× Cookies are disabled! This site requires cookies to be enabled to work properly
VirusTotal
SHA256: 7f7c06706db0e8f30cf2ff74dc3fd8c8f9750d6086c18ce7f924298b6f04b700
File name: Setup.exe
Detection ratio: 5 / 67
Analysis date: 2018-05-03 14:15:43 UTC ( 9 months, 3 weeks ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180503
Cylance Unsafe 20180503
Endgame malicious (high confidence) 20180403
McAfee-GW-Edition BehavesLike.Win32.Backdoor.rc 20180503
Qihoo-360 HEUR/QVM10.1.EAE7.Malware.Gen 20180503
Ad-Aware 20180503
AegisLab 20180503
AhnLab-V3 20180503
Alibaba 20180503
ALYac 20180503
Antiy-AVL 20180503
Arcabit 20180503
Avast 20180503
Avast-Mobile 20180503
AVG 20180503
Avira (no cloud) 20180503
AVware 20180428
Babable 20180406
BitDefender 20180503
Bkav 20180503
CAT-QuickHeal 20180503
ClamAV 20180503
CMC 20180503
Comodo 20180503
CrowdStrike Falcon (ML) 20180418
Cybereason None
Cyren 20180503
DrWeb 20180503
eGambit 20180503
Emsisoft 20180503
ESET-NOD32 20180503
F-Prot 20180503
F-Secure 20180503
Fortinet 20180503
GData 20180503
Ikarus 20180503
Sophos ML 20180121
Jiangmin 20180503
K7AntiVirus 20180503
K7GW 20180503
Kaspersky 20180503
Kingsoft 20180503
Malwarebytes 20180503
MAX 20180503
McAfee 20180503
Microsoft 20180503
eScan 20180503
NANO-Antivirus 20180503
nProtect 20180503
Palo Alto Networks (Known Signatures) 20180503
Panda 20180503
Rising 20180503
SentinelOne (Static ML) 20180225
Sophos AV 20180503
SUPERAntiSpyware 20180503
Symantec 20180503
Symantec Mobile Insight 20180501
Tencent 20180503
TheHacker 20180430
TotalDefense 20180503
TrendMicro 20180503
TrendMicro-HouseCall 20180503
Trustlook 20180503
VBA32 20180503
VIPRE 20180503
ViRobot 20180503
Webroot 20180503
Yandex 20180503
Zillya 20180502
ZoneAlarm by Check Point 20180503
Zoner 20180502
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT NSIS
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-07-07 08:50:25
Entry Point 0x0000B04B
Number of sections 5
PE sections
Overlays
MD5 7fa928e253a359aceda3c64e6c89f70a
File type font/x-snf
Offset 483840
Size 8091897
Entropy 8.00
PE imports
[+] ADVAPI32.dll
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegEnumValueW
RegEnumKeyW
RegOpenKeyExW
RegDeleteKeyW
RegQueryValueExW
[+] COMCTL32.dll
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
[+] GDI32.dll
GetDeviceCaps
CreateFontIndirectW
SelectObject
CreateBrushIndirect
SetBkMode
SetBkColor
DeleteObject
SetTextColor
[+] KERNEL32.dll
GetStdHandle
WaitForSingleObject
EncodePointer
GetFileAttributesW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
SetErrorMode
FreeEnvironmentStringsW
lstrcatW
SetStdHandle
GetCPInfo
LoadLibraryW
GetDiskFreeSpaceW
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
OutputDebugStringW
FindClose
TlsGetValue
MoveFileW
SetFileAttributesW
SetLastError
CopyFileW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
lstrcmpiW
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
GetPrivateProfileStringW
SetFilePointer
GetFullPathNameW
CreateThread
GetSystemDirectoryW
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
SearchPathW
GetModuleHandleExW
SetCurrentDirectoryW
GlobalAlloc
GetCurrentThreadId
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
lstrcmpiA
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
FreeLibrary
GetWindowsDirectoryW
GetFileSize
OpenProcess
GetModuleHandleW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GlobalLock
GetProcessHeap
GetTempFileNameW
lstrcpyW
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
lstrcpyA
FindFirstFileW
lstrcmpW
GetProcAddress
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetShortPathNameW
lstrlenA
GlobalFree
GetConsoleCP
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
CompareFileTime
GetCurrentProcessId
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
WritePrivateProfileStringW
lstrcpynW
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
lstrcpynA
GetACP
GetVersion
IsValidCodePage
WriteFile
CreateProcessW
Sleep
[+] SHELL32.dll
SHBrowseForFolderW
SHFileOperationW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFileInfoW
[+] USER32.dll
EmptyClipboard
GetMessagePos
EnableWindow
EndDialog
LoadBitmapW
SetClassLongW
DefWindowProcW
CharPrevW
PostQuitMessage
ShowWindow
SetWindowPos
SendMessageTimeoutW
GetSystemMetrics
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
EndPaint
SetWindowTextW
CharUpperW
DialogBoxParamW
AppendMenuW
IsWindowEnabled
GetDlgItemTextW
MessageBoxIndirectW
GetSysColor
SetDlgItemTextW
DispatchMessageW
CreateDialogParamW
BeginPaint
CreatePopupMenu
GetDC
SendMessageW
SetClipboardData
GetWindowLongW
FindWindowExW
IsWindowVisible
DestroyWindow
GetClientRect
SetTimer
GetDlgItem
SetForegroundWindow
SystemParametersInfoW
LoadImageW
EnableMenuItem
ScreenToClient
InvalidateRect
wsprintfA
CharNextW
CallWindowProcW
TrackPopupMenu
RegisterClassW
FillRect
CharNextA
CheckDlgButton
LoadCursorW
GetSystemMenu
GetClassInfoW
CreateWindowExW
wsprintfW
CloseClipboard
DrawTextW
OpenClipboard
ExitWindowsEx
SetCursor
[+] VERSION.dll
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
[+] ole32.dll
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_ICON 6
RT_DIALOG 5
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 13
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:07:07 01:50:25-07:00

FileType
Win32 EXE

PEType
PE32

CodeSize
80896

LinkerVersion
12.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0xb04b

InitializedDataSize
247808

SubsystemVersion
5.1

ImageVersion
6.0

OSVersion
5.1

UninitializedDataSize
2048

File identification
MD5 0d79ad5f84b8ada93e20ee26a913d92a
SHA1 1f0b0b4c53e04c9b343db886e44d512bd0a2d00e
SHA256 7f7c06706db0e8f30cf2ff74dc3fd8c8f9750d6086c18ce7f924298b6f04b700
ssdeep
196608:bAk2ECDzPcRTxcbn2PxgkhSqgJ/285mrm0SD:kk2ECPwTubnSx3gJ/2drbW

authentihash c9ce1c69a0a67f454003add23ba492b0e1d6f9f483b482a3d4532732f9f0e60c
imphash 4806b4197823b45fcaf025f7c0a07e1f
File size 8.2 MB ( 8575737 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
nsis peexe overlay

VirusTotal metadata
First submission 2018-05-03 14:15:43 UTC ( 9 months, 3 weeks ago )
Last submission 2018-05-14 23:50:08 UTC ( 9 months, 1 week ago )
File names Setup.exe
flareFile
ic-0.b3f7c5ca12e05.exe
s2s_install.exe
update.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!
More comments

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community
No votes. No one has voted on this item yet, be the first one to do so!
More votes
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Created processes
Created mutexes
Runtime DLLs
Blog | Twitter | Contact us | ToS | Privacy policy