× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8212407c3508959f5da4a22cd0bc02762e16586d2a7b9e2e5a0c0d939306ec2d
File name: install_spartanu3.exe
Detection ratio: 0 / 61
Analysis date: 2017-04-30 10:27:04 UTC ( 1 year, 3 months ago )
Antivirus Result Update
Ad-Aware 20170430
AegisLab 20170430
AhnLab-V3 20170430
Alibaba 20170428
ALYac 20170430
Antiy-AVL 20170429
Arcabit 20170430
Avast 20170430
AVG 20170430
Avira (no cloud) 20170429
AVware 20170430
Baidu 20170428
BitDefender 20170430
Bkav 20170428
CAT-QuickHeal 20170430
ClamAV 20170430
CMC 20170427
Comodo 20170430
CrowdStrike Falcon (ML) 20170130
Cyren 20170430
DrWeb 20170430
Emsisoft 20170430
Endgame 20170419
ESET-NOD32 20170430
F-Prot 20170430
F-Secure 20170430
Fortinet 20170430
GData 20170430
Ikarus 20170430
Sophos ML 20170413
Jiangmin 20170428
K7AntiVirus 20170430
K7GW 20170426
Kaspersky 20170430
Kingsoft 20170430
Malwarebytes 20170430
McAfee 20170430
McAfee-GW-Edition 20170429
Microsoft 20170430
eScan 20170430
NANO-Antivirus 20170430
nProtect 20170430
Palo Alto Networks (Known Signatures) 20170430
Panda 20170429
Qihoo-360 20170430
Rising 20170430
SentinelOne (Static ML) 20170330
Sophos AV 20170430
SUPERAntiSpyware 20170430
Symantec 20170429
Symantec Mobile Insight 20170428
Tencent 20170430
TheHacker 20170429
TotalDefense 20170426
TrendMicro 20170430
TrendMicro-HouseCall 20170430
Trustlook 20170430
VBA32 20170429
VIPRE 20170430
ViRobot 20170429
Webroot 20170430
WhiteArmor 20170409
Yandex 20170428
ZoneAlarm by Check Point 20170430
Zoner 20170430
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 16.1.1.0
Packers identified
F-PROT UTF-8
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-04-10 07:11:20
Entry Point 0x0001BE36
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegEnumKeyW
RegOpenKeyExW
RegDeleteKeyW
RegQueryValueExW
RegQueryValueW
RegOpenKeyW
Ord(17)
_TrackMouseEvent
GetWindowExtEx
SetMapMode
TextOutW
CreateFontIndirectW
PatBlt
GetRgnBox
SaveDC
SetTextAlign
CreateRectRgnIndirect
LPtoDP
CombineRgn
GetClipBox
GetViewportOrgEx
GetPixel
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetBkMode
CreateSolidBrush
DeleteObject
GetObjectW
BitBlt
SetTextColor
RectVisible
ExtTextOutW
CreateBitmap
Escape
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
SetBkColor
PtVisible
ExtSelectClipRgn
CreateCompatibleDC
GetBkColor
ScaleViewportExtEx
CreateRectRgn
SetViewportExtEx
GetMapMode
SetWindowExtEx
GetTextColor
SetWindowOrgEx
DPtoLP
SelectObject
GetViewportExtEx
GetTextExtentPoint32W
CreateCompatibleBitmap
GetStdHandle
ReleaseMutex
FileTimeToSystemTime
WaitForSingleObject
HeapDestroy
GetFileAttributesW
DuplicateHandle
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
MapViewOfFileEx
GetVolumeInformationW
SetErrorMode
FreeEnvironmentStringsW
lstrcatW
GetLocaleInfoW
SetStdHandle
GetFileTime
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
FormatMessageW
InitializeCriticalSection
OutputDebugStringW
GlobalHandle
FindClose
InterlockedDecrement
GetFullPathNameW
GetCurrentThread
SetLastError
GlobalFindAtomW
GetUserDefaultLangID
LoadResource
GetModuleFileNameW
ExitProcess
FlushFileBuffers
GetModuleFileNameA
LoadLibraryA
EnumResourceLanguagesW
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
GlobalAddAtomW
SetUnhandledExceptionFilter
ConvertDefaultLocale
CreateMutexW
MulDiv
SetEnvironmentVariableA
TerminateProcess
VirtualQuery
GetDiskFreeSpaceExW
SetEndOfFile
GetVersion
LeaveCriticalSection
LoadLibraryExW
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
VirtualProtect
GetVersionExA
lstrcmpiW
RtlUnwind
GetStartupInfoA
UnlockFile
GetFileSize
GlobalDeleteAtom
OpenProcess
GetModuleHandleW
GetStartupInfoW
CreateDirectoryW
GlobalLock
GetProcessHeap
CreateFileMappingW
CompareStringW
lstrcpyW
GlobalReAlloc
