× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 86f3cd2649ddcc042b8fa343e57c6ccaa869c13b134272711880534e245f452e
File name: LineInst.exe
Detection ratio: 1 / 43
Analysis date: 2013-08-15 00:04:07 UTC ( 8 months, 1 week ago ) View latest
Probably harmless! There are strong indicators suggesting that this file is safe to use.
Antivirus Result Update
Jiangmin Win32/Virut.bn 20130814
AVG 20130814
Agnitum 20130814
AhnLab-V3 20130814
AntiVir 20130815
Antiy-AVL 20130814
Avast 20130815
BitDefender 20130814
ByteHero 20130814
CAT-QuickHeal 20130814
ClamAV 20130815
Commtouch 20130814
Comodo 20130815
DrWeb 20130815
ESET-NOD32 20130814
Emsisoft 20130815
F-Prot 20130815
F-Secure 20130814
Fortinet 20130815
GData 20130815
Ikarus 20130814
K7AntiVirus 20130814
K7GW 20130814
Kaspersky 20130815
Kingsoft 20130723
Malwarebytes 20130814
McAfee 20130815
McAfee-GW-Edition 20130814
MicroWorld-eScan 20130815
Microsoft None
NANO-Antivirus 20130815
Norman 20130814
PCTools 20130814
Panda 20130814
Rising 20130814
SUPERAntiSpyware 20130814
Sophos 20130814
Symantec 20130815
TheHacker 20130814
TotalDefense 20130814
TrendMicro 20130814
TrendMicro-HouseCall 20130814
VBA32 20130814
VIPRE 20130815
ViRobot 20130814
nProtect 20130814
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Publisher NHN Japan Corporation
Product LINE
File version 3.1.10.37
Description LINE
Signature verification Signed file, verified signature
Signing date 9:12 AM 8/12/2013
Signers
[+] NHN Japan Corporation
Status Certificate out of its validity period
Valid from 1:00 AM 10/22/2012
Valid to 12:59 AM 12/22/2013
Valid usage Code Signing
Algorithm SHA1
Thumbrint BB60B534314271FE66DD058D5672565E53472C94
Serial number 75 92 D0 FB D0 AA E6 18 C3 D6 19 19 74 FE 40 8D
[+] VeriSign Class 3 Code Signing 2010 CA
Status Certificate out of its validity period
Valid from 1:00 AM 9/30/2010
Valid to 12:59 AM 1/2/2014
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbrint 14FCF0BB187D563B568EEA5FC888A53D288698D6
Serial number 4D 62 90 E5 8C 54 F0 F1 EB 17 34 1A 13 10 E6 A4
[+] VeriSign Class 3 Public Primary Certification Authority (PCA3 G1 SHA1)
Status Valid
Valid from 1:00 AM 1/29/1996
Valid to 12:59 AM 8/3/2028
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm SHA1
Thumbrint A1DB6393916F17E4185509400415C70240B0AE6B
Serial number 3C 91 31 CB 1F F6 D0 1B 0E 9A B8 D0 44 BF 12 BE
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm MD5
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, Unicode, NSIS, NSIS, Unicode, NSIS, NSIS, Unicode, NSIS, NSIS, Unicode, NSIS, NSIS, Unicode, NSIS, NSIS, Unicode, NSIS, NSIS, Unicode, NSIS, NSIS, NSIS, Unicode, NSIS, NSIS, Unicode, NSIS, NSIS, Unicode, NSIS, NSIS, Unicode, NSIS, NSIS, Unicode, NSIS, NSIS, Unicode, NSIS, NSIS, Unicode, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, appended, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, UTF-8, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, appended, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, appended, NSIS, NSIS, appended, NSIS, NSIS, appended, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, UTF-8, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, Unicode, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-06-25 09:24:36
Entry Point 0x0000B14B
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
GetSidSubAuthorityCount
RegDeleteValueW
GetSidSubAuthority
RegCloseKey
LookupAccountSidW
OpenProcessToken
GetUserNameW
GetSidIdentifierAuthority
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegEnumKeyW
RegEnumValueW
RegOpenKeyExW
RegDeleteKeyW
GetTokenInformation
RegQueryValueExW
GetStdHandle
GetConsoleOutputCP
WaitForSingleObject
DebugBreak
GetFileAttributesW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
GetDiskFreeSpaceW
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
InitializeCriticalSection
LoadResource
TlsGetValue
SetLastError
OutputDebugStringW
RemoveDirectoryW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
GetSystemDirectoryW
SetUnhandledExceptionFilter
TerminateProcess
WriteConsoleA
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
OpenProcess
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetModuleFileNameW
FindFirstFileW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
lstrlenA
GetConsoleCP
FindResourceW
LCMapStringA
GetEnvironmentStringsW
lstrlenW
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
lstrcpynW
RaiseException
TlsFree
SetFilePointer
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
GetTempPathW
VirtualFree
Sleep
VirtualAlloc
GetOEMCP
ShellExecuteExW
SHGetSpecialFolderPathW
Ord(680)
ShellExecuteW
PathFileExistsW
PathFindFileNameW
wvsprintfW
GetWindowRect
EndDialog
wsprintfW
LoadStringW
CharLowerW
SystemParametersInfoW
CharNextW
SetWindowPos
CoUninitialize
CoCreateGuid
CoTaskMemFree
CoInitialize
Number of PE resources by type
RT_ICON 10
RT_DIALOG 1
RT_MANIFEST 1
RT_STRING 1
APP_SETUP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
KOREAN 16
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.1.10.37

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
16454656

MIMEType
application/octet-stream

FileVersion
3.1.10.37

TimeStamp
2012:06:25 10:24:36+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2014:04:18 19:41:53+01:00

ProductVersion
3.1.10.37

FileDescription
LINE

OSVersion
5.0

FileCreateDate
2014:04:18 19:41:53+01:00

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
NHN Japan

CodeSize
100864

ProductName
LINE

ProductVersionNumber
3.1.10.37

EntryPoint
0xb14b

ObjectFileType
Executable application

File identification
MD5 b167967772b42d818a4f8c703cf266c8
SHA1 bcea9fd7c4c1438797fb642cfd7145fef3a0347b
SHA256 86f3cd2649ddcc042b8fa343e57c6ccaa869c13b134272711880534e245f452e
ssdeep
393216:sDUoOjd1ofC8D0cWBHnBRMPND8tpnrqRMDxeuB:so5dKK8IcUh8QtprbDw6

imphash f3d2368e0584edb6fbb347f1d449c99a
File size 15.8 MB ( 16562728 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
nsis peexe signed

VirusTotal metadata
First submission 2013-08-12 11:10:30 UTC ( 8 months, 2 weeks ago )
Last submission 2014-04-18 18:41:32 UTC ( 5 days, 18 hours ago )
File names 16016882
file-5924798_exe
LineInst.exe
LineInst.exe
LINE311037.exe
output.16016882.txt
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!