× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8ba94572344812718b00d33535ec1bd84a4406ae619852f53345a9a6f5f3a0cd
File name: 8ba94572344812718b00d33535ec1bd84a4406ae619852f53345a9a6f5f3a0cd
Detection ratio: 0 / 57
Analysis date: 2015-08-28 17:56:42 UTC ( 3 years, 4 months ago )
Antivirus Result Update
Ad-Aware 20150828
AegisLab 20150828
Yandex 20150828
AhnLab-V3 20150828
Alibaba 20150828
ALYac 20150828
Antiy-AVL 20150828
Arcabit 20150828
Avast 20150828
AVG 20150828
Avira (no cloud) 20150828
AVware 20150828
Baidu-International 20150828
BitDefender 20150828
Bkav 20150828
ByteHero 20150828
CAT-QuickHeal 20150828
ClamAV 20150828
CMC 20150827
Comodo 20150828
Cyren 20150828
DrWeb 20150828
Emsisoft 20150828
ESET-NOD32 20150828
F-Prot 20150828
F-Secure 20150828
Fortinet 20150828
GData 20150828
Ikarus 20150828
Jiangmin 20150827
K7AntiVirus 20150828
K7GW 20150828
Kaspersky 20150828
Kingsoft 20150828
Malwarebytes 20150828
McAfee 20150828
McAfee-GW-Edition 20150828
Microsoft 20150828
eScan 20150828
NANO-Antivirus 20150828
nProtect 20150828
Panda 20150828
Qihoo-360 20150828
Rising 20150826
Sophos AV 20150828
SUPERAntiSpyware 20150826
Symantec 20150827
Tencent 20150828
TheHacker 20150828
TotalDefense 20150828
TrendMicro 20150828
TrendMicro-HouseCall 20150828
VBA32 20150828
VIPRE 20150828
ViRobot 20150828
Zillya 20150828
Zoner 20150828
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Setup Engine Copyright © 2001 - 2004 Indigo Rose Corporation

Product Setup Factory 6.0 Runtime
Original name setup.exe
Internal name suf60_setup
File version 6.0.1.4
Description Setup Application
Comments Created with Setup Factory 6.0
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-02-11 22:10:02
Entry Point 0x00002919
Number of sections 4
PE sections
Overlays
MD5 e2f7fbdefcee81ea79dd3e4bb2eb02f4
File type data
Offset 86016
Size 14479223
Entropy 7.95
PE imports
GetObjectA
GetDeviceCaps
CreateFontA
SetMapMode
DeleteDC
GetMapMode
BitBlt
DPtoLP
SelectObject
CreateCompatibleDC
GetLastError
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
lstrlenA
GetFileAttributesA
GetOEMCP
LCMapStringA
HeapDestroy
HeapAlloc
GetVersionExA
GetEnvironmentStringsW
_lclose
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
GetDiskFreeSpaceA
_lwrite
GetEnvironmentStrings
GetPrivateProfileStringA
WritePrivateProfileStringA
lstrcatA
CreateDirectoryA
DeleteFileA
WideCharToMultiByte
UnhandledExceptionFilter
_llseek
FreeEnvironmentStringsW
MultiByteToWideChar
GetProcAddress
_lread
GetStartupInfoA
GetSystemDefaultLangID
GetTempPathA
GetCPInfo
GetStringTypeA
_lcreat
lstrcmpA
lstrcpyA
_lopen
CloseHandle
GetCommandLineA
GetACP
HeapReAlloc
GetStringTypeW
TerminateProcess
CreateProcessA
GetCurrentProcess
GetEnvironmentVariableA
HeapCreate
WriteFile
VirtualFree
GetFileType
ExitProcess
GetVersion
VirtualAlloc
SetCurrentDirectoryA
GetModuleHandleA
GetMessageA
UpdateWindow
BeginPaint
PostQuitMessage
DefWindowProcA
ShowWindow
LoadBitmapA
GetWindowRect
DispatchMessageA
EndPaint
PostMessageA
MessageBoxA
PeekMessageA
TranslateMessage
RegisterClassExA
LoadStringA
SendMessageA
GetClientRect
RegisterClassA
wsprintfA
CreateWindowExA
LoadCursorA
LoadIconA
GetDesktopWindow
MsgWaitForMultipleObjects
DestroyWindow
Number of PE resources by type
RT_BITMAP 1
RT_STRING 1
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 5
PE resources
ExifTool file metadata
CodeSize
20480

SubsystemVersion
4.0

Comments
Created with Setup Factory 6.0

InitializedDataSize
61440

ImageVersion
0.0

ProductName
Setup Factory 6.0 Runtime

FileVersionNumber
6.0.1.4

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
setup.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.0.1.4

TimeStamp
2004:02:11 22:10:02+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
suf60_setup

ProductVersion
6.0.1.4

FileDescription
Setup Application

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Setup Engine Copyright 2001 - 2004 Indigo Rose Corporation

MachineType
Intel 386 or later, and compatibles

LegalTrademarks
Setup Factory is a trademark of Indigo Rose Corporation.

FileSubtype
0

ProductVersionNumber
6.0.1.4

EntryPoint
0x2919

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 a307d7325f05f6e7ea8f83eb0c7caedd
SHA1 f4e77a702204b0651c44683973c8d75e80be9c78
SHA256 8ba94572344812718b00d33535ec1bd84a4406ae619852f53345a9a6f5f3a0cd
ssdeep
196608:+40BfzF4GZhp04M7iqSmN0249DsxCUXG06lDiEFiTGsTz1zwWtGlomD4HS3X3g2W:+Nua0fmq7+2SsEUXvJE0DLgoO30nb

authentihash cce46247278d8d152e4734432a2b5b62b6f524943fbccec340d70e8f492bdf56
imphash b59ba52c650904098282ea913d2b8d01
File size 13.9 MB ( 14565239 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe armadillo overlay

VirusTotal metadata
First submission 2013-06-02 02:14:24 UTC ( 5 years, 7 months ago )
Last submission 2013-06-02 02:14:24 UTC ( 5 years, 7 months ago )
File names setup.exe
suf60_setup
8ba94572344812718b00d33535ec1bd84a4406ae619852f53345a9a6f5f3a0cd
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications