× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 75b37c7c2bd3b7ed6e852cf89505cc841f2929371672178a4e1ab5d6549f5bd8
File name: dixmlsetup.exe
Detection ratio: 0 / 57
Analysis date: 2016-04-03 03:34:03 UTC ( 2 years, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware 20160403
AegisLab 20160403
AhnLab-V3 20160402
Alibaba 20160401
ALYac 20160403
Antiy-AVL 20160403
Arcabit 20160403
Avast 20160403
AVG 20160403
Avira (no cloud) 20160402
AVware 20160403
Baidu 20160402
Baidu-International 20160402
BitDefender 20160403
Bkav 20160402
CAT-QuickHeal 20160402
ClamAV 20160402
CMC 20160401
Comodo 20160402
Cyren 20160403
DrWeb 20160403
Emsisoft 20160403
ESET-NOD32 20160402
F-Prot 20160403
F-Secure 20160403
Fortinet 20160402
GData 20160403
Ikarus 20160402
Jiangmin 20160403
K7AntiVirus 20160402
K7GW 20160403
Kaspersky 20160402
Kingsoft 20160403
Malwarebytes 20160403
McAfee 20160403
McAfee-GW-Edition 20160403
Microsoft 20160402
eScan 20160403
NANO-Antivirus 20160403
nProtect 20160401
Panda 20160402
Qihoo-360 20160403
Rising 20160403
Sophos AV 20160403
SUPERAntiSpyware 20160403
Symantec 20160331
Tencent 20160403
TheHacker 20160330
TotalDefense 20160402
TrendMicro 20160403
TrendMicro-HouseCall 20160403
VBA32 20160401
VIPRE 20160403
ViRobot 20160402
Yandex 20160316
Zillya 20160402
Zoner 20160403
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 7:08 AM 11/17/2013
Signers
[+] Runtime Software, LLC
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer COMODO Code Signing CA 2
Valid from 11:00 PM 09/25/2012
Valid to 10:59 PM 09/26/2014
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 328EC68E63619B7E37971E9AE65A8F44B2872BDE
Serial number 00 FF 98 6E 14 52 8A AE 4F 41 31 92 63 22 0E E4 B6
[+] COMODO Code Signing CA 2
Status Valid
Issuer UTN-USERFirst-Object
Valid from 11:00 PM 08/23/2011
Valid to 09:48 AM 05/30/2020
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint B64771392538D1EB7A9281998791C14AFD0C5035
Serial number 10 70 9D 4F F5 54 08 D7 30 60 01 D8 EA 91 75 BB
[+] UTN-USERFirst-Object
Status Valid
Issuer AddTrust External CA Root
Valid from 07:09 AM 06/07/2005
Valid to 09:48 AM 05/30/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] The USERTrust Network™
Status Valid
Issuer AddTrust External CA Root
Valid from 09:48 AM 05/30/2000
Valid to 09:48 AM 05/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbprint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
Counter signers
[+] COMODO Time Stamping Signer
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer UTN-USERFirst-Object
Valid from 11:00 PM 05/09/2010
Valid to 10:59 PM 05/10/2015
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 3DBB6DB5085C6DD5A1CA7F9CF84ECB1A3910CAC8
Serial number 47 8A 8E FB 59 E1 D8 3F 0C E1 42 D2 A2 87 07 BE
[+] UTN-USERFirst-Object
Status Valid
Issuer AddTrust External CA Root
Valid from 07:09 AM 06/07/2005
Valid to 09:48 AM 05/30/2020
Valid usage All
Algorithm sha1RSA
Thumbrint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] The USERTrust Network™
Status Valid
Issuer AddTrust External CA Root
Valid from 09:48 AM 05/30/2000
Valid to 09:48 AM 05/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbrint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00065DA0
Number of sections 3
PE sections
Overlays
MD5 b31bcb333476d28b14bcae66ac020679
File type data
Offset 145920
Size 1880536
Entropy 8.00
PE imports
LoadLibraryA
ExitProcess
GetProcAddress
RegCloseKey
InitCommonControls
BitBlt
CoInitialize
LoadTypeLib
ShellExecuteA
VerQueryValueA
Number of PE resources by type
RT_STRING 8
RT_ICON 5
RT_RCDATA 4
RT_DIALOG 2
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 21
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:20 00:22:17+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
135168

LinkerVersion
2.25

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

EntryPoint
0x65da0

InitializedDataSize
12288

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
1.0

UninitializedDataSize
278528

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Execution parents
Compressed bundles
File identification
MD5 6c1fdafc87373626693a76917f0294ae
SHA1 3cad51549c20f775848617c18336da9486016a2b
SHA256 75b37c7c2bd3b7ed6e852cf89505cc841f2929371672178a4e1ab5d6549f5bd8
ssdeep
49152:o2nEqFJHW8qRKx/Py44PQqL89H+lW656S:o2EqXHKQx/Ptw89H+ljIS

authentihash 22df77270dfc3f73491e23e2f1d789dfbb57323ada077075dc6b1d152e14de46
imphash 47913b68f1b7d2f7585792df7a7249bc
File size 1.9 MB ( 2026456 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (32.6%)
Win32 EXE Yoda's Crypter (32.0%)
DOS Borland compiled Executable (generic) (12.0%)
Win32 Dynamic Link Library (generic) (7.9%)
Win32 Executable (generic) (5.4%)
Tags
peexe software-collection signed upx overlay

VirusTotal metadata
First submission 2013-11-18 19:32:56 UTC ( 5 years, 4 months ago )
Last submission 2018-12-29 21:41:08 UTC ( 2 months, 3 weeks ago )
File names 197-dixmlsetup.exe
DriveImage XML 2.50 dixmlsetup.exe
DriveImage.exe
Setup_product_21910.exe
dixmlsetup.exe
Drive Image xml setup.exe
driveimage-xml_2-50_fr_38916.exe
dixmlsetup.exe
drive-image-xml-setup.exe
4508adc72fcc6d750cc35ffd43986284dd48b255c2e72c09a741169718b0bd9762a9a96bc55903cbfe43e5c588da550c876c987f094732ffd398e30871511c42
Drive Image XML v2.50 setup.exe
drive image v2.5 image back up - dixmlsetup.exe
dixmlsetup250.exe
DriveImageXML_setup.exe
1217925359
dixmlsetup.exe
tmp_28685-dixmlsetup276372900.exe
output.17316483.txt
bdixmlsetup.exe
DriveImage XML V2.50.exe
filename
dixmlsetup (2).exe
396446
dixmlsetup.exe
driveimage_xml__dixmlsetup.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Created mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications