× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 79ee1c11c5d954a7d7f53f715e927efd825efd84ce34b02d11595432d6fc92e9
File name: avast_free_antivirus_setup_online_i3a (1).exe
Detection ratio: 0 / 69
Analysis date: 2019-01-07 03:44:11 UTC ( 2 months, 1 week ago ) View latest
Antivirus Result Update
Acronis 20181227
Ad-Aware 20190107
AegisLab 20190106
AhnLab-V3 20190106
Alibaba 20180921
ALYac 20190107
Antiy-AVL 20190106
Arcabit 20190107
Avast 20190107
Avast-Mobile 20190106
AVG 20190107
Avira (no cloud) 20190107
Babable 20180918
Baidu 20190104
BitDefender 20190107
Bkav 20190104
CAT-QuickHeal 20190106
ClamAV 20190107
CMC 20190106
Comodo 20190107
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20190107
Cyren 20190107
DrWeb 20190107
eGambit 20190107
Emsisoft 20190107
Endgame 20181108
ESET-NOD32 20190106
F-Prot 20190107
F-Secure 20190107
Fortinet 20190107
GData 20190107
Ikarus 20190106
Sophos ML 20181128
Jiangmin 20190107
K7AntiVirus 20190107
K7GW 20190106
Kaspersky 20190107
Kingsoft 20190107
Malwarebytes 20190107
MAX 20190107
McAfee 20190107
McAfee-GW-Edition 20190107
Microsoft 20190107
eScan 20190107
NANO-Antivirus 20190106
Palo Alto Networks (Known Signatures) 20190107
Panda 20190106
Qihoo-360 20190107
Rising 20190106
SentinelOne (Static ML) 20181223
Sophos AV 20190106
SUPERAntiSpyware 20190102
Symantec 20190106
TACHYON 20190106
Tencent 20190107
TheHacker 20190106
Trapmine 20190103
TrendMicro 20190106
TrendMicro-HouseCall 20190106
Trustlook 20190107
VBA32 20190104
ViRobot 20190106
Webroot 20190107
Yandex 20181229
Zillya 20190105
ZoneAlarm by Check Point 20190107
Zoner 20190107
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (c) 2018 AVAST Software

Product Avast Antivirus
Original name SfxInst.exe
Internal name SfxInst
File version 18.8.4084.0
Description Avast Antivirus Installer
Comments Avast Antivirus
Signature verification Signed file, verified signature
Signing date 3:42 PM 11/15/2018
Signers
[+] AVAST Software s.r.o.
Status Valid
Issuer DigiCert High Assurance Code Signing CA-1
Valid from 12:00 AM 09/06/2016
Valid to 12:00 PM 10/04/2019
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint AD4C5429E10F4FF6C01840C20ABA344D7401209F
Serial number 07 C7 0F 7C AB 14 5B C1 ED 38 5F BE 69 FA 31 30
[+] DigiCert High Assurance Code Signing CA-1
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 12:00 PM 02/11/2011
Valid to 12:00 PM 02/10/2026
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint E308F829DC77E80AF15EDD4151EA47C59399AB46
Serial number 02 C4 D1 E5 8A 4A 68 0C 56 8D A3 04 7E 7E 4D 5F
[+] DigiCert
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 12:00 AM 11/10/2006
Valid to 12:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
Serial number 02 AC 5C 26 6A 0B 40 9B 8F 0B 79 F2 AE 46 25 77
Counter signers
[+] DigiCert Timestamp Responder
Status Valid
Issuer DigiCert Assured ID CA-1
Valid from 12:00 AM 10/22/2014
Valid to 12:00 AM 10/22/2024
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 614D271D9102E30169822487FDE5DE00A352B01D
Serial number 03 01 9A 02 3A FF 58 B1 6B D6 D5 EA E6 17 F0 66
[+] DigiCert Assured ID CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 12:00 AM 11/10/2006
Valid to 12:00 AM 11/10/2021
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing
Algorithm sha1RSA
Thumbrint 19A09B5A36F4DD99727DF783C17A51231A56C117
Serial number 06 FD F9 03 96 03 AD EA 00 0A EB 3F 27 BB BA 1B
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 12:00 AM 11/10/2006
Valid to 12:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbrint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-14 17:42:46
Entry Point 0x00031780
Number of sections 6
PE sections
Overlays
MD5 18e077084c9d24adea05d32819b85fc3
File type data
Offset 1296896
Size 6184768
Entropy 8.00
PE imports
GetVolumePathNameW
GetStdHandle
FileTimeToSystemTime
WaitForSingleObject
HeapDestroy
DebugBreak
CreateTimerQueue
GetFileAttributesW
GetExitCodeProcess
GetVolumePathNamesForVolumeNameW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
EnumSystemLocalesW
ExitProcess
UnregisterWait
FreeEnvironmentStringsW
lstrcatW
InitializeSListHead
InterlockedPopEntrySList
GetLocaleInfoW
SetStdHandle
GetFileTime
WideCharToMultiByte
lstrcmpiA
InterlockedExchange
WriteFile
GetTimeZoneInformation
GetSystemTimeAsFileTime
SetThreadAffinityMask
GetThreadTimes
GlobalMemoryStatusEx
HeapReAlloc
GetStringTypeW
QueryDepthSList
GetThreadPriority
GetOEMCP
LocalFree
FormatMessageW
ResumeThread
FreeLibraryAndExitThread
InitializeCriticalSection
LoadResource
FindClose
TlsGetValue
QueryDosDeviceW
FormatMessageA
SetFileAttributesW
EncodePointer
OutputDebugStringA
GetEnvironmentVariableW
SetLastError
DeviceIoControl
InterlockedDecrement
GetUserDefaultLangID
OutputDebugStringW
GetModuleFileNameW
TryEnterCriticalSection
IsDebuggerPresent
HeapAlloc
FindNextVolumeW
TzSpecificLocalTimeToSystemTime
LoadLibraryExA
SetThreadPriority
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
DeleteTimerQueueTimer
GetPrivateProfileStringW
SetFilePointer
GetFullPathNameW
LockFileEx
CreateThread
SetEnvironmentVariableW
MoveFileExW
GetSystemDirectoryW
GetExitCodeThread
CreateSemaphoreW
GetVolumeNameForVolumeMountPointW
IsProcessorFeaturePresent
GetSystemTimes
ExitThread
DecodePointer
TerminateProcess
SetUnhandledExceptionFilter
GetModuleHandleExW
GlobalAlloc
GetDiskFreeSpaceExW
SetEndOfFile
GetVersion
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
TerminateThread
LoadLibraryW
FindVolumeClose
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
FreeLibrary
GetWindowsDirectoryW
ChangeTimerQueueTimer
GetFileSize
WriteProcessMemory
WaitForMultipleObjects
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CreateFileMappingW
CompareStringW
GetFileSizeEx
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
ResetEvent
CreateTimerQueueTimer
FindFirstFileW
IsValidLocale
DuplicateHandle
FindFirstFileExW
GetUserDefaultLCID
SignalObjectAndWait
GetLogicalProcessorInformation
ReadConsoleW
GetProcessAffinityMask
CreateEventW
CreateFileW
GetFileType
TlsSetValue
GetCurrentThreadId
FindFirstVolumeW
InterlockedIncrement
GetNativeSystemInfo
GetLastError
InterlockedPushEntrySList
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
GetSystemInfo
GlobalFree
GetConsoleCP
UnregisterWaitEx
GetEnvironmentStringsW
GlobalUnlock
VirtualQuery
VirtualFree
WaitForSingleObjectEx
InterlockedFlushSList
SwitchToThread
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
GetCPInfo
HeapSize
RegisterWaitForSingleObject
GetCommandLineA
InterlockedCompareExchange
GetCurrentThread
RaiseException
ReleaseSemaphore
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
SetDllDirectoryW
UnlockFileEx
GetACP
GlobalLock
GetModuleHandleW
FreeResource
GetFileAttributesExW
GetLongPathNameW
GetNumaHighestNodeNumber
IsValidCodePage
UnmapViewOfFile
FindResourceW
CreateProcessW
Sleep
VirtualAlloc
CreateHardLinkW
RtlUnwind
PE exports
Number of PE resources by type
RT_ICON 11
RT_MANIFEST 1
RT_VERSION 1
FILE 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 13
ENGLISH US 1
CZECH DEFAULT 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

Comments
Avast Antivirus

InitializedDataSize
386048

ImageVersion
0.0

ProductName
Avast Antivirus

FileVersionNumber
18.8.4084.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x0017

ImageFileCharacteristics
Executable, Large address aware, 32-bit, Net run from swap

CharacterSet
Unicode

LinkerVersion
14.0

FileTypeExtension
exe

OriginalFileName
SfxInst.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
18.8.4084.0

TimeStamp
2018:11:14 18:42:46+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
SfxInst

ProductVersion
18.8.4084.0

FileDescription
Avast Antivirus Installer

OSVersion
5.1

FileOS
Win32

LegalCopyright
Copyright (c) 2018 AVAST Software

MachineType
Intel 386 or later, and compatibles

CompanyName
AVAST Software

CodeSize
923136

FileSubtype
0

ProductVersionNumber
18.8.4084.0

EntryPoint
0x31780

ObjectFileType
Dynamic link library

Execution parents
File identification
MD5 d49ed458db499f04ecfc0ed5af0edd34
SHA1 592e6e215d545551081d14496efa31ab8caff600
SHA256 79ee1c11c5d954a7d7f53f715e927efd825efd84ce34b02d11595432d6fc92e9
ssdeep
196608:Zr2gTf1ig1nuLDbVGeRbTsnPVptvWHg7XFERLz5Z:Zr2qnqPVlRbSVyAREvZ

authentihash 9ade150b97741786dbab03979317747ac28af9ee752666a10954c4ebf3b61a53
imphash 31de410e567bd02d4eb55753c1719f43
File size 7.1 MB ( 7481664 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2018-11-15 15:53:06 UTC ( 4 months ago )
Last submission 2019-03-08 05:15:34 UTC ( 1 week, 6 days ago )
File names avast_free_antivirus_setup_online.exe
avast_free_antivirus_setup_online.exe
avast_free_antivirus_setup_online.exe
avast_free_antivirus_setup_online_j2l.exe
avast_free_antivirus_setup_online.exe
avast_free_antivirus_setup_online.exe
avast_free_antivirus_setup_online_1.exe
avast_free_antivirus_setup_online.exe
avast_free_antivirus_setup_online_a2l.exe
avast_free_antivirus_setup_online_u2k.exe
avast_free_antivirus_setup_online.exe
avast_free_antivirus_setup_online.exe
avast_free_antivirus_setup_online_a3a.exe
avast_free_antivirus_setup_online_i3a (1).exe
avast_free_antivirus_setup_online.exe
avast_free_antivirus_setup_online_j2k.exe
avast_free_antivirus_setup_online.exe
avast_free_antivirus_setup_online.exe
avast_free_antivirus_setup_online.exe
avast_free_antivirus_setup_online_a2k.exe
avast_free_antivirus_setup_online.exe
avast_free_antivirus_setup_online.exe
avast_free_antivirus_setup_online.exe
avast_free_antivirus_setup_online_c2i.exe
avast_free_antivirus_setup_online_f2l.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
HTTP requests
DNS requests
TCP connections