× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8be4dba9147438b23de791a2846721adbf0d78d1224a56d67a71471e5b2a5f70
Detection ratio: 0 / 66
Analysis date: 2017-11-08 01:58:04 UTC ( 1 year, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware 20171108
AegisLab 20171108
AhnLab-V3 20171107
Alibaba 20170911
ALYac 20171108
Antiy-AVL 20171103
Arcabit 20171108
Avast 20171107
Avast-Mobile 20171107
AVG 20171108
Avira (no cloud) 20171107
AVware 20171107
Baidu 20171107
BitDefender 20171108
Bkav 20171107
CAT-QuickHeal 20171107
ClamAV 20171108
CMC 20171104
Comodo 20171108
CrowdStrike Falcon (ML) 20171016
Cybereason 20171030
Cylance 20171108
Cyren 20171108
DrWeb 20171108
eGambit 20171108
Emsisoft 20171108
Endgame 20171024
ESET-NOD32 20171108
F-Prot 20171108
F-Secure 20171108
Fortinet 20171108
GData 20171108
Ikarus 20171107
Sophos ML 20170914
Jiangmin 20171108
K7AntiVirus 20171107
K7GW 20171108
Kaspersky 20171108
Kingsoft 20171108
Malwarebytes 20171108
MAX 20171108
McAfee 20171108
McAfee-GW-Edition 20171107
Microsoft 20171107
eScan 20171108
NANO-Antivirus 20171108
nProtect 20171108
Palo Alto Networks (Known Signatures) 20171108
Panda 20171107
Qihoo-360 20171108
Rising 20171108
SentinelOne (Static ML) 20171019
Sophos AV 20171108
SUPERAntiSpyware 20171108
Symantec 20171108
Symantec Mobile Insight 20171107
Tencent 20171108
TheHacker 20171102
TotalDefense 20171107
TrendMicro-HouseCall 20171108
Trustlook 20171108
VBA32 20171104
VIPRE 20171108
ViRobot 20171107
WhiteArmor 20171104
Yandex 20171107
Zillya 20171107
ZoneAlarm by Check Point 20171108
Zoner 20171108
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Setup Engine Copyright © 2004-2016 Indigo Rose Corporation

Product Setup Factory Runtime
Original name suf_launch.exe
Internal name suf_launch
File version 9.5.1.0
Description Setup Application
Comments Created with Setup Factory
Signature verification Signed file, verified signature
Signing date 3:09 PM 6/14/2017
Signers
[+] Stardock Corporation
Status Valid
Issuer Symantec Class 3 SHA256 Code Signing CA
Valid from 12:00 AM 03/14/2016
Valid to 11:59 PM 04/13/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint E0D518E40BB72920C966A2AF0D969F88CE52DF51
Serial number 52 89 E3 7A 80 C2 A8 A6 8B 8D 96 4E 15 3A AE 38
[+] Symantec Class 3 SHA256 Code Signing CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 12:00 AM 12/10/2013
Valid to 11:59 PM 12/09/2023
Valid usage Client Auth, Code Signing
Algorithm sha256RSA
Thumbprint 007790F6561DAD89B0BCD85585762495E358F8A5
Serial number 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 12:00 AM 11/08/2006
Valid to 11:59 PM 07/16/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec SHA256 TimeStamping Signer - G2
Status Valid
Issuer Symantec SHA256 TimeStamping CA
Valid from 12:00 AM 01/02/2017
Valid to 11:59 PM 04/01/2028
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 625AEC3AE4EDA1D169C4EE909E85B3BBC61076D3
Serial number 54 58 F2 AA D7 41 D6 44 BC 84 A9 7B A0 96 52 E6
[+] Symantec SHA256 TimeStamping CA
Status Valid
Issuer VeriSign Universal Root Certification Authority
Valid from 12:00 AM 01/12/2016
Valid to 11:59 PM 01/11/2031
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 6FC9EDB5E00AB64151C1CDFCAC74AD2C7B7E3BE4
Serial number 7B 05 B1 D4 49 68 51 44 F7 C9 89 D2 9C 19 9D 12
[+] VeriSign Universal Root Certification Authority
Status Valid
Issuer VeriSign Universal Root Certification Authority
Valid from 12:00 AM 04/02/2008
Valid to 11:59 PM 12/01/2037
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha256RSA
Thumbrint 3679CA35668772304D30A5FB873B0FA77BB70D54
Serial number 40 1A C4 64 21 B3 13 21 03 0E BB E4 12 1A C5 1D
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-02-26 18:08:50
Entry Point 0x000029F1
Number of sections 5
PE sections
Overlays
MD5 85ecefdd05702776edc3f2e86838b636
File type data
Offset 223744
Size 12124264
Entropy 7.99
PE imports
GetTokenInformation
OpenProcessToken
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
lstrlenA
GetFileAttributesA
GetExitCodeProcess
QueryPerformanceCounter
HeapReAlloc
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
GetTempPathA
RemoveDirectoryA
RtlUnwind
LoadLibraryA
HeapSetInformation
GetCurrentProcess
_lwrite
GetFileType
GetStringTypeW
InterlockedIncrement
lstrcatA
CreateDirectoryA
DeleteFileA
GetCurrentDirectoryA
UnhandledExceptionFilter
InterlockedDecrement
_llseek
HeapSize
FreeEnvironmentStringsW
GetCPInfo
MultiByteToWideChar
GetProcAddress
_lread
EncodePointer
GetStartupInfoW
GetModuleFileNameW
_lclose
WideCharToMultiByte
LoadLibraryW
TlsFree
_lcreat
GetSystemTimeAsFileTime
DeleteCriticalSection
GetCurrentProcessId
SetUnhandledExceptionFilter
lstrcpyA
_lopen
DecodePointer
CloseHandle
IsProcessorFeaturePresent
GetCommandLineA
GetACP
GetDiskFreeSpaceA
MoveFileExA
GetModuleHandleW
FreeLibrary
LocalFree
TerminateProcess
GetModuleFileNameA
IsValidCodePage
HeapCreate
WriteFile
TlsGetValue
Sleep
SetLastError
GetTickCount
TlsSetValue
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
SetCurrentDirectoryA
GetOEMCP
CompareStringA
ShellExecuteExA
wsprintfA
LoadCursorA
DispatchMessageA
MessageBoxA
PeekMessageA
MsgWaitForMultipleObjects
TranslateMessage
SetCursor
Number of PE resources by type
RT_ICON 9
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 12
PE resources
ExifTool file metadata
CodeSize
22528

