× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 885d8576f2e803d38b3d8a754711ade1923232260ae763856b721d29a2994a28
File name: setup.exe
Detection ratio: 11 / 65
Analysis date: 2018-02-15 19:45:24 UTC ( 1 year, 2 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180208
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170201
Cybereason malicious.7d5c8c 20180205
Cylance Unsafe 20180215
eGambit Unsafe.AI_Score_88% 20180215
Endgame malicious (high confidence) 20180214
ESET-NOD32 a variant of Win32/GenKryptik.BQCS 20180215
Sophos ML heuristic 20180121
Qihoo-360 HEUR/QVM20.1.3A41.Malware.Gen 20180215
SentinelOne (Static ML) static engine - malicious 20180115
WhiteArmor Malware.HighConfidence 20180205
Ad-Aware 20180215
AegisLab 20180215
AhnLab-V3 20180215
Alibaba 20180209
ALYac 20180215
Antiy-AVL 20180215
Arcabit 20180215
Avast 20180215
Avast-Mobile 20180215
AVG 20180215
Avira (no cloud) 20180215
AVware 20180215
BitDefender 20180215
Bkav 20180212
CAT-QuickHeal 20180215
ClamAV 20180215
CMC 20180215
Comodo 20180215
Cyren 20180215
DrWeb 20180215
Emsisoft 20180215
F-Prot 20180215
F-Secure 20180215
Fortinet 20180215
GData 20180215
Jiangmin 20180215
K7AntiVirus 20180215
K7GW 20180215
Kaspersky 20180215
Kingsoft 20180215
Malwarebytes 20180215
MAX 20180215
McAfee 20180215
McAfee-GW-Edition 20180215
Microsoft 20180215
eScan 20180215
NANO-Antivirus 20180215
nProtect 20180215
Palo Alto Networks (Known Signatures) 20180215
Panda 20180215
Rising 20180215
Sophos AV 20180215
SUPERAntiSpyware 20180215
Symantec 20180215
Symantec Mobile Insight 20180215
Tencent 20180215
TheHacker 20180213
TrendMicro-HouseCall 20180215
Trustlook 20180215
VBA32 20180215
VIPRE 20180215
ViRobot 20180215
Webroot 20180215
Yandex 20180214
Zillya 20180215
ZoneAlarm by Check Point 20180215
Zoner 20180215
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-11-09 07:17:57
Entry Point 0x000266B0
Number of sections 4
PE sections
PE imports
GetStartupInfoA
GetFileSize
lstrlenA
lstrcatA
GetCurrentDirectoryA
WriteFile
CloseHandle
GetSystemInfo
GetModuleHandleA
GetProcessHeap
__p__fmode
fgetc
memset
fclose
_controlfp
__p__acmdln
fprintf
fflush
_except_handler3
fputc
wcslen
exit
_XcptFilter
memcmp
__setusermatherr
__p__commode
_exit
_adjust_fdiv
wcsncmp
__getmainargs
memcpy
memmove
_initterm
__set_app_type
SetFocus
GetMessageA
UpdateWindow
BeginPaint
DrawIcon
PostQuitMessage
DefWindowProcA
ShowWindow
SetPropW
IsWindow
SetWindowLongA
GetWindowRect
DispatchMessageA
EndPaint
SetMenu
PostMessageA
SetMenuItemInfoA
GetDlgItemTextA
WindowFromPoint
GetClipboardData
TranslateMessage
RegisterClassExA
DrawTextA
LoadMenuA
SetWindowTextA
LoadStringA
SetParent
IsWindowVisible
SendMessageA
CreateWindowExA
GetDCEx
LoadAcceleratorsA
SetTimer
LoadCursorA
LoadIconA
GetActiveWindow
GetFocus
IsDialogMessageA
DestroyWindow
Number of PE resources by type
RT_GROUP_CURSOR 4
RT_CURSOR 4
RT_BITMAP 3
RT_DIALOG 1
RT_MANIFEST 1
Number of PE resources by language
FRENCH 13
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:11:09 08:17:57+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
194560

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
242688

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x266b0

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

Execution parents
File identification
MD5 9a163fa52d9cdd9f9c5e7b1549233b4d
SHA1 4dbc1b57d5c8c39bfc1cec2f1c20d13602b7fcc8
SHA256 885d8576f2e803d38b3d8a754711ade1923232260ae763856b721d29a2994a28
ssdeep
6144:FWK8I0IFvepdL97Px57/iUHY9fL6qkRW+bc8mD0pePrcNfP8QpsnuYQGEDHg:gKnDQLd7LbWqmTrcGQpFbg

authentihash f56f31de4f838b41165413b486df726f87dde1d763b762f8321dd56ea9d60793
imphash 45d3387859fc2ab8c71104f3a2a4ec3f
File size 426.5 KB ( 436736 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-02-15 19:45:24 UTC ( 1 year, 2 months ago )
Last submission 2018-05-03 17:47:02 UTC ( 11 months, 2 weeks ago )
File names setup.exe
banana.png
mjmgjvmhu.exe
23de279aa59ae37f9fb05e9d056339220a134400
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Copied files
Created processes
Opened mutexes
Runtime DLLs