× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8a0e46fca030f4c00e74202a40e92cdd5bd203c5da8a5d9df3c28df70b5d6d8e
File name: 8961d2bf17079a1676dda644590a76c0f42effb0
Detection ratio: 0 / 56
Analysis date: 2016-04-03 13:00:07 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware 20160403
AegisLab 20160403
AhnLab-V3 20160403
Alibaba 20160401
ALYac 20160403
Antiy-AVL 20160403
Arcabit 20160403
Avast 20160403
AVG 20160403
Avira (no cloud) 20160403
AVware 20160403
Baidu 20160402
Baidu-International 20160403
BitDefender 20160403
Bkav 20160402
CAT-QuickHeal 20160402
ClamAV 20160402
CMC 20160401
Comodo 20160403
Cyren 20160403
DrWeb 20160403
ESET-NOD32 20160403
F-Prot 20160403
F-Secure 20160403
Fortinet 20160403
GData 20160403
Ikarus 20160403
Jiangmin 20160403
K7AntiVirus 20160403
K7GW 20160403
Kaspersky 20160403
Kingsoft 20160403
Malwarebytes 20160403
McAfee 20160403
McAfee-GW-Edition 20160403
Microsoft 20160403
eScan 20160403
NANO-Antivirus 20160403
nProtect 20160401
Panda 20160403
Qihoo-360 20160403
Rising 20160403
Sophos AV 20160403
SUPERAntiSpyware 20160403
Symantec 20160331
Tencent 20160403
TheHacker 20160403
TotalDefense 20160402
TrendMicro 20160403
TrendMicro-HouseCall 20160403
VBA32 20160401
VIPRE 20160403
ViRobot 20160402
Yandex 20160316
Zillya 20160402
Zoner 20160403
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
File version 1.4.0.7463
Description (Zip64 extensions, AES Encryption)
Signature verification Signed file, verified signature
Signing date 9:06 AM 11/1/2010
Signers
[+] DIMDATA Co., Ltd.
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 11/1/2010
Valid to 12:59 AM 11/2/2011
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 490E33F0BA4990B4F46DB89AE18629D6137ABEDA
Serial number 40 66 AB C5 19 FE 44 59 55 8F A3 06 28 6F 98 D3
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 1:00 AM 6/15/2007
Valid to 12:59 AM 6/15/2012
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT ZIP
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-09-11 06:31:10
Entry Point 0x0002D8C2
Number of sections 6
PE sections
Overlays
MD5 43a12cde9a61bedea392be017bb2de7b
File type data
Offset 305664
Size 3474896
Entropy 8.00
PE imports
RegDeleteKeyA
LookupPrivilegeValueA
RegCloseKey
RegQueryValueExA
GetSecurityDescriptorControl
RegSetValueA
AdjustTokenPrivileges
RegCreateKeyExA
RegCreateKeyA
GetSecurityDescriptorLength
OpenProcessToken
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
RegOpenKeyExA
GetKernelObjectSecurity
IsValidSid
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
RegEnumKeyExA
RegQueryInfoKeyA
IsValidAcl
RegSetValueExA
RegDeleteValueA
SetKernelObjectSecurity
IsValidSecurityDescriptor
SelectObject
LineTo
DeleteDC
EnumFontFamiliesA
SetBkMode
GetTextExtentPoint32A
MoveToEx
CreatePen
GetStockObject
TextOutA
CreateFontIndirectA
GetTextMetricsA
CreateSolidBrush
BitBlt
SetBkColor
CreateCompatibleDC
DeleteObject
SetTextColor
GetStdHandle
FileTimeToDosDateTime
GetConsoleOutputCP
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
FindNextFileA
HeapDestroy
GetFileAttributesW
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetDriveTypeW
GetConsoleMode
GetLocaleInfoA
lstrcatA
UnhandledExceptionFilter
_llseek
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
FreeLibrary
MoveFileA
InitializeCriticalSection
LoadResource
FindClose
TlsGetValue
MoveFileW
GetFullPathNameW
SetLastError
DeviceIoControl
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
GetVolumeInformationA
LoadLibraryExA
GetVolumeInformationW
InterlockedDecrement
MultiByteToWideChar
SetFilePointer
_lclose
SetFileAttributesW
SetFileAttributesA
SetUnhandledExceptionFilter
GetSystemDirectoryA
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
SetCurrentDirectoryW
VirtualQuery
LocalFileTimeToFileTime
GetCurrentThreadId
InterlockedIncrement
SetCurrentDirectoryA
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
DosDateTimeToFileTime
GetFileSize
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
CreateDirectoryW
DeleteFileW
GetProcAddress
_lread
GetProcessHeap
CompareStringW
lstrcpyW
RemoveDirectoryW
GetFileInformationByHandle
lstrcmpA
FindNextFileW
lstrcpyA
CompareStringA
FindFirstFileW
SetVolumeLabelW
RemoveDirectoryA
CreateFileW
CopyFileA
GetFileType
SetVolumeLabelA
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
GetSystemInfo
lstrlenA
GetConsoleCP
LCMapStringA
GetThreadLocale
GetEnvironmentStringsW
IsDBCSLeadByte
lstrlenW
WinExec
OpenFile
FileTimeToLocalFileTime
SizeofResource
CompareFileTime
GetCurrentProcessId
SetFileTime
GetCurrentDirectoryA
HeapSize
GetCommandLineA
lstrcpynW
RaiseException
TlsFree
GetModuleHandleA
ReadFile
FindFirstFileA
CloseHandle
lstrcpynA
GetACP
GetVersion
GetEnvironmentStrings
CreateProcessA
WideCharToMultiByte
HeapCreate
GetTempPathW
VirtualFree
Sleep
FindResourceA
VirtualAlloc
WNetGetConnectionA
VarUI4FromStr
SafeArrayAccessData
SafeArrayGetLBound
SysFreeString
SystemTimeToVariantTime
SysStringByteLen
SysAllocStringLen
SysAllocString
SafeArrayGetUBound
SafeArrayGetElemsize
VariantTimeToSystemTime
SafeArrayGetDim
SHGetPathFromIDListA
SHBrowseForFolderA
FindExecutableA
ShellExecuteA
SetFocus
GetMessageA
GetParent
EnableWindow
UpdateWindow
BeginPaint
EnumWindows
MoveWindow
KillTimer
PostQuitMessage
DefWindowProcA
ShowWindow
MessageBeep
LoadBitmapA
SetWindowPos
EndPaint
DdeCreateDataHandle
DdeDisconnect
DdeCreateStringHandleA
DdeUninitialize
GetWindowRect
DispatchMessageA
ScreenToClient
UnregisterClassA
PostMessageA
CharUpperW
MessageBoxA
PeekMessageA
SetWindowLongA
AdjustWindowRectEx
TranslateMessage
FrameRect
CharUpperA
GetSysColor
GetDC
DestroyCursor
ReleaseDC
DdeInitializeA
GetDlgCtrlID
GetClassInfoA
DestroyIcon
GetWindowLongA
wsprintfA
SetActiveWindow
SendMessageA
GetClientRect
CreateWindowExA
GetDlgItem
DdeFreeStringHandle
EnableMenuItem
RegisterClassA
LoadIconA
SetWindowWord
DrawFocusRect
SetTimer
LoadCursorA
OemToCharA
InvalidateRect
SetWindowTextA
FillRect
CharNextA
GetWindowWord
GetDesktopWindow
CallWindowProcA
DdeConnect
DdeClientTransaction
wsprintfW
GetWindowTextA
DdeGetLastError
DestroyWindow
IsDialogMessageA
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoA
VerQueryValueA
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
Number of PE resources by type
RT_BITMAP 13
RT_ICON 6
RT_GROUP_ICON 6
RT_GROUP_CURSOR 1
RT_MANIFEST 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 28
FRENCH CANADIAN 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileVersionNumber
1.4.0.7463

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
72704

EntryPoint
0x2d8c2

MIMEType
application/octet-stream

FileVersion
1.4.0.7463

TimeStamp
2007:09:11 07:31:10+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
(Zip64 extensions, AES Encryption)

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
231936

FileSubtype
0

ProductVersionNumber
1.4.0.7463

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 d955c98176b3c63fbad300ec38844e03
SHA1 03002eabe415c68cb14651b7e51d7bfd94ce9b06
SHA256 8a0e46fca030f4c00e74202a40e92cdd5bd203c5da8a5d9df3c28df70b5d6d8e
ssdeep
98304:ROG05FeSH5oCaKZYTHhRq9FHkQELOX9+FS/u:05YSO1THhRq7jsOXkFSW

authentihash cfc331b2a8edcd5bd97057080fa7c8f4aa80d67848b52ca356001b6b66048aef
imphash b2f64dca468fcf41b78bdd6dd550fbc3
File size 3.6 MB ( 3780560 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (36.8%)
Win32 Executable MS Visual C++ (generic) (26.6%)
Win64 Executable (generic) (23.6%)
Win32 Dynamic Link Library (generic) (5.6%)
Win32 Executable (generic) (3.8%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2011-09-12 15:52:33 UTC ( 7 years, 5 months ago )
Last submission 2016-05-27 17:09:03 UTC ( 2 years, 8 months ago )
File names vt-upload-rQpmi
8961d2bf17079a1676dda644590a76c0f42effb0
8A0E46FCA030F4C00E74202A40E92CDD5BD203C5DA8A5D9DF3C28DF70B5D6D8E.exe
1341805322-fprosetup.exe
fprosetup.exe
file-2773906_
file-2977530_exe
8A0E46FCA030F4C00E74202A40E92CDD5BD203C5DA8A5D9DF3C28DF70B5D6D8E.exe
fprosetup.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!