× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 77727382a21dceab4d983a97b4b222aaaad0cb9fcacc58b4ee3fe267b7919bce
File name: 27072_Lianne_Setup.exe
Detection ratio: 1 / 65
Analysis date: 2017-09-19 06:21:44 UTC ( 1 year, 3 months ago )
Antivirus Result Update
CMC Email-Flooder.Win32.MailBomber!O 20170918
Ad-Aware 20170919
AegisLab 20170919
AhnLab-V3 20170919
Alibaba 20170911
ALYac 20170919
Antiy-AVL 20170919
Arcabit 20170919
Avast 20170919
Avast-Mobile 20170829
AVG 20170919
Avira (no cloud) 20170918
AVware 20170919
Baidu 20170919
BitDefender 20170919
CAT-QuickHeal 20170919
ClamAV 20170919
Comodo 20170918
CrowdStrike Falcon (ML) 20170804
Cylance 20170919
Cyren 20170919
DrWeb 20170919
Emsisoft 20170919
Endgame 20170821
ESET-NOD32 20170919
F-Prot 20170919
F-Secure 20170919
Fortinet 20170919
GData 20170919
Ikarus 20170918
Sophos ML 20170914
Jiangmin 20170919
K7AntiVirus 20170919
K7GW 20170919
Kaspersky 20170919
Kingsoft 20170919
Malwarebytes 20170919
MAX 20170919
McAfee 20170919
McAfee-GW-Edition 20170919
Microsoft 20170919
eScan 20170919
NANO-Antivirus 20170919
nProtect 20170919
Palo Alto Networks (Known Signatures) 20170919
Panda 20170918
Qihoo-360 20170919
Rising 20170919
SentinelOne (Static ML) 20170806
Sophos AV 20170919
SUPERAntiSpyware 20170919
Symantec 20170919
Symantec Mobile Insight 20170917
Tencent 20170919
TheHacker 20170916
TotalDefense 20170919
TrendMicro 20170919
TrendMicro-HouseCall 20170919
Trustlook 20170919
VBA32 20170918
VIPRE 20170919
ViRobot 20170919
Webroot 20170919
WhiteArmor 20170829
Yandex 20170908
Zillya 20170916
ZoneAlarm by Check Point 20170919
Zoner 20170919
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT INNO, UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0000BEC0
Number of sections 8
PE sections
Overlays
MD5 903c98dece122f91d13c9a06ef5d4aa6
File type data
Offset 61440
Size 1127017
Entropy 8.00
PE imports
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
InitCommonControls
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetFileAttributesA
ExitProcess
GetVersionExA
GetModuleFileNameA
RtlUnwind
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCPInfo
GetCommandLineA
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
WriteFile
CloseHandle
GetTempFileNameA
GetFullPathNameA
LocalFree
CreateProcessA
InitializeCriticalSection
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
GetVersion
VirtualAlloc
GetFileSize
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
GetSystemMetrics
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
CharNextA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 2
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 9
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
46592

LinkerVersion
2.25

EntryPoint
0xbec0

InitializedDataSize
16384

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
1.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 a753b5ff2b43311b10c5797cd67fcb54
SHA1 1bfe53cd6dca9f7788e14edc3f8ca624b7ce4137
SHA256 77727382a21dceab4d983a97b4b222aaaad0cb9fcacc58b4ee3fe267b7919bce
ssdeep
24576:o4osmPoRESsGp1TAffu6iryuvdMSMATd9ZfH6KPrzgBhvDqBUi6/:o4oseoRzpIR+yceTATdfaKTzgBhv2B9E

authentihash f9915842f3b218327db51419c47f6fe0aced0522947f045caad79cfdb382316f
imphash 1a6a4d207a1ff618f295bf986eadc19c
File size 1.1 MB ( 1188457 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (82.8%)
Win32 Executable Delphi generic (10.7%)
Win32 Executable (generic) (3.4%)
Generic Win/DOS Executable (1.5%)
DOS Executable Generic (1.5%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2009-09-19 07:43:21 UTC ( 9 years, 3 months ago )
Last submission 2017-02-26 16:30:14 UTC ( 1 year, 9 months ago )
File names A753B5FF2B43311B10C5797CD67FCB54.bin
27287_Lianne_Setup.exe
1184230
output.1184230.txt
07.exe
1340785101-1080313-27072_Lianne_Setup.zip
file-3467811_exe
a753b5ff2b43311b10c5797cd67fcb54
77727382A21DCEAB4D983A97B4B222AAAAD0CB9FCACC58B4EE3FE267B7919BCE
77727382A21DCEAB4D983A97B4B222AAAAD0CB9FCACC58B4EE3FE267B7919BCE.exe
27072_Lianne_Setup.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!