× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7c92b3a24a1318749c79471b7ef3be2a98f5a8ca452157b5c9420bea89afa4a1
File name: duplicate-file-finder-setup.exe
Detection ratio: 7 / 51
Analysis date: 2017-10-01 11:57:01 UTC ( 9 months, 2 weeks ago ) View latest
Antivirus Result Update
AVware Auslogics (fs) 20171001
DrWeb Program.Unwanted.2030 20171001
Endgame malicious (moderate confidence) 20170821
ESET-NOD32 Win32/Auslogics.F potentially unwanted 20171001
GData Win32.Application.Auslogics.A 20171001
K7GW Adware ( 0050e9c91 ) 20171001
VIPRE Auslogics (fs) (not malicious) 20171001
Ad-Aware 20171001
AhnLab-V3 20171001
Alibaba 20170911
ALYac 20171001
Arcabit 20171001
Avast-Mobile 20171001
Avira (no cloud) 20170930
Baidu 20170930
BitDefender 20171001
CAT-QuickHeal 20170930
ClamAV 20171001
CMC 20170928
CrowdStrike Falcon (ML) 20170804
Cylance 20171001
Cyren 20171001
Emsisoft 20171001
F-Prot 20171001
Fortinet 20170929
Ikarus 20171001
Sophos ML 20170914
Jiangmin 20171001
K7AntiVirus 20170928
Kingsoft 20171001
Malwarebytes 20171001
MAX 20171001
eScan 20171001
NANO-Antivirus 20171001
nProtect 20171001
Palo Alto Networks (Known Signatures) 20171001
Panda 20171001
Qihoo-360 20171001
SentinelOne (Static ML) 20170806
Sophos AV 20171001
SUPERAntiSpyware 20171001
Symantec 20170930
Symantec Mobile Insight 20170928
Tencent 20171001
TotalDefense 20171001
TrendMicro 20171001
TrendMicro-HouseCall 20171001
Trustlook 20171001
VBA32 20170929
ViRobot 20171001
WhiteArmor 20170927
Yandex 20170908
ZoneAlarm by Check Point 20171001
Zoner 20171001
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2008-2017 Auslogics Labs Pty Ltd

Product Auslogics Duplicate File Finder
File version 6.2.0.0
Description Auslogics Duplicate File Finder Installation File
Comments This installation was built with Inno Setup.
Signature verification Signed file, verified signature
Signing date 2:00 PM 9/21/2017
Signers
[+] Auslogics Labs Pty Ltd
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Symantec Class 3 Extended Validation Code Signing CA - G2
Valid from 1:00 AM 8/24/2016
Valid to 12:59 AM 1/31/2018
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 17EE7405669A017A96D2654D75C96E1F3DA96C19
Serial number 2B 5B 47 82 4A A2 41 E3 4D FA 33 99 9D 2B 96 CA
[+] Symantec Class 3 Extended Validation Code Signing CA - G2
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 3/4/2014
Valid to 12:59 AM 3/4/2024
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 5B8F88C80A73D35F76CD412A9E74E916594DFA67
Serial number 19 1A 32 CB 75 9C 97 B8 CF AC 11 8D D5 12 7F 49
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Entrust Time Stamping Authority
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Entrust Code Signing Certification Authority - L1D
Valid from 9:07 PM 12/9/2014
Valid to 8:56 AM 12/10/2017
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 5706077AF01EF9BC169EABF6270BF42772575D1C
Serial number 4C 17 93 4D
[+] Entrust Code Signing Certification Authority - L1D
Status Valid
Issuer Entrust.net Certification Authority (2048)
Valid from 4:41 PM 11/11/2011
Valid to 9:51 AM 11/12/2021
Valid usage All
Algorithm sha1RSA
Thumbrint D0D7578B7317228E31D42EDF356A7C64F1050473
Serial number 4C 0E 8C 3A
[+] Entrust (2048)
Status Valid
Issuer Entrust.net Certification Authority (2048)
Valid from 6:50 PM 12/24/1999
Valid to 3:15 PM 7/24/2029
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbrint 503006091D97D4F5AE39F7CBE7927D7D652D3431
Serial number 38 63 DE F8
Packers identified
F-PROT INNO, appended
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-07-16 13:24:20
Entry Point 0x000113BC
Number of sections 8
PE sections
Overlays
MD5 4641882a690807caf3486e76298eb019
File type data
Offset 139776
Size 8213688
Entropy 8.00
PE imports
RegCloseKey
OpenProcessToken
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
InitCommonControls
GetLastError
GetStdHandle
GetUserDefaultLangID
GetSystemInfo
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetThreadLocale
VirtualProtect
GetFileAttributesW
RtlUnwind
lstrlenW
GetExitCodeProcess
CreateProcessW
GetStartupInfoA
SizeofResource
GetWindowsDirectoryW
LocalAlloc
LockResource
GetDiskFreeSpaceW
GetCommandLineW
SetErrorMode
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
EnumCalendarInfoW
GetCPInfo
DeleteFileW
GetProcAddress
InterlockedCompareExchange
GetLocaleInfoW
lstrcpynW
RaiseException
WideCharToMultiByte
RemoveDirectoryW
SetFilePointer
GetFullPathNameW
ReadFile
GetEnvironmentVariableW
InterlockedExchange
CreateDirectoryW
WriteFile
GetCurrentProcess
CloseHandle
FindFirstFileW
GetACP
GetModuleHandleW
SignalObjectAndWait
SetEvent
FormatMessageW
LoadLibraryW
CreateEventW
GetVersion
LoadResource
FindResourceW
CreateFileW
VirtualQuery
VirtualFree
FindClose
TlsGetValue
Sleep
SetEndOfFile
TlsSetValue
ExitProcess
GetCurrentThreadId
VirtualAlloc
GetFileSize
SetLastError
ResetEvent
SysReAllocStringLen
SysFreeString
SysAllocStringLen
GetSystemMetrics
SetWindowLongW
MessageBoxW
PeekMessageW
LoadStringW
MessageBoxA
CreateWindowExW
MsgWaitForMultipleObjects
TranslateMessage
CharUpperBuffW
CallWindowProcW
CharNextW
GetKeyboardType
ExitWindowsEx
DispatchMessageW
DestroyWindow
Number of PE resources by type
RT_ICON 9
RT_STRING 6
RT_RCDATA 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 13
NEUTRAL 9
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
This installation was built with Inno Setup.

LinkerVersion
2.25

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
6.2.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
73728

EntryPoint
0x113bc

MIMEType
application/octet-stream

LegalCopyright
Copyright 2008-2017 Auslogics Labs Pty Ltd

FileVersion
6.2.0.0

TimeStamp
2015:07:16 14:24:20+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

ProductVersion
6.2.0.0

FileDescription
Auslogics Duplicate File Finder Installation File

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Auslogics Labs Pty Ltd

CodeSize
65024

ProductName
Auslogics Duplicate File Finder

ProductVersionNumber
6.2.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 1c9e6b5121d0b39b23a3f05b3fdfa90d
SHA1 90f524b1230847453a1acf9aff67c872f60c25d0
SHA256 7c92b3a24a1318749c79471b7ef3be2a98f5a8ca452157b5c9420bea89afa4a1
ssdeep
196608:oWgNasgPU77c7r8K/W5sUeiDcfCFbf38mziSJnRkOXa:CwUo8KfViDV38ojJnRkQa

authentihash 89ba780a917335dc5934ad028336a58ce6e46b710a8b30acf3a7534734b46598
imphash 48aa5c8931746a9655524f67b25a47ef
File size 8.0 MB ( 8353464 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Delphi generic (52.9%)
Win32 Executable (generic) (16.8%)
Win16/32 Executable Delphi generic (7.7%)
OS/2 Executable (generic) (7.5%)
Generic Win/DOS Executable (7.4%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2017-09-27 11:55:17 UTC ( 9 months, 3 weeks ago )
Last submission 2018-05-25 18:14:13 UTC ( 1 month, 3 weeks ago )
File names duplicate-file-finder-setup.exe
duplicate-file-finder-setup.exe
duplicate-file-finder-setup (1).exe
duplicate-file-finder-setup.exe
Не подтверждено 956430.~
duplicate-file-finder-setup.exe
duplicate-file-finder-setup.exe
duplicate-file-finder-setup.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications