× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7d46a54f2063df819997cce3ec379207916c91ed1e66396fb29b60492a7cd815
File name: Hide.me-Setup-2.2.0.exe
Detection ratio: 0 / 68
Analysis date: 2019-02-13 20:10:50 UTC ( 1 month ago ) View latest
Antivirus Result Update
Acronis 20190213
Ad-Aware 20190213
AegisLab 20190213
AhnLab-V3 20190213
Alibaba 20180921
ALYac 20190213
Antiy-AVL 20190213
Arcabit 20190213
Avast 20190213
Avast-Mobile 20190213
AVG 20190213
Avira (no cloud) 20190213
Babable 20180918
Baidu 20190202
BitDefender 20190213
Bkav 20190213
CAT-QuickHeal 20190213
ClamAV 20190213
CMC 20190213
Comodo 20190213
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cylance 20190213
Cyren 20190213
DrWeb 20190213
eGambit 20190213
Emsisoft 20190213
Endgame 20181108
ESET-NOD32 20190213
F-Prot 20190213
F-Secure 20190213
Fortinet 20190213
GData 20190213
Ikarus 20190213
Sophos ML 20181128
Jiangmin 20190213
K7AntiVirus 20190213
K7GW 20190213
Kaspersky 20190213
Kingsoft 20190213
Malwarebytes 20190213
MAX 20190214
McAfee 20190213
McAfee-GW-Edition 20190213
Microsoft 20190213
eScan 20190213
NANO-Antivirus 20190213
Palo Alto Networks (Known Signatures) 20190213
Panda 20190213
Qihoo-360 20190213
Rising 20190213
SentinelOne (Static ML) 20190203
Sophos AV 20190213
SUPERAntiSpyware 20190206
Symantec 20190213
Symantec Mobile Insight 20190207
TACHYON 20190213
Tencent 20190213
TheHacker 20190212
Trapmine 20190123
TrendMicro-HouseCall 20190213
Trustlook 20190213
VBA32 20190213
ViRobot 20190213
Webroot 20190213
Yandex 20190213
Zillya 20190213
ZoneAlarm by Check Point 20190213
Zoner 20190213
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright

Product hide.me VPN
File version 2.2.0
Description hide.me VPN Setup
Comments This installation was built with Inno Setup.
Signature verification Signed file, verified signature
Signing date 7:22 PM 2/4/2019
Signers
[+] eVenture Limited
Status Valid
Issuer DigiCert EV Code Signing CA (SHA2)
Valid from 11:00 PM 05/25/2017
Valid to 11:00 AM 08/23/2020
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint BA38F347F089461902841F62F90E1D8978FD9DD5
Serial number 09 49 D5 70 51 F3 26 84 36 B1 07 6D 6F 88 D5 F3
[+] DigiCert EV Code Signing CA (SHA2)
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 11:00 AM 04/18/2012
Valid to 11:00 AM 04/18/2027
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 60EE3FC53D4BDFD1697AE5BEAE1CAB1C0F3AD4E3
Serial number 03 F1 B4 E1 5F 3A 82 F1 14 96 78 B3 D7 D8 47 5C
[+] DigiCert
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 12:00 AM 11/10/2006
Valid to 12:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
Serial number 02 AC 5C 26 6A 0B 40 9B 8F 0B 79 F2 AE 46 25 77
Counter signers
[+] DigiCert Timestamp Responder
Status Valid
Issuer DigiCert Assured ID CA-1
Valid from 11:00 PM 10/21/2014
Valid to 11:00 PM 10/21/2024
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 614D271D9102E30169822487FDE5DE00A352B01D
Serial number 03 01 9A 02 3A FF 58 B1 6B D6 D5 EA E6 17 F0 66
[+] DigiCert Assured ID CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 12:00 AM 11/10/2006
Valid to 12:00 AM 11/10/2021
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing
Algorithm sha1RSA
Thumbrint 19A09B5A36F4DD99727DF783C17A51231A56C117
Serial number 06 FD F9 03 96 03 AD EA 00 0A EB 3F 27 BB BA 1B
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 12:00 AM 11/10/2006
Valid to 12:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbrint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
Packers identified
F-PROT INNO, appended
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0000AAD0
Number of sections 8
PE sections
Overlays
MD5 fbe3b31b7aa6c738ccd0b2be9e9ffa33
File type data
Offset 121344
Size 5637592
Entropy 8.00
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
CreateDirectoryA
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
LoadLibraryA
GetACP
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetLocaleInfoA
LocalAlloc
LockResource
IsDBCSLeadByte
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
CloseHandle
GetSystemDirectoryA
GetFullPathNameA
LocalFree
CreateProcessA
GetModuleFileNameA
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
GetVersion
FindResourceA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 1
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
ENGLISH US 4
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
This installation was built with Inno Setup.

LinkerVersion
2.25

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
2.2.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
hide.me VPN Setup

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Unicode

InitializedDataSize
78336

EntryPoint
0xaad0

MIMEType
application/octet-stream

FileVersion
2.2.0

TimeStamp
1992:06:19 15:22:17-07:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
2.2.0

UninitializedDataSize
0

OSVersion
1.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
eVenture Limited

CodeSize
41984

ProductName
hide.me VPN

ProductVersionNumber
2.2.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
File identification
MD5 1e540b559c839c250c0b98087b528f24
SHA1 73a0120aae81c918ead679f558a44f534247644d
SHA256 7d46a54f2063df819997cce3ec379207916c91ed1e66396fb29b60492a7cd815
ssdeep
98304:tDo7DS/c71Dp6Q+9zXGh7lK84e1Xkwdk1Y6gf1FGdbjHm7Zw1RoBv92e17jYyVws:gDS/SBT+9z2VT4oUwdk1Fm1AdfHm7ZwI

authentihash 7b6c4ee12c82e80caa0b9aca8325b6e82c1748094776459bf833a9a75d8afcf3
imphash 2fb819a19fe4dee5c03e8c6a79342f79
File size 5.5 MB ( 5758936 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (80.3%)
Win32 Executable Delphi generic (10.3%)
Win32 Executable (generic) (3.3%)
Win16/32 Executable Delphi generic (1.5%)
OS/2 Executable (generic) (1.4%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2019-02-06 10:14:20 UTC ( 1 month, 1 week ago )
Last submission 2019-02-23 10:28:04 UTC ( 3 weeks, 4 days ago )
File names 8f2fb57dcffe27a0bea3144c30ac5ebe59b6d63bc64a658609c2f3d9ff3d5eed
Hide.me-Setup-2.2.0.exe
Hide.me-Setup-2.2.0.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Runtime DLLs