× Cookies are disabled! This site requires cookies to be enabled to work properly
VirusTotal
SHA256: 76ab13f4288436156b361e124f52739c16c5614149844a87e8a65afd10b69fe8
File name: Antivirus_Free_1896.exe
Detection ratio: 0 / 71
Analysis date: 2018-12-22 07:44:51 UTC ( 1 month, 4 weeks ago )
Antivirus Result Update
Acronis 20180726
Ad-Aware 20181222
AegisLab 20181222
AhnLab-V3 20181221
Alibaba 20180921
ALYac 20181222
Antiy-AVL 20181222
Arcabit 20181222
Avast 20181222
Avast-Mobile 20181221
AVG 20181222
Avira (no cloud) 20181221
Babable 20180918
Baidu 20181207
BitDefender 20181222
Bkav 20181221
CAT-QuickHeal 20181221
ClamAV 20181221
CMC 20181221
Comodo 20181222
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181222
Cyren 20181222
DrWeb 20181222
eGambit 20181222
Emsisoft 20181222
Endgame 20181108
ESET-NOD32 20181222
F-Prot 20181222
F-Secure 20181222
Fortinet 20181222
GData 20181222
Ikarus 20181221
Sophos ML 20181128
Jiangmin 20181222
K7AntiVirus 20181222
K7GW 20181222
Kaspersky 20181222
Kingsoft 20181222
Malwarebytes 20181222
MAX 20181222
McAfee 20181222
McAfee-GW-Edition 20181222
Microsoft 20181222
eScan 20181222
NANO-Antivirus 20181222
Palo Alto Networks (Known Signatures) 20181222
Panda 20181222
Qihoo-360 20181222
Rising 20181222
SentinelOne (Static ML) 20181011
Sophos AV 20181222
SUPERAntiSpyware 20181220
Symantec 20181222
Symantec Mobile Insight 20181215
TACHYON 20181222
Tencent 20181222
TheHacker 20181220
TotalDefense 20181222
Trapmine 20181205
TrendMicro 20181222
TrendMicro-HouseCall 20181222
Trustlook 20181222
VBA32 20181221
VIPRE 20181222
ViRobot 20181222
Webroot 20181222
Yandex 20181221
Zillya 20181219
ZoneAlarm by Check Point 20181222
Zoner 20181222
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2015 AVG Technologies CZ, s.r.o.

Product AVG Internet Security System
Original name 7zS.sfx
Internal name 7zS
File version 15, 1, 0, 13
Description AVG Setup Self-Extractor based on 7-Zip
Signature verification Signed file, verified signature
Signing date 11:41 AM 1/27/2017
Signers
[+] AVG Technologies CZ, s.r.o.
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 10/22/2014
Valid to 12:59 AM 1/21/2018
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947
Serial number 26 6D 33 3E DE 17 A8 B4 72 05 3E 4F A3 93 45 72
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT 7Z
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-03-01 15:20:34
Entry Point 0x000166A0
Number of sections 5
PE sections
Overlays
MD5 14b2ab211e0f961190f4045c6b2fe031
File type data
Offset 271872
Size 3177432
Entropy 8.00
PE imports
[+] KERNEL32.dll
GetStdHandle
WaitForSingleObject
FindFirstFileW
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
GetCPInfo
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
GetExitCodeProcess
LocalFree
FormatMessageW
InitializeCriticalSection
OutputDebugStringW
FindClose
TlsGetValue
FormatMessageA
SetFileAttributesW
SetLastError
InterlockedDecrement
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetVersionExA
GetModuleFileNameA
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
GetFullPathNameW
CreateThread
GetSystemDirectoryW
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ExitThread
DecodePointer
TerminateProcess
GetModuleHandleExW
SetCurrentDirectoryW
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
SetCurrentDirectoryA
WriteConsoleW
CloseHandle
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
RtlUnwind
GetWindowsDirectoryW
GetFileSize
CreateDirectoryA
DeleteFileA
GetStartupInfoW
SetEvent
DeleteFileW
WaitForMultipleObjects
GetProcessHeap
RemoveDirectoryW
FindNextFileW
ResetEvent
FindNextFileA
GetProcAddress
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
GetEnvironmentStringsW
RemoveDirectoryA
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCommandLineW
GetCurrentDirectoryA
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
FindFirstFileA
GetACP
GetModuleHandleW
CreateProcessA
WideCharToMultiByte
IsValidCodePage
WriteFile
VirtualFree
Sleep
VirtualAlloc
GetFullPathNameA
GetOEMCP
[+] OLEAUT32.dll
VariantClear
SysAllocString
[+] SHELL32.dll
ShellExecuteExA
Ord(165)
[+] SHLWAPI.dll
PathAppendW
[+] USER32.dll
EndDialog
KillTimer
ShowWindow
CharLowerA
MessageBoxW
PostMessageA
CharUpperW
DialogBoxParamW
CharLowerW
SetWindowLongA
DialogBoxParamA
CharUpperA
SetWindowTextA
LoadStringA
SendMessageA
LoadStringW
SetWindowTextW
GetDlgItem
GetWindowLongA
SetTimer
LoadIconA
DestroyWindow
Number of PE resources by type
RT_ICON 10
RT_STRING 3
RT_DIALOG 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 17
PE resources
ExifTool file metadata
MpModules
fmw,zen,bav,wtu

FmwGBN
1.152.2.55487

InitializedDataSize
152064

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.2.56985

LanguageCode
Neutral

FileFlagsMask
0x0017

FileDescription
AVG Setup Self-Extractor based on 7-Zip

ImageFileCharacteristics
Executable, 32-bit, Removable run from swap, Net run from swap

CharacterSet
Unicode

LinkerVersion
11.0

BavGBN
17.1.3354.0

SetupGBN
1.152.2.55487

Bav_setup_pluginGBN
17.1.2.55488

EntryPoint
0x166a0

OriginalFileName
7zS.sfx

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2015 AVG Technologies CZ, s.r.o.

FileVersion
15, 1, 0, 13

TimeStamp
2016:03:01 16:20:34+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
7zS

SubsystemVersion
5.1

ProductVersion
15, 1, 0, 13

UninitializedDataSize
0

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
AVG Technologies CZ, s.r.o.

CodeSize
118784

ProductName
AVG Internet Security System

ProductVersionNumber
15.1.0.13

FileTypeExtension
exe

ObjectFileType
Executable application

ZenGBN
1.125.2.55495

File identification
MD5 b14eeb092d23c18fe3f4d97449eed6e7
SHA1 56010f3d087f97d23003187882e42e1e7512a9d3
SHA256 76ab13f4288436156b361e124f52739c16c5614149844a87e8a65afd10b69fe8
ssdeep
98304:wW2GoVUKZt8CCrcLQ5xf0CcknMmGM/EQOVp0awm99w/oz:whDVUK38DLxflckn2M/EQOVp007w8

authentihash b96293c8ba8381be89b15b117c10368d83e06ba4cf574d775fe8c8995a458240
imphash d8843771c5d1046a951feceb11dd00a8
File size 3.3 MB ( 3449304 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2017-04-09 18:27:30 UTC ( 1 year, 10 months ago )
Last submission 2018-09-21 11:27:55 UTC ( 5 months ago )
File names AVGInstaller.exe
Antivirus_Free_1896.exe
Antivirus_Free_1896.exe
Antivirus_Free_1896.exe
AVG_Free_1896.exe
Antivirus_Free_1896.exe
Antivirus_Free_1896.exe
antivirus_free_1896.exe
f_0009e0
Antivirus_Free_1896.exe
Antivirus_Free_1896.exe
7zS
Antivirus_Free_1896.exe
Antivirus_Free_1896.exe
Antivirus_Free_1896.exe
Antivirus_Free_1896 (1).exe
Antivirus_Free_1896.exe
7zS.sfx
Antivirus_Free_1896 (1).exe
Antivirus_Free_1896.exe
Antivirus_Free_1896.exe
76ab13f428843615_1434938914.tmp
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!
More comments

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community
No votes. No one has voted on this item yet, be the first one to do so!
More votes
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications
Blog | Twitter | Contact us | ToS | Privacy policy