SubsystemVersion
5.1

Comments
Created with Setup Factory

InitializedDataSize
200192

ImageVersion
0.0

ProductName
Setup Factory Runtime

FileVersionNumber
9.5.1.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

LinkerVersion
10.0

FileTypeExtension
exe

OriginalFileName
suf_launch.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
9.5.1.0

TimeStamp
2016:02:26 19:08:50+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
suf_launch

ProductVersion
9.5.1.0

FileDescription
Setup Application

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
Setup Engine Copyright 2004-2016 Indigo Rose Corporation

MachineType
Intel 386 or later, and compatibles

LegalTrademarks
Setup Factory is a trademark of Indigo Rose Corporation.

FileSubtype
0

ProductVersionNumber
9.5.1.0

EntryPoint
0x29f1

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Compressed bundles
File identification
MD5 640d64b7abdcc5281dd797dbac42e1b1
SHA1 3068d7f3e37560f48ef175a999b9130727901bf0
SHA256 8be4dba9147438b23de791a2846721adbf0d78d1224a56d67a71471e5b2a5f70
ssdeep
196608:6oTRwc0Du8Ea72w4gtvYLiuUk7tZIlhMInILnTVu+iRI6ZHX6e3j3FM5X6e/QrFY:Np0qQ4gtQ2uUk7tZIlhMI0nTo+9sTMsi

authentihash f133c8ff3e08f4c3a4e80239ac323a1be9f9a1d595f05f815d8a68ef074ed3b6
imphash 0047ffc8d91ee9a957961742504880d6
File size 11.8 MB ( 12348008 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.6%)
Win32 EXE Yoda's Crypter (35.4%)
Win32 Dynamic Link Library (generic) (8.7%)
Win32 Executable (generic) (6.0%)
OS/2 Executable (generic) (2.7%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2017-06-14 16:24:21 UTC ( 1 year, 8 months ago )
Last submission 2019-02-19 10:10:29 UTC ( 9 hours, 2 minutes ago )
File names suf_launch.exe
Baixaki_fences.exe
Fences_3.05_setup.exe
Fences-3.05-setup.exe
$
Fences3-5current-setup__1_.exe
Setup.exe
Fences 3 3.05.exe
Fences3-cnet-setup.exe
f.exe
$
Fences3-current-setup.exe
suf_launch
Fences3-sd-setup.exe
totallynotavirus.exe
Fences_3.05.exe
Stardock Fences v3.0.5.exe
fences_3-08_en_310774.exe
8BE4DBA9147438B23DE791A2846721ADBF0D78D1224A56D67A71471E5B2A5F70.exe
Fences-Steam-setup.exe
Fences_3.05_setup_sd.kuyhAa.exe
Fences 3 3.05.exe
Fences-3.05_setup_sd.exe
fences-3-05.exe
Fences3-cnet-setup.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Runtime DLLs
UDP communications