× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 76ab13f4288436156b361e124f52739c16c5614149844a87e8a65afd10b69fe8
File name: Antivirus_Free_1896.exe
Detection ratio: 0 / 68
Analysis date: 2018-07-20 05:55:22 UTC ( 4 weeks, 1 day ago )
Antivirus Result Update
Ad-Aware 20180720
AegisLab 20180720
AhnLab-V3 20180720
Alibaba 20180713
ALYac 20180720
Antiy-AVL 20180720
Arcabit 20180720
Avast 20180720
Avast-Mobile 20180720
AVG 20180720
Avira (no cloud) 20180719
AVware 20180720
Babable 20180406
Baidu 20180717
BitDefender 20180720
Bkav 20180719
CAT-QuickHeal 20180719
ClamAV 20180720
CMC 20180719
Comodo 20180720
CrowdStrike Falcon (ML) 20180530
Cybereason 20180225
Cylance 20180720
Cyren 20180720
DrWeb 20180720
eGambit 20180720
Emsisoft 20180720
Endgame 20180711
ESET-NOD32 20180720
F-Prot 20180720
F-Secure 20180720
Fortinet 20180720
GData 20180720
Ikarus 20180719
Sophos ML 20180717
Jiangmin 20180720
K7AntiVirus 20180720
K7GW 20180720
Kaspersky 20180720
Kingsoft 20180720
Malwarebytes 20180720
MAX 20180720
McAfee 20180720
McAfee-GW-Edition 20180720
Microsoft 20180720
eScan 20180720
NANO-Antivirus 20180720
Palo Alto Networks (Known Signatures) 20180720
Panda 20180719
Qihoo-360 20180720
Rising 20180720
SentinelOne (Static ML) 20180701
Sophos AV 20180720
SUPERAntiSpyware 20180720
Symantec 20180720
TACHYON 20180719
Tencent 20180720
TheHacker 20180720
TotalDefense 20180719
TrendMicro 20180720
TrendMicro-HouseCall 20180720
Trustlook 20180720
VBA32 20180719
VIPRE 20180720
ViRobot 20180720
Webroot 20180720
Yandex 20180717
Zillya 20180719
ZoneAlarm by Check Point 20180720
Zoner 20180719
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2015 AVG Technologies CZ, s.r.o.

Product AVG Internet Security System
Original name 7zS.sfx
Internal name 7zS
File version 15, 1, 0, 13
Description AVG Setup Self-Extractor based on 7-Zip
Signature verification Signed file, verified signature
Signing date 11:41 AM 1/27/2017
Signers
[+] AVG Technologies CZ, s.r.o.
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 10/22/2014
Valid to 12:59 AM 1/21/2018
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947
Serial number 26 6D 33 3E DE 17 A8 B4 72 05 3E 4F A3 93 45 72
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT 7Z
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-03-01 15:20:34
Entry Point 0x000166A0
Number of sections 5
PE sections
Overlays
MD5 14b2ab211e0f961190f4045c6b2fe031
File type data
Offset 271872
Size 3177432
Entropy 8.00
PE imports
GetStdHandle
WaitForSingleObject
FindFirstFileW
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
GetCPInfo
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
GetExitCodeProcess
LocalFree
FormatMessageW
InitializeCriticalSection
OutputDebugStringW
FindClose
TlsGetValue
FormatMessageA
SetFileAttributesW
SetLastError
InterlockedDecrement
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetVersionExA
GetModuleFileNameA
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
GetFullPathNameW
CreateThread
GetSystemDirectoryW
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ExitThread
DecodePointer
TerminateProcess
GetModuleHandleExW
SetCurrentDirectoryW
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
SetCurrentDirectoryA
WriteConsoleW
CloseHandle
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
RtlUnwind
GetWindowsDirectoryW
GetFileSize
CreateDirectoryA
DeleteFileA
GetStartupInfoW
SetEvent
DeleteFileW
WaitForMultipleObjects
GetProcessHeap
RemoveDirectoryW
FindNextFileW
ResetEvent
FindNextFileA
GetProcAddress
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
GetEnvironmentStringsW
RemoveDirectoryA
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCommandLineW
GetCurrentDirectoryA
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
FindFirstFileA
GetACP
GetModuleHandleW
CreateProcessA
WideCharToMultiByte
IsValidCodePage
WriteFile
VirtualFree
Sleep
VirtualAlloc
GetFullPathNameA
GetOEMCP
VariantClear
SysAllocString
ShellExecuteExA
Ord(165)
PathAppendW
EndDialog
KillTimer
ShowWindow
CharLowerA
MessageBoxW
PostMessageA
CharUpperW
DialogBoxParamW
CharLowerW
SetWindowLongA
DialogBoxParamA
CharUpperA
SetWindowTextA
LoadStringA
SendMessageA
LoadStringW
SetWindowTextW
GetDlgItem
GetWindowLongA
SetTimer
LoadIconA
DestroyWindow
Number of PE resources by type
RT_ICON 10
RT_STRING 3
RT_DIALOG 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 17
PE resources
ExifTool file metadata
MpModules
fmw,zen,bav,wtu

FmwGBN
1.152.2.55487

LinkerVersion
11.0

ImageVersion
0.0

FileSubtype
0

ZenGBN
1.125.2.55495

LanguageCode
Neutral

FileFlagsMask
0x0017

FileDescription
AVG Setup Self-Extractor based on 7-Zip

FileVersionNumber
1.0.2.56985

CharacterSet
Unicode

InitializedDataSize
152064

BavGBN
17.1.3354.0

SetupGBN
1.152.2.55487

Bav_setup_pluginGBN
17.1.2.55488

EntryPoint
0x166a0

OriginalFileName
7zS.sfx

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2015 AVG Technologies CZ, s.r.o.

FileVersion
15, 1, 0, 13

TimeStamp
2016:03:01 16:20:34+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
7zS

SubsystemVersion
5.1

ProductVersion
15, 1, 0, 13

UninitializedDataSize
0

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
AVG Technologies CZ, s.r.o.

CodeSize
118784

ProductName
AVG Internet Security System

ProductVersionNumber
15.1.0.13

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 b14eeb092d23c18fe3f4d97449eed6e7
SHA1 56010f3d087f97d23003187882e42e1e7512a9d3
SHA256 76ab13f4288436156b361e124f52739c16c5614149844a87e8a65afd10b69fe8
ssdeep
98304:wW2GoVUKZt8CCrcLQ5xf0CcknMmGM/EQOVp0awm99w/oz:whDVUK38DLxflckn2M/EQOVp007w8

authentihash b96293c8ba8381be89b15b117c10368d83e06ba4cf574d775fe8c8995a458240
imphash d8843771c5d1046a951feceb11dd00a8
File size 3.3 MB ( 3449304 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2017-04-09 18:27:30 UTC ( 1 year, 4 months ago )
Last submission 2018-01-18 11:51:37 UTC ( 7 months ago )
File names AVGInstaller.exe
Antivirus_Free_1896.exe
Antivirus_Free_1896.exe
Antivirus_Free_1896.exe
AVG_Free_1896.exe
Antivirus_Free_1896.exe
Antivirus_Free_1896.exe
antivirus_free_1896.exe
f_0009e0
Antivirus_Free_1896.exe
Antivirus_Free_1896.exe
7zS
Antivirus_Free_1896.exe
Antivirus_Free_1896.exe
Antivirus_Free_1896.exe
Antivirus_Free_1896 (1).exe
Antivirus_Free_1896.exe
7zS.sfx
Antivirus_Free_1896 (1).exe
Antivirus_Free_1896.exe
Antivirus_Free_1896.exe
76ab13f428843615_1434938914.tmp
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications