHGetMalloc
SetRect
VerQueryValueA
OleInitialize
Number of PE resources by type
RT_DIALOG 7
RT_BITMAP 2
RT_GROUP_ICON 1
RT_MANIFEST 1
RT_ICON 1
Number of PE resources by language
ENGLISH US 12
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:05:13 12:16:44+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
24576

LinkerVersion
7.1

FileTypeExtension
exe

InitializedDataSize
4096

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x264e0

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
131072

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 1c300942102675f93d8b54f24f71c7fb
SHA1 ae46a735e40f00e85ec2601fadc834e58da08cae
SHA256 6f63b0e2accc36f4f9bb2f3c14410b8e1e1d91e184713aa6e4289f1efaae9236
ssdeep
98304:vfRNQdIzh7ZCLN12VjLjmkSQesAGlAghdwcIt1fWDse1QELhLjeMa52QnLoqbf:jQdwh7sJkjLj3KBSGc8WT5hveEALLbf

authentihash 2b512c40bb47d739e0afee4b466730a07203dbf08a6b042b41f57c8c69702b4b
imphash aaf93821a9189e2c33432482200dd0b1
File size 5.0 MB ( 5262920 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (38.2%)
Win32 EXE Yoda's Crypter (37.5%)
Win32 Dynamic Link Library (generic) (9.2%)
Win32 Executable (generic) (6.3%)
OS/2 Executable (generic) (2.8%)
Tags
nsis peexe signed upx overlay

VirusTotal metadata
First submission 2015-07-20 22:06:01 UTC ( 3 years, 9 months ago )
Last submission 2019-03-24 01:48:01 UTC ( 4 weeks, 1 day ago )
File names clonedvd-2-9-3-3-multi-win.exe
SetupCloneDVD2933.exe
SetupCloneDVD2933Slysoft.exe
setupclonedvd2933slysoft.exe
SetupCloneDVD2933SlySoft (1).exe
Clone DVD v2.9.3.3 RedFox Setup.exe
SetupCloneDVD2933.exe
setupSetupCloneDVD2933Slysoft.exe
3412720b959f34f27c32db4ffadbe01bf54707d4b58607a1af176a21fb917cff81af22695022921a5758774f0f5ac1a83ec75af28d7f8cde9cc85897a002e666
Setup.CloneDVD.2933.exe
SetupCloneDVD2933Slysoft.exe
Setup.exe
SetupCloneDVD2933.exe
filename
701332
setupclonedvd2933-legal upitno.exe
SetupCloneDVD2933SlySoft.exe
SetupCloneDVD2933Slysoft.exe
SetupCloneDVD2933Slysoft.exe
SetupCloneDVD2933Slysoft.exe
6F63B0E2ACCC36F4F9BB2F3C14410B8E1E1D91E184713AA6E4289F1EFAAE9236
CloneDVD 2.9.3.3 Crack_[TipuCrack].exe
22_16#T6#60591
CLONED~1.EXE
0
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Runtime DLLs