× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 88e91848ddc1615cce702d60d7ef175ba3fddacc829bc310d73531880fd5e5ef
File name: enstella-exchange-pst-demo.exe
Detection ratio: 0 / 68
Analysis date: 2018-07-07 23:30:07 UTC ( 1 week, 3 days ago ) View latest
Antivirus Result Update
Ad-Aware 20180707
AegisLab 20180707
AhnLab-V3 20180707
ALYac 20180707
Antiy-AVL 20180707
Arcabit 20180707
Avast 20180707
Avast-Mobile 20180707
AVG 20180707
Avira (no cloud) 20180707
AVware 20180707
Babable 20180406
Baidu 20180706
BitDefender 20180707
Bkav 20180706
CAT-QuickHeal 20180707
ClamAV 20180707
CMC 20180707
Comodo 20180707
CrowdStrike Falcon (ML) 20180530
Cybereason 20180225
Cylance 20180708
Cyren 20180707
DrWeb 20180707
eGambit 20180708
Emsisoft 20180707
Endgame 20180612
ESET-NOD32 20180707
F-Prot 20180707
F-Secure 20180707
Fortinet 20180707
GData 20180707
Ikarus 20180707
Sophos ML 20180601
Jiangmin 20180708
K7AntiVirus 20180707
K7GW 20180708
Kaspersky 20180708
Kingsoft 20180708
Malwarebytes 20180707
MAX 20180708
McAfee 20180707
McAfee-GW-Edition 20180707
Microsoft 20180707
eScan 20180707
NANO-Antivirus 20180707
Palo Alto Networks (Known Signatures) 20180708
Panda 20180707
Qihoo-360 20180708
Rising 20180707
SentinelOne (Static ML) 20180701
Sophos AV 20180707
SUPERAntiSpyware 20180707
Symantec 20180707
TACHYON 20180707
Tencent 20180708
TheHacker 20180628
TotalDefense 20180707
TrendMicro 20180707
TrendMicro-HouseCall 20180707
Trustlook 20180708
VBA32 20180707
VIPRE 20180707
ViRobot 20180707
Webroot 20180708
Yandex 20180706
Zillya 20180706
ZoneAlarm by Check Point 20180707
Zoner 20180707
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © Enstella Systems 2016

Product Enstella Systems Exchange Recovery Demo
File version 1.0.0.1
Description Enstella Systems Exchange Recovery Demo Setup
Comments This installation was built with Inno Setup.
Packers identified
F-PROT INNO, CAB, appended, UTF-8, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0000A5F8
Number of sections 8
PE sections
Overlays
MD5 28853523e22df7a32e7ef13f4c3c57fb
File type data
Offset 54272
Size 12527092
Entropy 8.00
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
CreateDirectoryA
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetLocaleInfoA
LocalAlloc
LockResource
IsDBCSLeadByte
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
CloseHandle
GetACP
GetFullPathNameA
LocalFree
CreateProcessA
GetModuleFileNameA
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
FindResourceA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 1
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
ENGLISH US 4
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
This installation was built with Inno Setup.

LinkerVersion
2.25

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
1.0.0.1

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
12800

EntryPoint
0xa5f8

MIMEType
application/octet-stream

LegalCopyright
Copyright Enstella Systems 2016

FileVersion
1.0.0.1

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

ProductVersion
1.0.0.1

FileDescription
Enstella Systems Exchange Recovery Demo Setup

OSVersion
1.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Enstella Systems

CodeSize
40448

ProductName
Enstella Systems Exchange Recovery Demo

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 488f43715b6ea4a596d6e4bfec232863
SHA1 085a4bded4e3db5589a90da2a8e129fb95d4437b
SHA256 88e91848ddc1615cce702d60d7ef175ba3fddacc829bc310d73531880fd5e5ef
ssdeep
196608:4OnRdokBJ6Jeif9cnNj1MPaqwDBB1zg97KkAb2lGOwGApi36lbdm:4On4oJ6H+p1MPalBzgxR3wxs369dm

authentihash 2f6b910632bd3c282b1c362512f8aaf1f24f35156d09b141593b3781bf696156
imphash 884310b1928934402ea6fec1dbd3cf5e
File size 12.0 MB ( 12581364 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (76.6%)
Win32 Executable Delphi generic (9.9%)
Win32 Dynamic Link Library (generic) (4.5%)
Win32 Executable (generic) (3.1%)
Win16/32 Executable Delphi generic (1.4%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-10-15 07:54:29 UTC ( 1 year, 9 months ago )
Last submission 2018-07-15 22:56:49 UTC ( 2 days, 6 hours ago )
File names 372f84cbac4efb5ef4f3d24f6aa50ce1
enstella-exchange-pst-demo.exe
enstella-exchange-pst-demo.vxe
enstella-exchange-pst-demo.exe
585204409596e2aa3cf7ef6b3bafb2ae
284b39b3e0d7b7101173a4b36309a2373c42d21b
88E91848DDC1615CCE702D60D7EF175BA3FDDACC829BC310D73531880FD5E5EF.exe
085a4bded4e3db5589a90da2a8e129fb95d4437b.exe
enstella-exchange-pst-demo.exe
916695
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Runtime DLLs