× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 76d97ef64a86e0cffc0f0980e50aaf605a9e32125a3fba2d756930f6a85cb741
File name: NordVPNSetup.exe
Detection ratio: 0 / 67
Analysis date: 2018-06-11 19:42:34 UTC ( 6 months ago ) View latest
Antivirus Result Update
Ad-Aware 20180611
AegisLab 20180611
AhnLab-V3 20180611
Alibaba 20180611
ALYac 20180611
Antiy-AVL 20180611
Arcabit 20180611
Avast 20180611
Avast-Mobile 20180611
AVG 20180611
Avira (no cloud) 20180611
AVware 20180611
Babable 20180406
Baidu 20180611
BitDefender 20180611
Bkav 20180611
CAT-QuickHeal 20180611
ClamAV 20180611
CMC 20180611
Comodo 20180611
CrowdStrike Falcon (ML) 20180530
Cybereason 20180225
Cylance 20180611
Cyren 20180611
DrWeb 20180611
eGambit 20180611
Emsisoft 20180611
Endgame 20180507
ESET-NOD32 20180611
F-Prot 20180611
F-Secure 20180611
Fortinet 20180611
GData 20180611
Ikarus 20180611
Sophos ML 20180601
Jiangmin 20180611
K7AntiVirus 20180611
K7GW 20180611
Kaspersky 20180611
Kingsoft 20180611
Malwarebytes 20180611
MAX 20180611
McAfee 20180611
McAfee-GW-Edition 20180611
Microsoft 20180611
eScan 20180611
NANO-Antivirus 20180611
Palo Alto Networks (Known Signatures) 20180611
Panda 20180611
Qihoo-360 20180611
Rising 20180611
SentinelOne (Static ML) 20180225
Sophos AV 20180611
SUPERAntiSpyware 20180611
Symantec 20180611
Symantec Mobile Insight 20180605
TACHYON 20180611
Tencent 20180611
TheHacker 20180608
TrendMicro 20180611
TrendMicro-HouseCall 20180611
Trustlook 20180611
VBA32 20180611
VIPRE 20180611
ViRobot 20180611
Webroot 20180611
Yandex 20180609
Zillya 20180611
ZoneAlarm by Check Point 20180611
Zoner 20180611
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2018 NordVPN

Product NordVPN
Original name NordVPNSetup.exe
Internal name NordVPNSetup
File version 6.13.13
Description NordVPN Installer
Signature verification Signed file, verified signature
Signing date 12:56 PM 5/2/2018
Signers
[+] Datasec Holding Ltd.
Status Valid
Issuer GlobalSign CodeSigning CA - SHA256 - G3
Valid from 2:24 PM 9/21/2017
Valid to 2:24 PM 10/21/2020
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint BB0A79A059E1701790B36547F6A2F0D497893CD1
Serial number 0E 43 61 D0 88 3F 22 FA 1D 2C 7E 2A
[+] GlobalSign CodeSigning CA - SHA256 - G3
Status Valid
Issuer GlobalSign
Valid from 1:00 AM 6/15/2016
Valid to 1:00 AM 6/15/2024
Valid usage Code Signing, OCSP Signing
Algorithm sha256RSA
Thumbprint 090D03435EB2A8364F79B78CB173D35E8EB63558
Serial number 48 1B 6A 07 26 D2 E8 3F 26 02 D4 82 5A CD
[+] GlobalSign Root CA - R3
Status Valid
Issuer GlobalSign
Valid from 11:00 AM 3/18/2009
Valid to 11:00 AM 3/18/2029
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha256RSA
Thumbprint D69B561148F01C77C54578C10926DF5B856976AD
Serial number 04 00 00 00 00 01 21 58 53 08 A2
Counter signers
[+] GlobalSign TSA for Advanced - G2
Status Valid
Issuer GlobalSign Timestamping CA - SHA256 - G2
Valid from 1:00 AM 2/19/2018
Valid to 11:00 AM 3/18/2029
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 9B12057AE72AAFF6D63772B49F6A236F2649CDA9
Serial number 0C A7 CF 5D 07 07 24 AC 89 E7 9A 3A
[+] GlobalSign Timestamping CA - SHA256 - G2
Status Valid
Issuer GlobalSign
Valid from 11:00 AM 8/2/2011
Valid to 11:00 AM 3/29/2029
Valid usage All
Algorithm sha256RSA
Thumbrint 91843BBD936D86EAFA42A3AFBF33E92831068F99
Serial number 04 00 00 00 00 01 31 89 C6 50 04
[+] GlobalSign Root CA - R3
Status Valid
Issuer GlobalSign
Valid from 11:00 AM 3/18/2009
Valid to 11:00 AM 3/18/2029
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha256RSA
Thumbrint D69B561148F01C77C54578C10926DF5B856976AD
Serial number 04 00 00 00 00 01 21 58 53 08 A2
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-02-19 11:06:57
Entry Point 0x000DB1F7
Number of sections 5
PE sections
Overlays
MD5 1987d4706d719d68cce4636cb592a87d
File type application/x-ms-dos-executable
Offset 2070528
Size 11160064
Entropy 8.00
PE imports
GetStdHandle
GetDriveTypeW
FileTimeToSystemTime
WaitForSingleObject
HeapDestroy
GetPrivateProfileSectionNamesW
GetFileAttributesW
GetExitCodeProcess
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
EnumSystemLocalesW
FreeEnvironmentStringsW
InitializeSListHead
InterlockedPopEntrySList
GetLocaleInfoW
EnumResourceLanguagesW
GetFileTime
WideCharToMultiByte
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
FormatMessageW
ConnectNamedPipe
InterlockedPushEntrySList
InitializeCriticalSection
LoadResource
GetLogicalDriveStringsW
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
EncodePointer
WritePrivateProfileStringW
GetEnvironmentVariableW
SetLastError
GetSystemTime
TlsGetValue
CopyFileW
GetUserDefaultLangID
OutputDebugStringW
OpenEventW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
LoadLibraryA
QueryPerformanceFrequency
LoadLibraryExA
GetUserDefaultLCID
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetLocalTime
SetFilePointerEx
FlushInstructionCache
GetPrivateProfileStringW
GetFullPathNameW
CreateThread
GetSystemDirectoryW
GetExitCodeThread
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetModuleHandleExW
SetCurrentDirectoryW
VirtualQuery
GetDiskFreeSpaceExW
SetEndOfFile
GetCurrentThreadId
GetProcAddress
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
PeekNamedPipe
TerminateThread
LoadLibraryW
GetVersionExW
SetEvent
QueryPerformanceCounter
SetConsoleTextAttribute
TlsAlloc
VirtualProtect
FlushFileBuffers
lstrcmpiW
RtlUnwind
GetWindowsDirectoryW
GetFileSize
GetStartupInfoW
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
GetConsoleScreenBufferInfo
CreateNamedPipeW
GetProcessHeap
GetTempFileNameW
CompareStringW
RemoveDirectoryW
FindNextFileW
InterlockedIncrement
ResetEvent
FindFirstFileW
IsValidLocale
lstrcmpW
FindFirstFileExW
GlobalLock
ReadConsoleW
GetTempPathW
CreateEventW
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
GetSystemInfo
GlobalFree
GetConsoleCP
FindResourceW
GetEnvironmentStringsW
GlobalUnlock
GlobalAlloc
lstrlenW
Process32NextW
VirtualFree
WaitForSingleObjectEx
SizeofResource
CompareFileTime
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
CopyFileExW
Process32FirstW
GetCurrentThread
lstrcpynW
GetSystemDefaultLangID
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
SetStdHandle
IsValidCodePage
FindResourceExW
CreateProcessW
Sleep
VirtualAlloc
GetOEMCP
Number of PE resources by type
RT_STRING 15
RT_DIALOG 13
RT_ICON 6
RT_BITMAP 6
RTF_FILE 2
RT_MENU 2
IMAGE_FILE 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 49
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
14.12

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.13.13.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
NordVPN Installer

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
868352

EntryPoint
0xdb1f7

OriginalFileName
NordVPNSetup.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2018 NordVPN

FileVersion
6.13.13

TimeStamp
2018:02:19 12:06:57+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
NordVPNSetup

ProductVersion
6.13.13

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
NordVPN

CodeSize
1201152

ProductName
NordVPN

ProductVersionNumber
6.13.13.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 62de27bc6d4927beb1b7e01969b11a1b
SHA1 120a6b2c3c8b0e5271bc7ada54d244bed07b8224
SHA256 76d97ef64a86e0cffc0f0980e50aaf605a9e32125a3fba2d756930f6a85cb741
ssdeep
196608:+KrJBo7wuFw9Z9B/gfC9OZwkYO2CI9VAksS00ZmKYk27WKmVCK/kYWWPw/7UqSrf:TrToLw73ogO49VAD74/kYVcu8kXVb

authentihash dab037ac6dc8df0fd587f6a3785db49d32b49ff3247e9bcf7985682cf697b1fd
imphash ac220fb01eeea4ecb84da554526c3e36
File size 12.6 MB ( 13230592 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2018-05-03 13:01:03 UTC ( 7 months, 1 week ago )
Last submission 2018-11-05 19:01:28 UTC ( 1 month, 1 week ago )
File names 79115781.exe
iaysswqf.exe
NordVPNSetup (5).exe
NordVPNSetup.exe
zxiu0oqs.exe
248097037.exe
w2db2v5c.exe
359223954.exe
NordVPNSetup.exe
i22hg425.exe
NordVPNSetup12.6.exe
tcbs1ctz.exe
2ghpisjh.exe
NordVPNSetup.exe
NordVPNSetup_2.exe
fdkusd3i.exe
NordVPNSetup.exe
299258205.exe
NordVPNSetup_Windows.exe
NordVPNSetup.exe
460149707.exe
1040401
91708470.exe
125365606.exe
485140829.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Runtime DLLs