× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7efe4d3b5d00aaa009f1751ec28663e3b648fc015d0097f8350df4516ebc55e9
File name: 4zSetup.exe
Detection ratio: 9 / 45
Analysis date: 2013-02-20 20:42:34 UTC ( 1 year, 2 months ago )
Antivirus Result Update
AVG Zango 20130220
Avast Win32:FunWeb-K [PUP] 20130220
ClamAV Adware.MyWebSearch-18 20130220
Comodo Heur.Suspicious 20130220
ESET-NOD32 a variant of Win32/Toolbar.MyWebSearch.O 20130220
Emsisoft Riskware.Win32.Toolbar.MyWebSearch.AMN (A) 20130220
TrendMicro-HouseCall TROJ_GEN.F47V0216 20130220
VIPRE MyWebSearch.J (v) (not malicious) 20130220
eSafe Win32.Toolbar.MyWebS 20130211
Agnitum 20130220
AntiVir 20130220
Antiy-AVL 20130220
BitDefender 20130220
ByteHero 20130218
CAT-QuickHeal 20130220
Commtouch 20130220
DrWeb 20130220
F-Prot 20130220
F-Secure 20130220
Fortinet 20130220
GData 20130220
Ikarus 20130220
Jiangmin 20130220
K7AntiVirus 20130220
Kaspersky 20130220
Kingsoft 20130204
Malwarebytes 20130220
McAfee 20130220
McAfee-GW-Edition 20130220
MicroWorld-eScan 20130220
Microsoft 20130220
NANO-Antivirus 20130220
Norman 20130220
PCTools 20130219
Panda 20130220
Rising 20130205
SUPERAntiSpyware 20130220
Sophos 20130220
Symantec 20130220
TheHacker 20130219
TotalDefense 20130220
TrendMicro 20130220
VBA32 20130220
ViRobot 20130220
nProtect 20130220
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
Copyright (c) 2009, 2010, 2011, 2012

Publisher VideoDownloadConverter
Product VideoDownloadConverter
Original name 4zSetup.exe
Internal name 4zSetup
File version 2, 0, 4, 9
Description VideoDownloadConverter
Signing date 11:19 PM 2/7/2013
Packers identified
F-PROT CAB
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-12-05 02:11:58
Entry Point 0x00002850
Number of sections 4
PE sections
PE imports
RegFlushKey
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
HeapFree
EnterCriticalSection
lstrlenA
lstrcmpiA
WaitForSingleObject
GetExitCodeProcess
ExitProcess
GetVersionExA
GetModuleFileNameA
DeleteFileA
LoadLibraryA
GetShortPathNameA
DeleteCriticalSection
GetStartupInfoA
GetPriorityClass
SizeofResource
GetCurrentProcessId
lstrcatA
LockResource
lstrlenW
GetWindowsDirectoryA
SetEvent
GetCommandLineA
WaitForMultipleObjects
GetProcessHeap
GetTempPathA
CloseHandle
CreateThread
GetModuleHandleA
GetExitCodeThread
lstrcpyA
GetCurrentProcess
EnumResourceNamesA
ReadFile
lstrcpynA
HeapReAlloc
GetProcAddress
SetFileAttributesA
FreeLibrary
LocalFree
MoveFileA
ResumeThread
CreateProcessA
WideCharToMultiByte
InitializeCriticalSection
LoadResource
WriteFile
CreateEventA
CreateFileA
HeapAlloc
GetCurrentThreadId
FindResourceA
GetFileSize
SetLastError
LeaveCriticalSection
Ord(8)
Ord(9)
SendDlgItemMessageA
wsprintfA
DispatchMessageA
PostMessageA
CharNextA
PeekMessageA
MsgWaitForMultipleObjects
TranslateMessage
CoUninitialize
CoCreateInstance
CoInitialize
Number of PE resources by type
RT_MANIFEST 1
PART 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
ExifTool file metadata
Tag049
D

InitializedDataSize
2985984

ImageVersion
0.0

ProductName
VideoDownloadConverter

FileVersionNumber
2.0.4.9

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
6.0

OriginalFilename
4zSetup.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2, 0, 4, 9

TimeStamp
2012:12:05 03:11:58+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
4zSetup

SubsystemVersion
4.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright 2009, 2010, 2011, 2012

MachineType
Intel 386 or later, and compatibles

CompanyName
VideoDownloadConverter

CodeSize
12288

FileSubtype
0

ProductVersionNumber
2.0.4.9

EntryPoint
0x2850

ObjectFileType
Dynamic link library

File identification
MD5 4a314740b478137bc4222f95debdcac2
SHA1 c23ad6068fd793ad5a85601174ace5e51176cf65
SHA256 7efe4d3b5d00aaa009f1751ec28663e3b648fc015d0097f8350df4516ebc55e9
ssdeep
49152:GSce5nPLbqF94wsDvZ5Wq7ck+NnFYTidCJF+o1FLg7je4Q:3/mShDB05nuTMCJtXyq4Q

File size 2.9 MB ( 3008912 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
Tags
peexe signed

VirusTotal metadata
First submission 2013-02-16 03:05:43 UTC ( 1 year, 2 months ago )
Last submission 2013-02-20 20:42:34 UTC ( 1 year, 2 months ago )
File names 4zSetup.exe
4zSetup
4a314740b478137bc4222f95debdcac2
4a314740b478137bc4222f95debdcac2
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Set keys
Deleted keys
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections