× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8b61c8a63310c5a02c7585511f68f73a238cf64caca45756585c21e0e30754aa
File name: 69862
Detection ratio: 0 / 66
Analysis date: 2018-04-18 00:05:14 UTC ( 5 months, 1 week ago )
Antivirus Result Update
Ad-Aware 20180418
AegisLab 20180417
AhnLab-V3 20180417
Alibaba 20180417
ALYac 20180417
Antiy-AVL 20180417
Arcabit 20180417
Avast 20180417
Avast-Mobile 20180417
AVG 20180417
Avira (no cloud) 20180417
AVware 20180417
Baidu 20180417
BitDefender 20180417
Bkav 20180410
CAT-QuickHeal 20180417
ClamAV 20180417
CMC 20180417
Comodo 20180417
CrowdStrike Falcon (ML) 20170201
Cybereason None
Cylance 20180418
Cyren 20180417
DrWeb 20180417
eGambit 20180418
Emsisoft 20180417
Endgame 20180403
ESET-NOD32 20180418
F-Prot 20180417
F-Secure 20180417
Fortinet 20180417
GData 20180417
Ikarus 20180417
Sophos ML 20180121
Jiangmin 20180417
K7AntiVirus 20180417
K7GW 20180417
Kaspersky 20180417
Kingsoft 20180418
Malwarebytes 20180418
MAX 20180418
McAfee 20180418
McAfee-GW-Edition 20180417
Microsoft 20180417
eScan 20180418
NANO-Antivirus 20180418
nProtect 20180417
Palo Alto Networks (Known Signatures) 20180418
Panda 20180417
Qihoo-360 20180418
Rising 20180417
SentinelOne (Static ML) 20180225
Sophos AV 20180417
SUPERAntiSpyware 20180417
Symantec 20180417
Symantec Mobile Insight 20180412
Tencent 20180418
TheHacker 20180415
TotalDefense 20180417
TrendMicro 20180418
TrendMicro-HouseCall 20180418
Trustlook 20180418
VBA32 20180414
VIPRE 20180418
ViRobot 20180417
Webroot 20180418
WhiteArmor 20180408
Yandex 20180417
ZoneAlarm by Check Point 20180418
Zoner 20180417
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1999-2009 KnightSoft Technologies Inc.

Product KnightSoft Setup
Original name SETUP.EXE
Internal name SETUP
File version 1.1
Description KnightSoft Setup
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-12-28 21:37:21
Entry Point 0x00005EC8
Number of sections 4
PE sections
Overlays
MD5 e3fbfc2d1693678c8d7948e63790e0d2
File type data
Offset 176128
Size 10597327
Entropy 8.00
PE imports
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
SetMapMode
PatBlt
CreatePen
SaveDC
TextOutA
GetClipBox
Rectangle
GetObjectA
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetBkMode
IntersectClipRect
BitBlt
SetTextColor
GetDeviceCaps
CreateFontA
CreateBitmap
RectVisible
GetStockObject
CreateDIBitmap
SetViewportOrgEx
ScaleWindowExtEx
ExtTextOutA
PtVisible
GetTextExtentPointA
CreateCompatibleDC
ScaleViewportExtEx
SelectObject
SetWindowExtEx
CreateSolidBrush
SetViewportExtEx
Escape
SetBkColor
DeleteObject
GetStdHandle
HeapDestroy
IsBadCodePtr
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
GetStringTypeA
WriteFile
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
InitializeCriticalSection
LoadResource
GlobalHandle
InterlockedDecrement
FormatMessageA
SetLastError
GetEnvironmentVariableA
GlobalFindAtomA
HeapAlloc
GetVersionExA
GetModuleFileNameA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
GlobalAddAtomA
SetUnhandledExceptionFilter
MulDiv
SetEnvironmentVariableA
TerminateProcess
GlobalAlloc
GetCurrentThreadId
LeaveCriticalSection
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
IsBadWritePtr
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GlobalDeleteAtom
CreateDirectoryA
GetProcAddress
CompareStringW
GlobalReAlloc
lstrcmpA
lstrcpyA
GetProfileStringA
CompareStringA
GlobalLock
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LocalReAlloc
LCMapStringW
lstrlenA
GlobalFree
LCMapStringA
GlobalGetAtomNameA
GetEnvironmentStringsW
GlobalUnlock
GetEnvironmentStrings
WritePrivateProfileStringA
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
GetModuleHandleA
ReadFile
GlobalFlags
CloseHandle
lstrcpynA
GetACP
GetVersion
GetDiskFreeSpaceA
SizeofResource
HeapCreate
VirtualFree
IsBadReadPtr
GetProcessVersion
FindResourceA
VirtualAlloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetMalloc
ShellExecuteA
SetFocus
GetMessagePos
SetMenuItemBitmaps
DestroyMenu
PostQuitMessage
GetForegroundWindow
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
GrayStringA
GetMessageTime
SetActiveWindow
GetMenuItemID
GetCursorPos
DrawTextA
GetDlgCtrlID
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
GetNextDlgTabItem
CallNextHookEx
GetWindowTextLengthA
GetActiveWindow
ExcludeUpdateRgn
GetTopWindow
GetWindowTextA
PtInRect
GetMessageA
GetParent
UpdateWindow
SetPropA
EnumWindows
ShowWindow
GetPropA
ValidateRect
EnableWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
LoadStringA
GetWindowPlacement
IsIconic
RegisterClassA
TabbedTextOutA
GetSubMenu
CreateWindowExA
CopyRect
GetSysColorBrush
IsWindowUnicode
DestroyWindow
IsDialogMessageA
MapWindowPoints
BeginPaint
OffsetRect
RegisterWindowMessageA
DefWindowProcA
DrawFocusRect
SendDlgItemMessageA
GetSystemMetrics
EnableMenuItem
GetWindowRect
InflateRect
PostMessageA
SetWindowLongA
RemovePropA
SetWindowTextA
ShowCaret
GetWindowLongA
GetLastActivePopup
GetDlgItem
GetMenuCheckMarkDimensions
ClientToScreen
GetClassLongA
CreateDialogIndirectParamA
LoadCursorA
LoadIconA
SetWindowsHookExA
GetMenuItemCount
GetMenuState
GetDC
SetForegroundWindow
ReleaseDC
IntersectRect
EndDialog
HideCaret
CharNextA
GetCapture
ScreenToClient
CheckMenuItem
UnhookWindowsHookEx
MessageBoxA
GetWindowDC
AdjustWindowRectEx
GetSysColor
GetKeyState
SystemParametersInfoA
IsWindowVisible
WinHelpA
InvalidateRect
wsprintfA
DefDlgProcA
CallWindowProcA
GetClassNameA
GetFocus
ModifyMenuA
SetCursor
OpenPrinterA
DocumentPropertiesA
ClosePrinter
CoUninitialize
CoCreateInstance
CoInitialize
Number of PE resources by type
RT_STRING 13
RT_BITMAP 4
RT_DIALOG 3
RT_ICON 2
RT_CURSOR 2
RT_GROUP_CURSOR 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 28
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
86016

ImageVersion
0.0

ProductName
KnightSoft Setup

FileVersionNumber
1.1.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
KnightSoft Setup

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
SETUP.EXE

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.1

TimeStamp
2009:12:28 22:37:21+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
SETUP

ProductVersion
1.1

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright 1999-2009 KnightSoft Technologies Inc.

MachineType
Intel 386 or later, and compatibles

CompanyName
KnightSoft Technologies Inc.

CodeSize
106496

FileSubtype
0

ProductVersionNumber
1.1.0.0

EntryPoint
0x5ec8

ObjectFileType
Executable application

File identification
MD5 10bea7ff1ad16f6de97fe0da5cc4e489
SHA1 8e07bd097ad8618bc18cd30df0e7ea9ad9d49335
SHA256 8b61c8a63310c5a02c7585511f68f73a238cf64caca45756585c21e0e30754aa
ssdeep
196608:7SlzMP6rG5lHulB1VZEkdCvl/jDNxleJ2ITeTVmSTweX3wsvf8GqK+PlsT4b5g:7Sl4i65OVKkGDzlegIT5STwVsvf8++Py

authentihash 1b6bb3ca2dc4b01b4e88b99a1dad82ec827e45c714dd5c2cddb1148492142a69
imphash 57db374e053929b7e1a4759be79efd5c
File size 10.3 MB ( 10773455 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe armadillo overlay

VirusTotal metadata
First submission 2013-06-03 20:02:11 UTC ( 5 years, 3 months ago )
Last submission 2016-04-20 01:31:24 UTC ( 2 years, 5 months ago )
File names SetupSK.exe
SETUP
69862
8b61c8a63310c5a02c7585511f68f73a238cf64caca45756585c21e0e30754aa
141503706386094-SetupSK.exe
SETUP.EXE
8B61C8A63310C5A02C7585511F68F73A238CF64CACA45756585C21E0E30754AA.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.