× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 72320dd81ea7e40ce3d2e6b6ec5c207760bb53d1fb4fdbba76ad33ad0315997f
File name: TpAppServer_1.9.1318.1.exe
Detection ratio: 0 / 72
Analysis date: 2019-04-15 10:09:07 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
Acronis 20190415
Ad-Aware 20190415
AegisLab 20190415
AhnLab-V3 20190415
Alibaba 20190401
ALYac 20190415
Antiy-AVL 20190415
Arcabit 20190415
Avast 20190416
Avast-Mobile 20190415
AVG 20190415
Avira (no cloud) 20190415
Babable 20180918
Baidu 20190318
BitDefender 20190415
Bkav 20190412
CAT-QuickHeal 20190414
ClamAV 20190415
CMC 20190321
Comodo 20190415
CrowdStrike Falcon (ML) 20190212
Cybereason 20190403
Cylance 20190415
Cyren 20190415
DrWeb 20190415
eGambit 20190415
Emsisoft 20190415
Endgame 20190403
ESET-NOD32 20190415
F-Prot 20190415
F-Secure 20190415
FireEye 20190415
Fortinet 20190415
GData 20190415
Ikarus 20190415
Sophos ML 20190313
Jiangmin 20190415
K7AntiVirus 20190415
K7GW 20190415
Kaspersky 20190415
Kingsoft 20190415
Malwarebytes 20190415
MAX 20190415
McAfee 20190415
McAfee-GW-Edition 20190415
Microsoft 20190415
eScan 20190415
NANO-Antivirus 20190415
Palo Alto Networks (Known Signatures) 20190415
Panda 20190414
Qihoo-360 20190415
Rising 20190415
SentinelOne (Static ML) 20190407
Sophos AV 20190415
SUPERAntiSpyware 20190410
Symantec 20190415
Symantec Mobile Insight 20190410
TACHYON 20190415
Tencent 20190415
TheHacker 20190411
TotalDefense 20190413
Trapmine 20190325
TrendMicro 20190415
TrendMicro-HouseCall 20190415
Trustlook 20190415
VBA32 20190415
VIPRE None
ViRobot 20190415
Webroot 20190415
Yandex 20190412
Zillya 20190412
ZoneAlarm by Check Point 20190415
Zoner 20190414
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (c) TimePunch KG. All rights reserved.

Product TimePunch Application Server 1.9.1318.1
Original name TpAppServer_1.9.1318.1.exe
Internal name setup
File version 1.9.1318.1
Description TimePunch Application Server 1.9.1318.1
Signature verification Signed file, verified signature
Signing date 7:15 PM 11/18/2016
Signers
[+] TimePunch KG
Status Valid
Issuer COMODO RSA Code Signing CA
Valid from 12:00 AM 06/29/2015
Valid to 11:59 PM 06/28/2020
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 2E6F2929F6C259BA2B55E14E04211C63483E99BD
Serial number 00 FA AE 5D A0 A9 17 33 ED F9 9F C4 A7 54 99 05 04
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 05/09/2013
Valid to 11:59 PM 05/08/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] Sectigo (formerly Comodo CA)
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 01:00 AM 01/19/2010
Valid to 12:59 AM 01/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] COMODO SHA-1 Time Stamping Signer
Status Valid
Issuer UTN-USERFirst-Object
Valid from 01:00 AM 12/31/2015
Valid to 06:40 PM 07/09/2019
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 03A5B14663EB12023091B84A6D6A68BC871DE66B
Serial number 16 88 F0 39 25 5E 63 8E 69 14 39 07 E6 33 0B
[+] Sectigo (UTN Object)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 06:31 PM 07/09/1999
Valid to 06:40 PM 07/09/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
Packers identified
F-PROT CAB, UTF-8, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-11-28 14:14:28
Entry Point 0x000267A5
Number of sections 7
PE sections
Overlays
MD5 29cf4a71d52f2424641f547b5875a02b
File type data
Offset 384000
Size 12455216
Entropy 8.00
PE imports
SetSecurityDescriptorOwner
RegCreateKeyExW
RegCloseKey
OpenServiceW
AdjustTokenPrivileges
InitializeAcl
LookupPrivilegeValueW
RegDeleteKeyW
CryptHashData
CheckTokenMembership
DecryptFileW
RegQueryValueExW
CryptCreateHash
SetSecurityDescriptorDacl
CloseServiceHandle
ConvertStringSecurityDescriptorToSecurityDescriptorW
CreateWellKnownSid
OpenProcessToken
QueryServiceStatus
RegOpenKeyExW
QueryServiceConfigW
GetTokenInformation
CryptReleaseContext
GetUserNameW
RegQueryInfoKeyW
SetEntriesInAclW
RegEnumKeyExW
CryptAcquireContextW
CryptDestroyHash
InitializeSecurityDescriptor
RegDeleteValueW
RegSetValueExW
CryptGetHashParam
OpenSCManagerW
RegEnumValueW
AllocateAndInitializeSid
InitiateSystemShutdownExW
SetEntriesInAclA
ChangeServiceConfigW
SetSecurityDescriptorGroup
SetNamedSecurityInfoW
CertGetCertificateContextProperty
CryptHashPublicKeyInfo
Ord(23)
Ord(20)
Ord(22)
DeleteDC
SelectObject
GetObjectW
CreateCompatibleDC
DeleteObject
StretchBlt
GetVolumePathNameW
GetStdHandle
ReleaseMutex
WaitForSingleObject
EncodePointer
ProcessIdToSessionId
GetFileAttributesW
VerifyVersionInfoW
GetProcessId
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LoadLibraryExW
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
InterlockedExchange
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
LocalFree
FormatMessageW
ConnectNamedPipe
InitializeCriticalSection
OutputDebugStringW
FindClose
TlsGetValue
SetFileAttributesW
SetLastError
GetSystemTime
CopyFileW
GetUserDefaultLangID
RemoveDirectoryW
IsDebuggerPresent
HeapAlloc
VerSetConditionMask
HeapSetInformation
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SystemTimeToTzSpecificLocalTime
SetFilePointerEx
CreateEventW
GetFullPathNameW
CreateThread
MoveFileExW
GetSystemDirectoryW
GetExitCodeThread
SetNamedPipeHandleState
SetUnhandledExceptionFilter
CreateMutexW
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetModuleHandleExW
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
GetSystemWow64DirectoryW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
RtlUnwind
SystemTimeToFileTime
GetWindowsDirectoryW
LCMapStringW
OpenProcess
GetDateFormatW
GetStartupInfoW
SetEvent
DeleteFileW
GetProcAddress
GetProcessHeap
GetTempFileNameW
GetComputerNameW
CompareStringW
GetFileSizeEx
GetModuleFileNameW
ExpandEnvironmentStringsW
FindNextFileW
GetModuleHandleA
CreateDirectoryW
CompareStringA
FindFirstFileW
DuplicateHandle
WaitForMultipleObjects
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
DosDateTimeToFileTime
CreateFileMappingW
CreateNamedPipeW
lstrlenA
GlobalFree
GetConsoleCP
GetThreadLocale
GetEnvironmentStringsW
lstrlenW
CreateProcessW
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
CopyFileExW
InterlockedCompareExchange
GetSystemDefaultLangID
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
SetThreadExecutionState
GetLocalTime
IsValidCodePage
UnmapViewOfFile
WriteFile
VirtualFree
Sleep
VirtualAlloc
GetOEMCP
ResetEvent
SysFreeString
VariantClear
VariantInit
SysAllocString
UuidCreate
SHGetFolderPathW
ShellExecuteExW
CommandLineToArgvW
GetMonitorInfoW
LoadBitmapW
DefWindowProcW
GetMessageW
PostQuitMessage
SetWindowLongW
MessageBoxW
PeekMessageW
TranslateMessage
PostMessageW
DispatchMessageW
GetCursorPos
RegisterClassW
UnregisterClassW
IsWindow
IsDialogMessageW
MonitorFromPoint
WaitForInputIdle
PostThreadMessageW
LoadCursorW
CreateWindowExW
MsgWaitForMultipleObjects
GetWindowLongW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
HttpQueryInfoW
InternetConnectW
InternetReadFile
InternetCloseHandle
InternetCrackUrlW
InternetSetOptionW
HttpSendRequestW
InternetErrorDlg
InternetOpenW
HttpOpenRequestW
HttpAddRequestHeadersW
CryptCATAdminCalcHashFromFileHandle
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrust
Ord(190)
Ord(70)
Ord(205)
Ord(171)
Ord(45)
Ord(173)
Ord(90)
Ord(111)
Ord(125)
Ord(169)
Ord(17)
Ord(141)
Ord(116)
Ord(118)
Ord(238)
Ord(115)
Ord(8)
Ord(88)
Ord(137)
CoInitializeEx
CLSIDFromProgID
CoInitialize
CoCreateInstance
CoInitializeSecurity
CoUninitialize
CoTaskMemFree
StringFromGUID2
Number of PE resources by type
RT_VERSION 1
RT_ICON 1
RT_MANIFEST 1
RT_MESSAGETABLE 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 5
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

InitializedDataSize
147968

ImageVersion
0.0

ProductName
TimePunch Application Server 1.9.1318.1

FileVersionNumber
1.9.1318.1

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

LinkerVersion
11.0

FileTypeExtension
exe

OriginalFileName
TpAppServer_1.9.1318.1.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.9.1318.1

TimeStamp
2013:11:28 15:14:28+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
setup

ProductVersion
1.9.1318.1

FileDescription
TimePunch Application Server 1.9.1318.1

OSVersion
5.1

FileOS
Win32

LegalCopyright
Copyright (c) TimePunch KG. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
TimePunch KG

CodeSize
235008

FileSubtype
0

ProductVersionNumber
1.9.1318.1

EntryPoint
0x267a5

ObjectFileType
Executable application

File identification
MD5 fbdeafd01c76a8e6c24093ab55828d9c
SHA1 b8469ca6bd5bcbd69d1ce5d4928870faa130471e
SHA256 72320dd81ea7e40ce3d2e6b6ec5c207760bb53d1fb4fdbba76ad33ad0315997f
ssdeep
393216:iwdZt/q7HsdAPuK4VeFGahpwWsR9v+XTR5RHM:isbds4VIGDvRJ+XTtM

authentihash f53406a6f90cc52140cf406dcdb74731727f22db1035118026adba44708b583b
imphash 67715e556e3a78ea78c756db800102a3
File size 12.2 MB ( 12839216 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (36.1%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win64 Executable (generic) (23.2%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.7%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2016-12-29 16:59:45 UTC ( 2 years, 4 months ago )
Last submission 2018-05-22 04:40:12 UTC ( 1 year ago )
File names setup
TpAppServer_1.9.1318.1.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Runtime DLLs