× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 83d9f88576d089744903014e4c299eb84a94aabf1c641a7f7a5365002756e294
File name: setup_3800-120257.bin
Detection ratio: 1 / 68
Analysis date: 2018-07-12 05:36:07 UTC ( 5 months ago ) View latest
Antivirus Result Update
VBA32 BScope.Trojan.Reconyc 20180711
Ad-Aware 20180712
AegisLab 20180712
AhnLab-V3 20180712
Alibaba 20180711
ALYac 20180712
Antiy-AVL 20180711
Arcabit 20180712
Avast 20180712
Avast-Mobile 20180712
AVG 20180712
Avira (no cloud) 20180710
AVware 20180712
Babable 20180406
Baidu 20180711
BitDefender 20180712
Bkav 20180712
CAT-QuickHeal 20180711
ClamAV 20180711
CMC 20180712
Comodo 20180712
CrowdStrike Falcon (ML) 20180530
Cybereason 20180225
Cylance 20180712
Cyren 20180712
DrWeb 20180712
eGambit 20180712
Emsisoft 20180712
Endgame 20180711
ESET-NOD32 20180712
F-Prot 20180712
F-Secure 20180712
Fortinet 20180712
GData 20180712
Ikarus 20180711
Sophos ML 20180601
Jiangmin 20180712
K7AntiVirus 20180711
K7GW 20180711
Kaspersky 20180712
Kingsoft 20180712
Malwarebytes 20180712
MAX 20180712
McAfee 20180712
McAfee-GW-Edition 20180712
Microsoft 20180712
eScan 20180712
NANO-Antivirus 20180712
Palo Alto Networks (Known Signatures) 20180712
Panda 20180711
Qihoo-360 20180712
Rising 20180712
SentinelOne (Static ML) 20180701
Sophos AV 20180712
SUPERAntiSpyware 20180712
Symantec 20180711
TACHYON 20180712
Tencent 20180712
TheHacker 20180710
TotalDefense 20180711
TrendMicro 20180712
TrendMicro-HouseCall 20180712
Trustlook 20180712
VIPRE 20180712
ViRobot 20180711
Webroot 20180712
Yandex 20180711
Zillya 20180711
ZoneAlarm by Check Point 20180712
Zoner 20180711
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright 2016

Product ZenMate is your Cyber Security solution
Original name Setup.exe
Internal name Setup.exe
File version 3.4.9.18
Description ZenMate is your Cyber Security solution
Signature verification Signed file, verified signature
Signing date 12:57 PM 9/4/2017
Signers
[+] ZenGuard GmbH
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Symantec Class 3 Extended Validation Code Signing CA - G2
Valid from 1:00 AM 4/11/2016
Valid to 12:59 AM 4/12/2018
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint F2BD973468D09B1FBDDB390486ACBA3653195190
Serial number 06 85 FD C5 DC 0C D7 39 3C 6A A9 55 61 6F 4C 8C
[+] Symantec Class 3 Extended Validation Code Signing CA - G2
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 3/4/2014
Valid to 12:59 AM 3/4/2024
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 5B8F88C80A73D35F76CD412A9E74E916594DFA67
Serial number 19 1A 32 CB 75 9C 97 B8 CF AC 11 8D D5 12 7F 49
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec SHA256 TimeStamping Signer - G2
Status Valid
Issuer Symantec SHA256 TimeStamping CA
Valid from 1:00 AM 1/2/2017
Valid to 12:59 AM 4/2/2028
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 625AEC3AE4EDA1D169C4EE909E85B3BBC61076D3
Serial number 54 58 F2 AA D7 41 D6 44 BC 84 A9 7B A0 96 52 E6
[+] Symantec SHA256 TimeStamping CA
Status Valid
Issuer VeriSign Universal Root Certification Authority
Valid from 1:00 AM 1/12/2016
Valid to 12:59 AM 1/12/2031
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 6FC9EDB5E00AB64151C1CDFCAC74AD2C7B7E3BE4
Serial number 7B 05 B1 D4 49 68 51 44 F7 C9 89 D2 9C 19 9D 12
[+] VeriSign Universal Root Certification Authority
Status Valid
Issuer VeriSign Universal Root Certification Authority
Valid from 1:00 AM 4/2/2008
Valid to 12:59 AM 12/2/2037
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha256RSA
Thumbrint 3679CA35668772304D30A5FB873B0FA77BB70D54
Serial number 40 1A C4 64 21 B3 13 21 03 0E BB E4 12 1A C5 1D
Packers identified
F-PROT appended, UTF-8
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-04-18 16:55:56
Entry Point 0x0000A5F9
Number of sections 5
PE sections
Overlays
MD5 3636579b8cd5b4bf856f85111852f619
File type data
Offset 8754176
Size 7184
Entropy 7.33
PE imports
RegCreateKeyExW
GetTokenInformation
RegDeleteValueW
RegCloseKey
OpenProcessToken
GetUserNameW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteKeyW
RegQueryValueExW
InitCommonControlsEx
GetStdHandle
WaitForSingleObject
EncodePointer
GetFileAttributesW
VerifyVersionInfoW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
GetExitCodeProcess
OutputDebugStringW
TlsGetValue
MoveFileW
SetLastError
LoadResource
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
VerSetConditionMask
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetModuleHandleExW
LocalFileTimeToFileTime
GetCurrentThreadId
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
lstrcmpiW
RtlUnwind
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GetTempFileNameW
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
GetConsoleCP
FindResourceW
GetEnvironmentStringsW
lstrlenW
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
FreeResource
IsValidCodePage
GetTempPathW
CreateProcessW
Sleep
VarUI4FromStr
SysFreeString
VariantClear
VariantInit
SysAllocString
SHGetFolderPathW
ShellExecuteW
ShellExecuteExW
MessageBoxW
GetActiveWindow
LoadStringW
wsprintfW
CharNextW
ExitWindowsEx
DestroyWindow
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
URLDownloadToFileW
Number of PE resources by type
RT_ICON 6
RT_GROUP_ICON 3
RT_MANIFEST 1
RT_STRING 1
DATA 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 13
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.4.9.18

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
ZenMate is your Cyber Security solution

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
8646144

SquirrelAwareVersion
1

EntryPoint
0xa5f9

OriginalFileName
Setup.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2016

FileVersion
3.4.9.18

TimeStamp
2016:04:18 17:55:56+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Setup.exe

ProductVersion
3.4.9.18

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
ZenGuard GmbH

CodeSize
107008

ProductName
ZenMate is your Cyber Security solution

ProductVersionNumber
3.4.9.18

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 ddb0ab2efdfd596f2ead0ff0cca1eb6c
SHA1 b11a80af748e55425fdf9c46f57ce54e58b53f8e
SHA256 83d9f88576d089744903014e4c299eb84a94aabf1c641a7f7a5365002756e294
ssdeep
196608:1OKulZgfwMiujALcWW0PGZ14E/5iNgONwRo4A:UZIfCu0cgC53r

authentihash cfbb97dca2feb0a8305387dacf73e06a148678a493b97bba925776f23cbfcdb6
imphash e859dd0409c406b4558a8d7b196d17f1
File size 8.4 MB ( 8761360 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (53.0%)
Win64 Executable (generic) (34.0%)
Win32 Executable (generic) (5.5%)
OS/2 Executable (generic) (2.4%)
Generic Win/DOS Executable (2.4%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2017-09-05 04:34:35 UTC ( 1 year, 3 months ago )
Last submission 2018-12-15 17:12:24 UTC ( 11 hours, 37 minutes ago )
File names 93405577.exe
180378163.exe
1023804
ZenMateVPN_Rus_Setup.exe
Setup.exe
setup (1).exe
setup (3).exe
setup.exe
83D9F88576D089744903014E4C299EB84A94AABF1C641A7F7A5365002756E294.exe
setup(2).exe
setup_3800-120257.bin
setup.exe
setup.txt.exe
setup.exe
setup.exe
Setup.exe
setup.exe
setup zenmate.exe
setup_2.exe
setup.exe
ZenMate VPN for Windows.exe
ZenMate%20for%20Windows.exe
setup.exe
setup.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs