× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 70f98913e3bedface5b0928edfec725c35dd98f70a7c281e7afe4f847ceae982
File name: FreeAudioEditor.exe
Detection ratio: 6 / 57
Analysis date: 2017-01-12 01:33:04 UTC ( 1 week, 2 days ago ) View latest
Antivirus Result Update
AVG Generic.08D 20170112
AegisLab Pua.Gen!c 20170112
Avira (no cloud) PUA/FusionCore.IN 20170111
DrWeb Trojan.InstallCore.2881 20170112
Invincea trojan.win32.dorv.b!rfn 20170111
Rising Adware.InstallCore!1.A30C-OenWHJycs6J (cloud) 20170112
ALYac 20170112
AVware 20170112
Ad-Aware 20170112
AhnLab-V3 20170111
Alibaba 20170111
Antiy-AVL 20170112
Arcabit 20170112
Avast 20170112
Baidu 20170111
BitDefender 20170111
CAT-QuickHeal 20170111
CMC 20170111
ClamAV 20170111
Comodo 20170111
CrowdStrike Falcon (ML) 20161024
Cyren 20170112
ESET-NOD32 20170112
Emsisoft 20170112
F-Prot 20170112
F-Secure 20170112
Fortinet 20170112
GData 20170112
Ikarus 20170111
Jiangmin 20170111
K7AntiVirus 20170111
K7GW 20170112
Kaspersky 20170112
Kingsoft 20170112
Malwarebytes 20170111
McAfee 20170108
McAfee-GW-Edition 20170112
eScan 20170112
Microsoft 20170111
NANO-Antivirus 20170112
Panda 20170111
Qihoo-360 20170112
SUPERAntiSpyware 20170111
Sophos 20170111
Symantec 20170111
Tencent 20170112
TheHacker 20170111
TotalDefense 20170111
TrendMicro 20170112
TrendMicro-HouseCall 20170112
Trustlook 20170112
VBA32 20170110
VIPRE 20170112
ViRobot 20170112
WhiteArmor 20170111
Yandex 20170111
Zillya 20170111
Zoner 20170112
nProtect 20170112
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright

Product Free Audio Editor 2017
File version
Description Free Audio Editor 2017 Setup
Comments This installation was built with Inno Setup.
Signature verification Signed file, verified signature
Signing date 3:57 AM 12/7/2016
Signers
[+] Beijing Meikehuayi Technology Co.
Status Valid
Issuer COMODO RSA Code Signing CA
Valid from 1:00 AM 8/29/2016
Valid to 12:59 AM 8/30/2017
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 069A55BF07251C0A4C536F95B11BFCC8B4257A88
Serial number 1C D5 85 A4 7B 43 CD 35 55 01 CC 01 DD 71 79 11
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 5/9/2013
Valid to 12:59 AM 5/9/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE?
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 1/19/2010
Valid to 12:59 AM 1/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] GlobalSign TSA for MS Authenticode - G2
Status Valid
Issuer GlobalSign Timestamping CA - G2
Valid from 1:00 AM 5/24/2016
Valid to 1:00 AM 6/24/2027
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 63B82FAB61F583909695050B00249C502933EC79
Serial number 11 21 D6 99 A7 64 97 3E F1 F8 42 7E E9 19 CC 53 41 14
[+] GlobalSign Timestamping CA - G2
Status Valid
Issuer GlobalSign Root CA
Valid from 11:00 AM 4/13/2011
Valid to 1:00 PM 1/28/2028
Valid usage All
Algorithm sha1RSA
Thumbrint C0E49D2D7D90A5CD427F02D9125694D5D6EC5B71
Serial number 04 00 00 00 00 01 2F 4E E1 52 D7
[+] GlobalSign
Status Valid
Issuer GlobalSign Root CA
Valid from 1:00 PM 9/1/1998
Valid to 1:00 PM 1/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbrint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
Packers identified
F-PROT INNO, appended
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0000AA98
Number of sections 8
PE sections
Overlays
MD5 d46c2d1672ecded1697902af867974a0
File type data
Offset 57856
Size 1419640
Entropy 7.93
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
CreateDirectoryA
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
LoadLibraryA
GetACP
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetLocaleInfoA
LocalAlloc
LockResource
IsDBCSLeadByte
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
CloseHandle
GetSystemDirectoryA
GetFullPathNameA
LocalFree
CreateProcessA
GetModuleFileNameA
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
GetVersion
FindResourceA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 4
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
DUTCH 4
ENGLISH US 3
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
This installation was built with Inno Setup.

LinkerVersion
2.25

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
17920

EntryPoint
0xaa98

MIMEType
application/octet-stream

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

FileDescription
Free Audio Editor 2017 Setup

OSVersion
1.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Copyright 2005-2017 FAEMedia, Inc.

CodeSize
41472

ProductName
Free Audio Editor 2017

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 cf5380a4cfa9db0f7dc2846975e0231c
SHA1 0e44dc6b7ddeae5add1a3fc2ba393a9b0d440c0b
SHA256 70f98913e3bedface5b0928edfec725c35dd98f70a7c281e7afe4f847ceae982
ssdeep
24576:i7bltC90fdCQUkR2/Z/NpKgC+3L0acsa7H8I83ntPC3Et5Cm:i75PwQRw/Zmgl7razBEtPpt53

authentihash 7376bf1f8fc5eb6e15a1e87b6fb31e50888090f4c695b844baf050bdcffed6c1
imphash 2fb819a19fe4dee5c03e8c6a79342f79
File size 1.4 MB ( 1477496 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (77.7%)
Win32 Executable Delphi generic (10.0%)
Win32 Dynamic Link Library (generic) (4.6%)
Win32 Executable (generic) (3.1%)
Win16/32 Executable Delphi generic (1.4%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2016-12-07 11:20:47 UTC ( 1 month, 2 weeks ago )
Last submission 2017-01-19 08:09:09 UTC ( 2 days, 15 hours ago )
File names FreeAudioEditor.exe
FreeAudioEditor.exe
70f98913e3bedface5b0928edfec725c35dd98f70a7c281e7afe4f847ceae982.file
fae.exe
FreeAudioEditor.exe
FreeAudioEditor.exe
940527
70F98913E3BEDFACE5B0928EDFEC725C35DD98F70A7C281E7AFE4F847CEAE982.exe
FreeAudioEditor_v.9.4.0.exe
FAE.exe
Baixaki_free-audio-editor [1].exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications