× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7a7353a01b34ea792315149a79224e36705378ac1ecf04f8cea4c0751d91b9bc
File name: Connectify2017Installer.exe
Detection ratio: 1 / 61
Analysis date: 2017-04-09 08:08:31 UTC ( 1 year, 10 months ago ) View latest
Antivirus Result Update
Rising Malware.Undefined!8.C (cloud:aFQT3vq1JyB) 20170409
Ad-Aware 20170409
AegisLab 20170409
AhnLab-V3 20170409
Alibaba 20170407
ALYac 20170409
Antiy-AVL 20170409
Arcabit 20170407
Avast 20170409
AVG 20170409
Avira (no cloud) 20170409
AVware 20170409
Baidu 20170406
BitDefender 20170409
Bkav 20170408
CAT-QuickHeal 20170407
ClamAV 20170409
CMC 20170409
Comodo 20170409
CrowdStrike Falcon (ML) 20170130
Cyren 20170409
DrWeb 20170409
Emsisoft 20170409
Endgame 20170407
ESET-NOD32 20170409
F-Prot 20170409
F-Secure 20170409
Fortinet 20170409
GData 20170409
Ikarus 20170409
Sophos ML 20170203
Jiangmin 20170409
K7AntiVirus 20170409
K7GW 20170409
Kaspersky 20170409
Kingsoft 20170409
Malwarebytes 20170409
McAfee 20170409
McAfee-GW-Edition 20170409
Microsoft 20170409
eScan 20170409
NANO-Antivirus 20170409
nProtect 20170409
Palo Alto Networks (Known Signatures) 20170409
Panda 20170409
Qihoo-360 20170409
SentinelOne (Static ML) 20170330
Sophos AV 20170409
SUPERAntiSpyware 20170409
Symantec 20170408
Symantec Mobile Insight 20170406
Tencent 20170409
TheHacker 20170406
TrendMicro 20170409
TrendMicro-HouseCall 20170409
Trustlook 20170409
VBA32 20170407
VIPRE 20170409
ViRobot 20170408
Webroot 20170409
WhiteArmor 20170327
Yandex 20170406
Zillya 20170407
ZoneAlarm by Check Point 20170409
Zoner 20170409
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright 2009-2017

Product Connectify 2017
File version 2017.4.1.38641
Description Connectify 2017
Signature verification Signed file, verified signature
Signing date 8:59 PM 4/3/2017
Signers
[+] Connectify (Connectify, Inc.)
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer DigiCert EV Code Signing CA (SHA2)
Valid from 1:00 AM 9/2/2015
Valid to 1:00 PM 8/31/2018
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 38ED20D851289628A696A9261180CDF144E925AB
Serial number 09 85 04 D6 33 E5 B6 07 8E DD 44 DD E9 D2 AF 69
[+] DigiCert EV Code Signing CA (SHA2)
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 1:00 PM 4/18/2012
Valid to 1:00 PM 4/18/2027
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 60EE3FC53D4BDFD1697AE5BEAE1CAB1C0F3AD4E3
Serial number 03 F1 B4 E1 5F 3A 82 F1 14 96 78 B3 D7 D8 47 5C
[+] DigiCert
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
Serial number 02 AC 5C 26 6A 0B 40 9B 8F 0B 79 F2 AE 46 25 77
Counter signers
[+] GlobalSign TSA for MS Authenticode - G2
Status Valid
Issuer GlobalSign Timestamping CA - G2
Valid from 1:00 AM 5/24/2016
Valid to 1:00 AM 6/24/2027
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 63B82FAB61F583909695050B00249C502933EC79
Serial number 11 21 D6 99 A7 64 97 3E F1 F8 42 7E E9 19 CC 53 41 14
[+] GlobalSign Timestamping CA - G2
Status Valid
Issuer GlobalSign Root CA
Valid from 11:00 AM 4/13/2011
Valid to 1:00 PM 1/28/2028
Valid usage All
Algorithm sha1RSA
Thumbrint C0E49D2D7D90A5CD427F02D9125694D5D6EC5B71
Serial number 04 00 00 00 00 01 2F 4E E1 52 D7
[+] GlobalSign Root CA - R1
Status Valid
Issuer GlobalSign Root CA
Valid from 1:00 PM 9/1/1998
Valid to 1:00 PM 1/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbrint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
Packers identified
F-PROT UPX, maxorder, appended, NSIS, UTF-8, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-12-11 21:53:00
Entry Point 0x000038A1
Number of sections 5
PE sections
Overlays
MD5 05d7e43e4bc958ac32d67b7e36a66a3b
File type data
Offset 181760
Size 12793152
Entropy 8.00
PE imports
RegCreateKeyExW
RegEnumValueW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueExW
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
CreateFontIndirectW
SelectObject
CreateBrushIndirect
SetBkMode
SetBkColor
DeleteObject
SetTextColor
SetFilePointer
GetLastError
CopyFileW
GetShortPathNameW
lstrlenA
GetModuleFileNameW
GlobalFree
WaitForSingleObject
GetExitCodeProcess
ExitProcess
GlobalUnlock
GetFileAttributesW
lstrcmpiW
GetCurrentProcess
CompareFileTime
GetWindowsDirectoryW
GetFileSize
SetFileTime
GetCommandLineW
WideCharToMultiByte
SetErrorMode
MultiByteToWideChar
lstrlenW
CreateDirectoryW
DeleteFileW
GlobalLock
ReadFile
lstrcpyA
GetPrivateProfileStringW
WritePrivateProfileStringW
GetTempFileNameW
lstrcpynW
RemoveDirectoryW
ExpandEnvironmentStringsW
lstrcpyW
SetFileAttributesW
lstrcmpiA
CreateThread
SetEnvironmentVariableW
MoveFileExW
GetModuleHandleA
GetSystemDirectoryW
GetDiskFreeSpaceW
FindNextFileW
GetTempPathW
CloseHandle
FindFirstFileW
lstrcmpW
GetModuleHandleW
lstrcatW
FreeLibrary
SearchPathW
SetCurrentDirectoryW
WriteFile
CreateFileW
GlobalAlloc
CreateProcessW
FindClose
Sleep
MoveFileW
GetFullPathNameW
GetTickCount
GetVersion
GetProcAddress
LoadLibraryExW
MulDiv
SHBrowseForFolderW
SHFileOperationW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFileInfoW
EmptyClipboard
GetMessagePos
EndPaint
EndDialog
LoadBitmapW
SetClassLongW
DefWindowProcW
CharPrevW
PostQuitMessage
SendMessageTimeoutW
SetWindowPos
wvsprintfW
GetSystemMetrics
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
DestroyWindow
EnableWindow
GetDC
DialogBoxParamW
AppendMenuW
IsWindowEnabled
GetDlgItemTextW
MessageBoxIndirectW
GetSysColor
CheckDlgButton
DispatchMessageW
GetAsyncKeyState
ReleaseDC
BeginPaint
CreatePopupMenu
SendMessageW
ShowWindow
SetWindowTextW
SetClipboardData
wsprintfW
FindWindowExW
IsWindowVisible
SetForegroundWindow
GetClientRect
SetTimer
GetDlgItem
SystemParametersInfoW
DrawTextW
LoadImageW
EnableMenuItem
ScreenToClient
InvalidateRect
CreateDialogParamW
wsprintfA
CharNextW
CallWindowProcW
TrackPopupMenu
RegisterClassW
FillRect
IsDlgButtonChecked
CharNextA
SetDlgItemTextW
LoadCursorW
GetSystemMenu
GetClassInfoW
CreateWindowExW
GetWindowLongW
CloseClipboard
SetCursor
ExitWindowsEx
OpenClipboard
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_DIALOG 12
RT_ICON 7
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 22
PE resources
ExifTool file metadata
UninitializedDataSize
2048

LinkerVersion
6.0

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
2017.4.1.38641

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Connectify 2017

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
152064

EntryPoint
0x38a1

MIMEType
application/octet-stream

LegalCopyright
Copyright 2009-2017

FileVersion
2017.4.1.38641

TimeStamp
2016:12:11 22:53:00+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
2017.4.1.38641

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Connectify

CodeSize
27136

ProductName
Connectify 2017

ProductVersionNumber
2017.4.1.38641

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Compressed bundles
File identification
MD5 ece9a27c40bfdcffa99d5faaea73f0ed
SHA1 55f65bfcfe62088b3393c8381884b019a8bef499
SHA256 7a7353a01b34ea792315149a79224e36705378ac1ecf04f8cea4c0751d91b9bc
ssdeep
196608:o+QPV8oyb9aRpI7SDzDX9trBt9jOF0FoijcTX45nLKPG+kidLrOlRtR1661IrX:5Qy9aRpI+Dz79trrs0FmX4d+klltreD

authentihash a96e444bcdd9058b7897ebc4e1d39f048be49aa928eec0c4c5954c099b0f0e26
imphash 91ee5e6bfb97a170f42f9cf6e9a4878d
File size 12.4 MB ( 12974912 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
nsis peexe signed upx overlay

VirusTotal metadata
First submission 2017-04-03 20:15:32 UTC ( 1 year, 10 months ago )
Last submission 2018-09-23 22:32:14 UTC ( 5 months ago )
File names Connectify 2018.0.0.38894.exe
Connectify2017Installer.exe
Connectify2017Installer.exe
Connectify2017Installer.exe
Connectify20172017.4.1.38641.exe
ConnectifyIS.exe
Connectify 2018.1.0.38913.exe
Connectify2017Installer_38641.50.exe
Connectify2017Installer_ir5f9aa08aNa60661699bf32e3aa5d3db17_.exe
Connectify2017Installer.exe
connectify2017installer (1).exe
ConnectifyInstaller.exe
Connectify2017Installer.exe
Setup.exe
ConnectifyInstaller.exe
CONNEC~1.EXE
1001556
connectify2017installer.exe
ConnectifyInstaller.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created mutexes
Runtime DLLs
UDP communications