VerLanguageNameW
CompareStringA
FindFirstFileW
lstrcmpW
GetProcAddress
GlobalAlloc
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
InterlockedIncrement
GetLastError
LocalReAlloc
LCMapStringW
UnmapViewOfFile
GetSystemInfo
lstrlenA
GlobalFree
FindResourceW
LCMapStringA
GetProcessTimes
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
LockFile
lstrlenW
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentProcessId
LockResource
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
WritePrivateProfileStringW
lstrcpynW
RaiseException
TlsFree
GetModuleHandleA
ReadFile
GlobalFlags
CloseHandle
GetACP
GetCurrentThreadId
FreeResource
SizeofResource
HeapCreate
FindResourceExW
VirtualFree
Sleep
IsBadReadPtr
IsBadCodePtr
VirtualAlloc
OleCreateFontIndirect
SysStringLen
SystemTimeToVariantTime
SysAllocStringLen
SysStringByteLen
VariantChangeType
VariantClear
SysAllocString
SafeArrayDestroy
VariantCopy
VariantInit
SysFreeString
SysAllocStringByteLen
OleLoadPicture
SHGetSpecialFolderPathW
SHGetFileInfoW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
PathFindFileNameW
MapWindowPoints
GetMessagePos
SetWindowRgn
RedrawWindow
SetMenuItemBitmaps
LoadBitmapW
DestroyMenu
SetSystemCursor
PostQuitMessage
GetForegroundWindow
DrawStateW
SetWindowPos
IsWindow
GrayStringW
EndPaint
GetMessageTime
SetActiveWindow
DispatchMessageW
GetCursorPos
MapDialogRect
GetDlgCtrlID
GetMenu
UnregisterClassW
GetClassInfoW
DrawTextW
GetNextDlgTabItem
CallNextHookEx
LoadImageW
GetTopWindow
GetWindowTextW
CopyAcceleratorTableW
GetWindowTextLengthW
GetActiveWindow
InvalidateRgn
PtInRect
DrawEdge
GetClassInfoExW
UpdateWindow
GetPropW
EqualRect
GetMessageW
ShowWindow
GetNextDlgGroupItem
SetPropW
ValidateRect
PeekMessageW
EnableWindow
CharUpperW
TranslateMessage
IsWindowEnabled
GetWindow
LoadStringA
RegisterClassW
GetWindowPlacement
DestroyWindow
EnableMenuItem
DrawFocusRect
IsDialogMessageW
SetWindowContextHelpId
GetSysColorBrush
CreateWindowExW
TabbedTextOutW
GetWindowLongW
CharNextW
IsChild
SetFocus
RegisterWindowMessageW
IsIconic
BeginPaint
OffsetRect
DefWindowProcW
DrawIcon
GetComboBoxInfo
GetParent
SendDlgItemMessageA
GetSystemMetrics
SetWindowLongW
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
DrawTextExW
SendDlgItemMessageW
PostMessageW
CheckMenuItem
GetSubMenu
GetClassLongW
GetLastActivePopup
SetWindowTextW
GetDlgItem
GetMenuCheckMarkDimensions
ClientToScreen
PostThreadMessageW
GetMenuItemCount
GetMenuState
SetWindowsHookExW
LoadCursorW
LoadIconW
GetMenuItemID
SetForegroundWindow
GetClientRect
CreateDialogIndirectParamW
ReleaseDC
IntersectRect
EndDialog
CopyRect
GetCapture
ScreenToClient
MessageBeep
MessageBoxW
SendMessageW
UnhookWindowsHookEx
MoveWindow
MessageBoxA
GetWindowDC
AdjustWindowRectEx
SendMessageTimeoutW
GetSysColor
RegisterClipboardFormatW
GetKeyState
SystemParametersInfoA
DestroyIcon
IsWindowVisible
WinHelpW
GetDesktopWindow
GetDC
FrameRect
SetRect
InvalidateRect
CallWindowProcW
GetClassNameW
ModifyMenuW
IsRectEmpty
GetFocus
wsprintfW
SetCursor
RemovePropW
ClosePrinter
DocumentPropertiesW
OpenPrinterW
GetFileTitleW
CreateStreamOnHGlobal
OleUninitialize
CoTaskMemFree
CoInitialize
OleInitialize
StgCreateDocfileOnILockBytes
OleFlushClipboard
StgOpenStorageOnILockBytes
CoCreateInstance
CLSIDFromProgID
CoRevokeClassObject
CoFreeUnusedLibraries
CoRegisterMessageFilter
OleIsCurrentClipboard
CoTaskMemAlloc
CLSIDFromString
CreateILockBytesOnHGlobal
CoGetClassObject
OleUIBusyW
Number of PE resources by type
RT_STRING 27
RT_CURSOR 16
RT_GROUP_CURSOR 15
Struct(255) 7
RT_BITMAP 7
RT_ICON 6
RT_DIALOG 2
BIN 1
RT_HTML 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 67
GERMAN 3
FRENCH 3
CHINESE SIMPLIFIED 3
JAPANESE DEFAULT 3
SPANISH MODERN 3
ITALIAN 3
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

CustomBuild
1.0

InitializedDataSize
6516736

ImageVersion
0.0

FileVersionNumber
16.1.1.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
7.1

PrivateBuild
1.0.0.10

FileTypeExtension
exe

MIMEType
application/octet-stream

FileVersion
16.1.1.0

TimeStamp
2006:04:10 08:11:20+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
16.1.1.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
233472

FileSubtype
0

ProductVersionNumber
16.1.1.0

Warning
Possibly corrupt Version resource

EntryPoint
0x1be36

ObjectFileType
Executable application

File identification
MD5 be93067bf2b8942e3ef8b9267abeaa67
SHA1 8cefc59e3ecc93715c995be2686fb5b032e8a676
SHA256 8212407c3508959f5da4a22cd0bc02762e16586d2a7b9e2e5a0c0d939306ec2d
ssdeep
196608:vxFgsAlt3Ujy0v8tBdlCOVDsF3YA0bN2DakOInIa5M:bg/3Um9WKDAoA0Z851nI0M

authentihash 0099876a097248652c90abebea8aec307db765ce0a7beea0ca752f51233d09cb
imphash 1d49cd30071ffbb7ed4f870a9a26e643
File size 6.4 MB ( 6754304 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (34.8%)
Win32 Executable MS Visual C++ (generic) (25.2%)
Win64 Executable (generic) (22.3%)
Windows screen saver (10.6%)
Win32 Executable (generic) (3.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-02-02 16:26:38 UTC ( 1 year, 6 months ago )
Last submission 2017-04-15 06:50:20 UTC ( 1 year, 4 months ago )
File names 8212407C3508959F5DA4A22CD0BC02762E16586D2A7B9E2E5A0C0D939306EC2D.exe
install_spartanu3.exe
install_spartanu3.exe
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications