× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 83d9f88576d089744903014e4c299eb84a94aabf1c641a7f7a5365002756e294
File name: setup.exe
Detection ratio: 0 / 68
Analysis date: 2018-06-09 17:36:07 UTC ( 5 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware 20180609
AegisLab 20180609
AhnLab-V3 20180609
Alibaba 20180608
ALYac 20180609
Antiy-AVL 20180609
Arcabit 20180609
Avast 20180609
Avast-Mobile 20180609
AVG 20180609
Avira (no cloud) 20180609
AVware 20180609
Babable 20180406
Baidu 20180608
BitDefender 20180609
Bkav 20180609
CAT-QuickHeal 20180609
ClamAV 20180609
CMC 20180609
Comodo 20180609
CrowdStrike Falcon (ML) 20180530
Cybereason 20180225
Cylance 20180609
Cyren 20180609
DrWeb 20180609
eGambit 20180609
Emsisoft 20180609
Endgame 20180507
ESET-NOD32 20180609
F-Prot 20180609
F-Secure 20180609
Fortinet 20180609
GData 20180609
Ikarus 20180609
Sophos ML 20180601
Jiangmin 20180609
K7AntiVirus 20180609
K7GW 20180609
Kaspersky 20180609
Kingsoft 20180609
Malwarebytes 20180609
MAX 20180609
McAfee 20180609
McAfee-GW-Edition 20180609
Microsoft 20180609
eScan 20180609
NANO-Antivirus 20180609
Palo Alto Networks (Known Signatures) 20180609
Panda 20180609
Qihoo-360 20180609
Rising 20180609
SentinelOne (Static ML) 20180225
Sophos AV 20180609
SUPERAntiSpyware 20180609
Symantec 20180609
Symantec Mobile Insight 20180605
TACHYON 20180608
Tencent 20180609
TheHacker 20180608
TotalDefense 20180609
TrendMicro 20180609
TrendMicro-HouseCall 20180609
Trustlook 20180609
VBA32 20180608
VIPRE 20180609
ViRobot 20180609
Webroot 20180609
Yandex 20180609
Zillya 20180608
ZoneAlarm by Check Point 20180609
Zoner 20180608
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright 2016

Product ZenMate is your Cyber Security solution
Original name Setup.exe
Internal name Setup.exe
File version 3.4.9.18
Description ZenMate is your Cyber Security solution
Signature verification Signed file, verified signature
Signing date 12:57 PM 9/4/2017
Signers
[+] ZenGuard GmbH
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Symantec Class 3 Extended Validation Code Signing CA - G2
Valid from 1:00 AM 4/11/2016
Valid to 12:59 AM 4/12/2018
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint F2BD973468D09B1FBDDB390486ACBA3653195190
Serial number 06 85 FD C5 DC 0C D7 39 3C 6A A9 55 61 6F 4C 8C
[+] Symantec Class 3 Extended Validation Code Signing CA - G2
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 3/4/2014
Valid to 12:59 AM 3/4/2024
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 5B8F88C80A73D35F76CD412A9E74E916594DFA67
Serial number 19 1A 32 CB 75 9C 97 B8 CF AC 11 8D D5 12 7F 49
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec SHA256 TimeStamping Signer - G2
Status Valid
Issuer Symantec SHA256 TimeStamping CA
Valid from 1:00 AM 1/2/2017
Valid to 12:59 AM 4/2/2028
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 625AEC3AE4EDA1D169C4EE909E85B3BBC61076D3
Serial number 54 58 F2 AA D7 41 D6 44 BC 84 A9 7B A0 96 52 E6
[+] Symantec SHA256 TimeStamping CA
Status Valid
Issuer VeriSign Universal Root Certification Authority
Valid from 1:00 AM 1/12/2016
Valid to 12:59 AM 1/12/2031
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 6FC9EDB5E00AB64151C1CDFCAC74AD2C7B7E3BE4
Serial number 7B 05 B1 D4 49 68 51 44 F7 C9 89 D2 9C 19 9D 12
[+] VeriSign Universal Root Certification Authority
Status Valid
Issuer VeriSign Universal Root Certification Authority
Valid from 1:00 AM 4/2/2008
Valid to 12:59 AM 12/2/2037
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha256RSA
Thumbrint 3679CA35668772304D30A5FB873B0FA77BB70D54
Serial number 40 1A C4 64 21 B3 13 21 03 0E BB E4 12 1A C5 1D
Packers identified
F-PROT appended, UTF-8
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-04-18 16:55:56
Entry Point 0x0000A5F9
Number of sections 5
PE sections
Overlays
MD5 3636579b8cd5b4bf856f85111852f619
File type data
Offset 8754176
Size 7184
Entropy 7.33
PE imports
RegCreateKeyExW
GetTokenInformation
RegDeleteValueW
RegCloseKey
OpenProcessToken
GetUserNameW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteKeyW
RegQueryValueExW
InitCommonControlsEx
GetStdHandle
WaitForSingleObject
EncodePointer
GetFileAttributesW
VerifyVersionInfoW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
GetExitCodeProcess
OutputDebugStringW
TlsGetValue
MoveFileW
SetLastError
LoadResource
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
VerSetConditionMask
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetModuleHandleExW
LocalFileTimeToFileTime
GetCurrentThreadId
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
lstrcmpiW
RtlUnwind
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GetTempFileNameW
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
GetConsoleCP
FindResourceW
GetEnvironmentStringsW
lstrlenW
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
FreeResource
IsValidCodePage
GetTempPathW
CreateProcessW
Sleep
VarUI4FromStr
SysFreeString
VariantClear
VariantInit
SysAllocString
SHGetFolderPathW
ShellExecuteW
ShellExecuteExW
MessageBoxW
GetActiveWindow
LoadStringW
wsprintfW
CharNextW
ExitWindowsEx
DestroyWindow
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
URLDownloadToFileW
Number of PE resources by type
RT_ICON 6
RT_GROUP_ICON 3
RT_MANIFEST 1
RT_STRING 1
DATA 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 13
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.4.9.18

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
ZenMate is your Cyber Security solution

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
8646144

SquirrelAwareVersion
1

EntryPoint
0xa5f9

OriginalFileName
Setup.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2016

FileVersion
3.4.9.18

TimeStamp
2016:04:18 17:55:56+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Setup.exe

ProductVersion
3.4.9.18

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
ZenGuard GmbH

CodeSize
107008

ProductName
ZenMate is your Cyber Security solution

ProductVersionNumber
3.4.9.18

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 ddb0ab2efdfd596f2ead0ff0cca1eb6c
SHA1 b11a80af748e55425fdf9c46f57ce54e58b53f8e
SHA256 83d9f88576d089744903014e4c299eb84a94aabf1c641a7f7a5365002756e294
ssdeep
196608:1OKulZgfwMiujALcWW0PGZ14E/5iNgONwRo4A:UZIfCu0cgC53r

authentihash cfbb97dca2feb0a8305387dacf73e06a148678a493b97bba925776f23cbfcdb6
imphash e859dd0409c406b4558a8d7b196d17f1
File size 8.4 MB ( 8761360 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (53.0%)
Win64 Executable (generic) (34.0%)
Win32 Executable (generic) (5.5%)
OS/2 Executable (generic) (2.4%)
Generic Win/DOS Executable (2.4%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2017-09-05 04:34:35 UTC ( 1 year, 2 months ago )
Last submission 2018-11-15 13:40:07 UTC ( 3 days, 20 hours ago )
File names 93405577.exe
180378163.exe
1023804
Setup.exe
setup (1).exe
setup (3).exe
setup.exe
83D9F88576D089744903014E4C299EB84A94AABF1C641A7F7A5365002756E294.exe
setup(2).exe
setup_3800-120257.bin
setup.exe
setup.txt.exe
setup.exe
setup.exe
setup.exe
setup zenmate.exe
setup_2.exe
setup.exe
ZenMate VPN for Windows.exe
ZenMate%20for%20Windows.exe
setup.exe
setup.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs