× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8748dd87890e834798fa084032426eccf46663f05fa3e0a885bd5b4e0fedbdb0
File name: autoclose-9411.exe
Detection ratio: 0 / 67
Analysis date: 2018-11-09 02:26:34 UTC ( 6 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware 20181109
AegisLab 20181109
AhnLab-V3 20181108
Alibaba 20180921
ALYac 20181109
Antiy-AVL 20181109
Arcabit 20181109
Avast 20181109
Avast-Mobile 20181108
AVG 20181109
Avira (no cloud) 20181108
Babable 20180918
Baidu 20181108
BitDefender 20181108
Bkav 20181108
CAT-QuickHeal 20181108
ClamAV 20181108
CMC 20181108
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181109
Cyren 20181109
DrWeb 20181109
Emsisoft 20181109
Endgame 20181108
ESET-NOD32 20181108
F-Prot 20181109
F-Secure 20181109
Fortinet 20181109
GData 20181109
Ikarus 20181108
Sophos ML 20181108
Jiangmin 20181109
K7AntiVirus 20181108
K7GW 20181108
Kaspersky 20181109
Kingsoft 20181109
Malwarebytes 20181109
MAX 20181109
McAfee 20181109
McAfee-GW-Edition 20181108
Microsoft 20181109
eScan 20181108
NANO-Antivirus 20181108
Palo Alto Networks (Known Signatures) 20181109
Panda 20181108
Qihoo-360 20181109
Rising 20181109
SentinelOne (Static ML) 20181011
Sophos AV 20181108
SUPERAntiSpyware 20181107
Symantec 20181108
Symantec Mobile Insight 20181108
TACHYON 20181109
Tencent 20181109
TheHacker 20181108
TotalDefense 20181108
TrendMicro 20181109
TrendMicro-HouseCall 20181109
Trustlook 20181109
VBA32 20181108
VIPRE 20181108
ViRobot 20181108
Webroot 20181109
Yandex 20181108
Zillya 20181108
ZoneAlarm by Check Point 20181109
Zoner 20181109
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
https://AutoClose.net

Product AutoClose
File version 2.1
Description AutoClose Setup
Comments This installation was built with Inno Setup.
Signature verification Signed file, verified signature
Signing date 9:40 AM 10/22/2018
Signers
[+] Xi'an Pantuowangluokeji co, ltd.
Status Valid
Issuer DigiCert EV Code Signing CA (SHA2)
Valid from 12:00 AM 01/08/2018
Valid to 12:00 PM 02/16/2021
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint D2091907949685264BA17405E29718314FF83D46
Serial number 0B 03 15 77 78 AC 9E CB FD E1 D3 26 4C A9 79 71
[+] DigiCert EV Code Signing CA (SHA2)
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 12:00 PM 04/18/2012
Valid to 12:00 PM 04/18/2027
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 60EE3FC53D4BDFD1697AE5BEAE1CAB1C0F3AD4E3
Serial number 03 F1 B4 E1 5F 3A 82 F1 14 96 78 B3 D7 D8 47 5C
[+] DigiCert
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 12:00 AM 11/10/2006
Valid to 12:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
Serial number 02 AC 5C 26 6A 0B 40 9B 8F 0B 79 F2 AE 46 25 77
Counter signers
[+] DigiCert Timestamp Responder
Status Valid
Issuer DigiCert Assured ID CA-1
Valid from 12:00 AM 10/22/2014
Valid to 12:00 AM 10/22/2024
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 614D271D9102E30169822487FDE5DE00A352B01D
Serial number 03 01 9A 02 3A FF 58 B1 6B D6 D5 EA E6 17 F0 66
[+] DigiCert Assured ID CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 12:00 AM 11/10/2006
Valid to 12:00 AM 11/10/2021
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing
Algorithm sha1RSA
Thumbrint 19A09B5A36F4DD99727DF783C17A51231A56C117
Serial number 06 FD F9 03 96 03 AD EA 00 0A EB 3F 27 BB BA 1B
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 12:00 AM 11/10/2006
Valid to 12:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbrint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
Packers identified
F-PROT INNO, appended
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00009B60
Number of sections 8
PE sections
Overlays
MD5 720de0f18539b47cde9b755d4f1f2a5e
File type data
Offset 163328
Size 1195704
Entropy 8.00
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
CreateDirectoryA
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetLocaleInfoA
LocalAlloc
LockResource
IsDBCSLeadByte
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
CloseHandle
GetACP
GetFullPathNameA
LocalFree
CreateProcessA
GetModuleFileNameA
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
FindResourceA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_ICON 10
RT_STRING 6
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 13
NEUTRAL 7
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
This installation was built with Inno Setup.

LinkerVersion
2.25

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
2.1.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
AutoClose Setup

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Unicode

InitializedDataSize
124416

EntryPoint
0x9b60

MIMEType
application/octet-stream

LegalCopyright
https://AutoClose.net

FileVersion
2.1

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
2.1

UninitializedDataSize
0

OSVersion
1.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
https://AutoClose.net

CodeSize
37888

ProductName
AutoClose

ProductVersionNumber
2.1.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 40175276fa035427e1cd0a2f4bd5405c
SHA1 6c62841180e220e5ee579ce2eafdc7022db13ca4
SHA256 8748dd87890e834798fa084032426eccf46663f05fa3e0a885bd5b4e0fedbdb0
ssdeep
24576:U20bTaOYmGUGKGGIGdG+GFgwcvsiJRyqqB3ye7fnI98958QM1JJFMODWjhR679SH:U2GalmGUGKGGIGdG+GFgZsiHyqqB3zIW

authentihash 8d5a6d4fd4973470f483d65a29aada6227f3a9f11bc5849ce432f3aa13a88bf3
imphash 884310b1928934402ea6fec1dbd3cf5e
File size 1.3 MB ( 1359032 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (80.3%)
Win32 Executable Delphi generic (10.3%)
Win32 Executable (generic) (3.3%)
Win16/32 Executable Delphi generic (1.5%)
OS/2 Executable (generic) (1.4%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2018-10-22 08:45:46 UTC ( 6 months, 4 weeks ago )
Last submission 2018-11-09 02:26:34 UTC ( 6 months, 1 week ago )
File names autoclose-9411.exe
autoclose.exe
autoclose(1).exe
autoclose.exe
autoclose-9411.exe
8748DD87890E834798FA084032426ECCF46663F05FA3E0A885BD5B4E0FEDBDB0.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Runtime DLLs