× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 88de528b541dec9cb957ce0a33320a598fd1c1bbb515efdfd3e2270f8083fead
File name: SQL_Search.exe
Detection ratio: 0 / 66
Analysis date: 2018-07-26 07:22:15 UTC ( 6 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware 20180726
AegisLab 20180726
AhnLab-V3 20180726
Alibaba 20180713
ALYac 20180726
Antiy-AVL 20180726
Arcabit 20180726
Avast 20180726
Avast-Mobile 20180726
AVG 20180726
Avira (no cloud) 20180726
AVware 20180726
Babable 20180725
Baidu 20180726
BitDefender 20180726
Bkav 20180725
CAT-QuickHeal 20180725
ClamAV 20180726
CMC 20180726
Comodo 20180726
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20180726
Cyren 20180726
DrWeb 20180726
eGambit 20180726
Emsisoft 20180726
Endgame 20180711
ESET-NOD32 20180726
F-Prot 20180726
F-Secure 20180726
Fortinet 20180726
GData 20180726
Ikarus 20180725
Sophos ML 20180717
Jiangmin 20180726
K7AntiVirus 20180726
K7GW 20180726
Kaspersky 20180726
Kingsoft 20180726
Malwarebytes 20180726
MAX 20180726
McAfee 20180726
McAfee-GW-Edition 20180726
Microsoft 20180726
eScan 20180726
NANO-Antivirus 20180726
Palo Alto Networks (Known Signatures) 20180726
Panda 20180725
Qihoo-360 20180726
Rising 20180726
SentinelOne (Static ML) 20180701
Sophos AV 20180726
SUPERAntiSpyware 20180726
Symantec 20180726
TACHYON 20180726
Tencent 20180726
TheHacker 20180726
TrendMicro 20180726
TrendMicro-HouseCall 20180726
Trustlook 20180726
VBA32 20180725
VIPRE 20180726
ViRobot 20180726
Webroot 20180726
Yandex 20180725
ZoneAlarm by Check Point 20180726
Zoner 20180726
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2007 – 2018 Red Gate Software Ltd.

Product Redgate Installer
File version 2.2.0.2468
Description SQL Search 3.1
Signature verification Signed file, verified signature
Signing date 10:05 PM 6/24/2018
Signers
[+] Red Gate Software Ltd
Status Valid
Issuer COMODO RSA Code Signing CA
Valid from 1:00 AM 1/4/2017
Valid to 12:59 AM 1/5/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 3A91F8951E7F0F7BB36B15919FBBF5BF2DC57A59
Serial number 38 47 28 63 BF C2 7B 3D 71 24 9F B3 7E 1D A1 AE
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 5/9/2013
Valid to 12:59 AM 5/9/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 1/19/2010
Valid to 12:59 AM 1/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-18 14:20:15
Entry Point 0x00143BEA
Number of sections 8
PE sections
Overlays
MD5 551f3ddf3f4d879496f4a8c7a8bd3946
File type data
Offset 10621440
Size 14152
Entropy 7.39
PE imports
RegCreateKeyExW
GetNamedSecurityInfoW
SetEntriesInAclW
RegCloseKey
RegSetValueExW
FreeSid
RegOpenKeyExW
RegEnumKeyExW
AllocateAndInitializeSid
CheckTokenMembership
SetNamedSecurityInfoW
RegEnumKeyW
RegDeleteKeyW
RegDeleteValueW
RegEnumValueW
RegQueryValueExW
RegQueryValueW
InitCommonControlsEx
CertFreeCertificateContext
CertCloseStore
CryptQueryObject
CertFindCertificateInStore
CryptMsgClose
CertGetNameStringW
CryptMsgGetParam
CryptDecodeObject
GetTextMetricsW
SetMapMode
GetWindowOrgEx
GetPaletteEntries
CombineRgn
GetViewportOrgEx
GetObjectType
GetBoundsRect
SetLayout
SetPixel
SetPixelV
SetPaletteEntries
OffsetWindowOrgEx
CreateEllipticRgn
GetTextFaceW
CreatePalette
CreateDIBitmap
SetTextAlign
StretchBlt
ScaleViewportExtEx
SetWindowExtEx
SetBkColor
GetBkColor
SetRectRgn
GetTextCharsetInfo
TextOutW
GetSystemPaletteEntries
OffsetRgn
CreateRectRgnIndirect
LPtoDP
GetPixel
GetLayout
ExcludeClipRect
OffsetViewportOrgEx
SetBkMode
EnumFontFamiliesW
PtInRegion
BitBlt
FillRgn
FrameRgn
SelectPalette
PtVisible
ExtSelectClipRgn
ScaleWindowExtEx
SetROP2
GetNearestPaletteIndex
SetDIBColorTable
GetTextColor
Escape
DeleteObject
GetWindowExtEx
PatBlt
CreatePen
GetClipBox
Rectangle
GetDeviceCaps
LineTo
DeleteDC
CreateFontIndirectW
GetObjectW
CreateDCW
RealizePalette
CreateHatchBrush
CreatePatternBrush
ExtTextOutW
IntersectClipRect
CreateBitmap
RectVisible
GetStockObject
SelectClipRgn
RoundRect
SetWindowOrgEx
SelectObject
GetViewportExtEx
GetTextExtentPoint32W
CreatePolygonRgn
Polygon
GetRgnBox
SaveDC
RestoreDC
CreateDIBSection
SetTextColor
ExtFloodFill
MoveToEx
EnumFontFamiliesExW
SetViewportOrgEx
CreateRoundRectRgn
CreateCompatibleDC
CreateRectRgn
SetViewportExtEx
SetPolyFillMode
CopyMetaFileW
CreateCompatibleBitmap
CreateSolidBrush
Polyline
DPtoLP
Ellipse
ImmReleaseContext
ImmGetOpenStatus
ImmGetContext
GetStdHandle
GetDriveTypeW
FileTimeToSystemTime
SetEvent
EncodePointer
GetFileAttributesW
lstrcmpW
VerifyVersionInfoW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
UnhandledExceptionFilter
SetErrorMode
GetSystemDirectoryW
FreeEnvironmentStringsW
InitializeSListHead
GetLocaleInfoW
SetStdHandle
GetFileTime
GetCPInfo
FindResourceExW
FormatMessageW
WaitForSingleObject
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
LocalFree
GetProfileIntW
ResumeThread
FreeLibraryAndExitThread
InitializeCriticalSection
OutputDebugStringW
GlobalHandle
FindClose
TlsGetValue
GetFullPathNameW
OutputDebugStringA
GetCurrentThread
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GlobalFindAtomW
lstrcpynW
LoadResource
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
LoadLibraryA
VerSetConditionMask
SetThreadPriority
GetVolumeInformationW
LoadLibraryExW
MultiByteToWideChar
SystemTimeToTzSpecificLocalTime
SetFilePointerEx
GetPrivateProfileStringW
SetFilePointer
GlobalAddAtomW
CreateThread
SetEnvironmentVariableW
GetSystemDefaultUILanguage
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
ExitThread
DecodePointer
SetEnvironmentVariableA
TerminateProcess
SearchPathW
GetModuleHandleExW
SetCurrentDirectoryW
VirtualQuery
GetDiskFreeSpaceExW
CreateEventW
SetEndOfFile
GetCurrentThreadId
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetLastError
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
lstrcmpiW
RtlUnwind
FreeLibrary
CopyFileW
GlobalSize
UnlockFile
GetWindowsDirectoryW
GetFileSize
GlobalDeleteAtom
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GlobalLock
GetPrivateProfileIntW
GetProcessHeap
GetTempFileNameW
EnumResourceNamesW
CompareStringW
lstrcpyW
GetFileSizeEx
GlobalReAlloc
RemoveDirectoryW
lstrcmpA
FindNextFileW
CompareStringA
FindFirstFileW
DuplicateHandle
FindFirstFileExW
GetProcAddress
GlobalAlloc
ReadConsoleW
GetTempPathW
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
LeaveCriticalSection
GlobalGetAtomNameW
LocalReAlloc
LCMapStringW
GetSystemInfo
GlobalFree
GetConsoleCP
FindResourceW
GetEnvironmentStringsW
GlobalUnlock
WaitForSingleObjectEx
CreateProcessW
LockFile
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetCommandLineW
HeapQueryInformation
WideCharToMultiByte
HeapSize
RaiseException
GetCommandLineA
WritePrivateProfileStringW
SuspendThread
QueryPerformanceFrequency
TlsFree
GetModuleHandleA
ReadFile
GlobalFlags
CloseHandle
GetACP
GetModuleHandleW
FreeResource
GetFileAttributesExW
IsValidCodePage
WriteFile
VirtualFree
Sleep
VirtualAlloc
ResetEvent
TransparentBlt
AlphaBlend
CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject
VariantChangeType
VariantTimeToSystemTime
SysStringLen
SystemTimeToVariantTime
SysAllocStringLen
VarBstrFromDate
VariantClear
SysAllocString
VariantCopy
LoadTypeLib
SysFreeString
VariantInit
SHGetFolderPathW
SHCreateDirectoryExW
DragFinish
DragQueryFileW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHAppBarMessage
SHGetFileInfoW
SHGetDesktopFolder
SHGetMalloc
SHBrowseForFolderW
PathFindFileNameW
PathRemoveFileSpecW
PathIsUNCW
PathAppendW
PathFindExtensionW
StrFormatKBSizeW
PathStripToRootW
RedrawWindow
GetForegroundWindow
SetWindowRgn
SetMenuItemBitmaps
LoadBitmapW
SetRectEmpty
EnableScrollBar
DestroyMenu
PostQuitMessage
GetMessagePos
DrawStateW
SetWindowPos
GetNextDlgTabItem
IsWindow
GrayStringW
EndPaint
EndDialog
WindowFromPoint
DrawIcon
GetMessageTime
SetMenuItemInfoW
SendMessageW
SetActiveWindow
DispatchMessageW
GetAsyncKeyState
MapDialogRect
GetDlgCtrlID
GetMenu
GetMenuStringW
UnregisterClassW
GetClassInfoW
DefMDIChildProcW
DrawTextW
SetScrollPos
CallNextHookEx
IsClipboardFormatAvailable
GetSysColor
LoadImageW
GetKeyboardState
GetTopWindow
GetWindowTextW
CopyAcceleratorTableW
GetWindowTextLengthW
LoadAcceleratorsW
ScrollWindow
GetKeyState
PtInRect
DrawEdge
GetClassInfoExW
UpdateWindow
GetPropW
EqualRect
SetClassLongW
EnumWindows
GetMenuState
MapVirtualKeyExW
GetMessageW
ShowWindow
DrawFrameControl
GetNextDlgGroupItem
SetPropW
GetDesktopWindow
PeekMessageW
SetWindowsHookExW
InsertMenuItemW
SetWindowPlacement
MapVirtualKeyW
CharUpperW
GetSystemMenu
TranslateMessage
IsWindowEnabled
GetWindow
GetMenuDefaultItem
SetClipboardData
GetIconInfo
MsgWaitForMultipleObjects
SetParent
RegisterClassW
IsZoomed
GetWindowPlacement
DestroyWindow
DrawMenuBar
IsCharLowerW
EnableMenuItem
InvertRect
DrawFocusRect
SetTimer
GetActiveWindow
IsDialogMessageW
FillRect
MonitorFromPoint
CopyRect
DeferWindowPos
RealChildWindowFromPoint
CreateWindowExW
TabbedTextOutW
GetWindowLongW
GetUpdateRect
OpenClipboard
IsChild
MapWindowPoints
RegisterWindowMessageW
GetMonitorInfoW
LockWindowUpdate
IsIconic
EmptyClipboard
BeginPaint
OffsetRect
DefWindowProcW
GetScrollPos
CopyIcon
KillTimer
TrackMouseEvent
GetComboBoxInfo
GetParent
ToUnicodeEx
SendDlgItemMessageA
GetSystemMetrics
SetWindowLongW
SetScrollRange
GetWindowRect
InflateRect
SetMenuDefaultItem
SetCapture
ReleaseCapture
GetScrollRange
PostMessageW
InvalidateRect
CheckDlgButton
DrawTextExW
WaitMessage
CreatePopupMenu
CheckMenuItem
GetSubMenu
GetClassLongW
GetLastActivePopup
DrawIconEx
CharUpperBuffW
SetWindowTextW
CreateMenu
GetDlgItem
GetMenuCheckMarkDimensions
SetCursor
BringWindowToTop
ClientToScreen
TrackPopupMenu
PostThreadMessageW
GetMenuItemCount
DestroyAcceleratorTable
ValidateRect
ShowOwnedPopups
LoadCursorW
LoadIconW
ReuseDDElParam
GetMenuItemID
InsertMenuW
SetForegroundWindow
GetClientRect
NotifyWinEvent
GetMenuItemInfoW
GetCursorPos
CreateDialogIndirectParamW
ReleaseDC
IntersectRect
SetLayeredWindowAttributes
GetScrollInfo
HideCaret
GetKeyboardLayout
CreateAcceleratorTableW
GetCapture
ScreenToClient
MessageBeep
LoadMenuW
SetFocus
GetWindowThreadProcessId
GetSysColorBrush
ShowScrollBar
MessageBoxW
DefFrameProcW
UnhookWindowsHookEx
MoveWindow
AppendMenuW
GetWindowDC
DestroyCursor
AdjustWindowRectEx
RemoveMenu
RegisterClipboardFormatW
SetScrollInfo
CopyImage
EndDeferWindowPos
GetWindowRgn
UpdateLayeredWindow
GetDoubleClickTime
DestroyIcon
EnumDisplayMonitors
BeginDeferWindowPos
WinHelpW
SubtractRect
UnpackDDElParam
SetCursorPos
SystemParametersInfoW
UnionRect
MonitorFromWindow
FrameRect
SetRect
DeleteMenu
GetKeyNameTextW
CallWindowProcW
GetClassNameW
GetDC
TranslateMDISysAccel
ModifyMenuW
IsRectEmpty
IsMenu
GetFocus
EnableWindow
CloseClipboard
IsWindowVisible
TranslateAcceleratorW
SetMenu
RemovePropW
IsAppThemed
GetThemeSysColor
GetWindowTheme
GetCurrentThemeName
DrawThemeText
OpenThemeData
DrawThemeParentBackground
CloseThemeData
DrawThemeBackground
GetThemeColor
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
PlaySoundW
ClosePrinter
DocumentPropertiesW
OpenPrinterW
WinVerifyTrust
GdipBitmapLockBits
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdiplusShutdown
GdipGetImagePalette
GdipDisposeImage
GdipBitmapUnlockBits
GdiplusStartup
GdipDeleteGraphics
GdipCreateBitmapFromStream
GdipCreateFromHDC
GdipGetImageWidth
GdipCreateBitmapFromHBITMAP
GdipAlloc
GdipGetImagePaletteSize
GdipDrawImageI
GdipDrawImageRectI
GdipSetInterpolationMode
GdipFree
GdipGetImageHeight
GdipCloneImage
GdipGetImageGraphicsContext
OleLockRunning
CoUninitialize
OleTranslateAccelerator
OleDestroyMenuDescriptor
DoDragDrop
StringFromGUID2
CreateStreamOnHGlobal
IsAccelerator
CoCreateGuid
RegisterDragDrop
RevokeDragDrop
OleGetClipboard
OleDuplicateData
CoInitialize
CoLockObjectExternal
CoCreateInstance
CoInitializeEx
CoTaskMemAlloc
OleCreateMenuDescriptor
ReleaseStgMedium
CoDisconnectObject
CoTaskMemFree
Number of PE resources by type
TOOLKIT 29
RT_STRING 19
RT_CURSOR 16
RT_GROUP_CURSOR 15
RT_ICON 9
RT_DIALOG 6
RT_BITMAP 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH UK 55
NEUTRAL 45
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
14.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.1.7.2082

LanguageCode
English (British)

FileFlagsMask
0x003f

FileDescription
SQL Search 3.1

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
9108992

EntryPoint
0x143bea

MIMEType
application/octet-stream

LegalCopyright
Copyright 2007 2018 Red Gate Software Ltd.

FileVersion
2.2.0.2468

TimeStamp
2018:06:18 15:20:15+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
2.2.0.2468

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Red Gate Software Ltd

CodeSize
1511424

ProductName
Redgate Installer

ProductVersionNumber
2.2.0.2468

SQLSearch31
SQL Search 3.1

FileTypeExtension
exe

ObjectFileType
Executable application

RedGateToolbelt
Red Gate Toolbelt

File identification
MD5 630134d7fbcfffde2babfbed947dd586
SHA1 a8494c67fde88556313e5768b9a7e6742cffecfc
SHA256 88de528b541dec9cb957ce0a33320a598fd1c1bbb515efdfd3e2270f8083fead
ssdeep
196608:ZeD1ETzskpsCIQpxhqzdSk7FZd9SOEDvYeLvrP:ZeZEfsKpv05ZmvYuL

authentihash 9ee5218b6c230c1f362897a5056719d82f9de847f2425d6f5811d989d3c56318
imphash 6b4a834398ea78057017e863d8bc2aed
File size 10.1 MB ( 10635592 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (generic) (79.7%)
Win32 Executable (generic) (8.6%)
OS/2 Executable (generic) (3.8%)
Generic Win/DOS Executable (3.8%)
DOS Executable Generic (3.8%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2018-06-30 09:44:09 UTC ( 7 months, 3 weeks ago )
Last submission 2018-08-02 08:54:50 UTC ( 6 months, 2 weeks ago )
File names SQL_Search.exe
SQL_Search (1).exe
SQL_Search.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections