× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 81a1e811424d5dea982cc8af9ec7ef29045410f0450a49ec5252088c70963126
File name: filename
Detection ratio: 1 / 57
Analysis date: 2016-05-13 09:47:08 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
VBA32 suspected of Trojan.Downloader.gen.h 20160512
Ad-Aware 20160513
AegisLab 20160513
AhnLab-V3 20160513
Alibaba 20160513
ALYac 20160513
Antiy-AVL 20160513
Arcabit 20160513
Avast 20160513
AVG 20160513
Avira (no cloud) 20160513
AVware 20160511
Baidu 20160512
Baidu-International 20160512
BitDefender 20160513
Bkav 20160512
CAT-QuickHeal 20160512
ClamAV 20160513
CMC 20160510
Comodo 20160513
Cyren 20160513
DrWeb 20160513
Emsisoft 20160513
ESET-NOD32 20160513
F-Prot 20160513
F-Secure 20160513
Fortinet 20160513
GData 20160513
Ikarus 20160513
Jiangmin 20160513
K7AntiVirus 20160513
K7GW 20160513
Kaspersky 20160513
Kingsoft 20160513
Malwarebytes 20160513
McAfee 20160513
McAfee-GW-Edition 20160513
Microsoft 20160513
eScan 20160513
NANO-Antivirus 20160513
nProtect 20160513
Panda 20160512
Qihoo-360 20160513
Rising 20160513
Sophos AV 20160513
SUPERAntiSpyware 20160513
Symantec 20160513
Tencent 20160513
TheHacker 20160513
TotalDefense 20160512
TrendMicro 20160513
TrendMicro-HouseCall 20160513
VIPRE 20160513
ViRobot 20160513
Yandex 20160510
Zillya 20160513
Zoner 20160513
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright

File version
Description WinASO Registry Optimizer Setup
Comments This installation was built with Inno Setup: http://www.innosetup.com
Signature verification Certificate out of its validity period
Signers
[+] X.M.Y. International LLC
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer WoSign Code Signing Authority
Valid from 1:00 AM 10/19/2010
Valid to 12:59 AM 10/19/2013
Valid usage Code Signing, 1.3.6.1.4.1.311.2.1.22
Algorithm sha1RSA
Thumbprint ED5B7BEED113227BCCF807E4D36006AEACC74011
Serial number 00 8F 11 65 FD 73 A9 74 E7 62 E8 6A FD 1E 69 98 6B
[+] WoSign Code Signing Authority
Status Valid
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 4/25/2007
Valid to 7:40 PM 7/9/2019
Valid usage Code Signing, 1.3.6.1.4.1.311.2.1.22, Client Auth
Algorithm sha1RSA
Thumbprint EA36152981E296F9763E1DC74B3262D3928563F8
Serial number 42 CE 8A 30 D3 56 02 F8 41 18 6C 6E 20 53 19 04
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbprint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
Packers identified
F-PROT INNO, appended, UTF-8, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x000097F0
Number of sections 8
PE sections
Overlays
MD5 6a046175461ab23cdf2206d72a9e15ac
File type data
Offset 52224
Size 7815416
Entropy 8.00
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
CreateDirectoryA
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetLocaleInfoA
LocalAlloc
LockResource
IsDBCSLeadByte
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
CloseHandle
GetFullPathNameA
LocalFree
CreateProcessA
GetModuleFileNameA
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
FindResourceA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 4
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
DUTCH 4
ENGLISH US 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
This installation was built with Inno Setup: http://www.innosetup.com

LinkerVersion
2.25

ImageVersion
0.0

FileVersionNumber
0.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
16896

EntryPoint
0x97f0

MIMEType
application/octet-stream

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
WinASO Registry Optimizer Setup

OSVersion
1.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
X.M.Y International LLC

CodeSize
36864

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 9d1b006f9b1e6c9f7d1b041772f5128a
SHA1 afef5508c6922e0da80feadc18283c4c5b670372
SHA256 81a1e811424d5dea982cc8af9ec7ef29045410f0450a49ec5252088c70963126
ssdeep
196608:6HmiQjuO34Tp1KvLo6n7kXP59aUigTE82KVrLC2++qJp/UJ8nOlLqX:6Heju84TPKTBn4R9aUFwZ05+hpgvle

authentihash 464880e665cfd62e1e7a4d56d20ab903e678e4678b2a8de7b7ff903c3106e2e7
imphash 80417b621299e3e1de617305557a3c68
File size 7.5 MB ( 7867640 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (77.7%)
Win32 Executable Delphi generic (10.0%)
Win32 Dynamic Link Library (generic) (4.6%)
Win32 Executable (generic) (3.1%)
Win16/32 Executable Delphi generic (1.4%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2013-04-02 12:04:28 UTC ( 4 years, 5 months ago )
Last submission 2015-12-25 05:23:29 UTC ( 1 year, 9 months ago )
File names output.13528536.txt
WinASO_RO_v4.8.2.exe
WinASO_RO_v4.8.2.exe
WinASO_RO_v4.8.2.exe
WinASO_RO_v4.8.2.exe
filename
file-5602110_exe
WinASO_RO_v4.8.2.exe
13528536
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Created processes
Searched windows
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.