× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8cc878be2d6971bcdff0a344a59dfd55eb283c4ba405a92103926a12b6aafc51
File name: TrustedInstaller.dll
Detection ratio: 41 / 47
Analysis date: 2013-07-07 04:06:45 UTC ( 5 years, 6 months ago ) View latest
Antivirus Result Update
Yandex Trojan.PornoAsset!JrQ/Pj4YCQE 20130705
AhnLab-V3 Trojan/Win32.PornoAsset 20130706
AntiVir Worm/Gamarue.ioemn 20130706
Antiy-AVL Trojan/Win32.Generic 20130706
Avast Win32:Fareit-FB [Trj] 20130707
AVG Generic31.BHGJ 20130706
BitDefender Gen:Variant.Symmi.17714 20130701
CAT-QuickHeal Worm.Gamarue.B 20130706
Commtouch W32/Trojan.SDHV-7590 20130706
Comodo Heur.Suspicious 20130707
DrWeb Trojan.MulDrop4.25343 20130707
Emsisoft Gen:Variant.Barys.15860 (B) 20130707
eSafe Win32.Trojan 20130703
ESET-NOD32 Win32/Bundpil.AM 20130706
F-Secure Gen:Variant.Barys.15860 20130707
Fortinet W32/Zbot.ANQ!tr 20130707
GData Gen:Variant.Barys.15860 20130707
Ikarus Trojan-Ransom.Win32.PornoAsset 20130706
K7AntiVirus Spyware 20130705
K7GW Spyware 20130705
Kaspersky Trojan-Ransom.Win32.PornoAsset.bxjf 20130707
Kingsoft Win32.Troj.Undef.(kcloud) 20130506
Malwarebytes Rootkit.0Access 20130707
McAfee Trojan-FAZJ!C7B6B29EEDAE 20130707
McAfee-GW-Edition Trojan-FAZJ!C7B6B29EEDAE 20130706
Microsoft TrojanDropper:Win32/Gamarue.A 20130707
NANO-Antivirus Trojan.Win32.PornoAsset.bhqsrh 20130707
Norman Kryptik.PSJ 20130706
nProtect Trojan/W32.Agent.200704.ATK 20130705
Panda Trj/OCJ.D 20130706
PCTools Trojan.Gen 20130706
Sophos AV Mal/ZboCheMan-D 20130707
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20130706
Symantec Trojan.Gen.2 20130707
TheHacker Trojan/Kryptik.aukd 20130705
TotalDefense Win32/Gamarue.MHGQLG 20130705
TrendMicro TROJ_SPNR.35CA13 20130707
TrendMicro-HouseCall TROJ_SPNR.35CA13 20130707
VBA32 BScope.Trojan.Winlock.2421 20130705
VIPRE Trojan.Win32.Zbot.anr (v) 20130707
ViRobot Trojan.Win32.PornoAsset.200704 20130706
ByteHero 20130613
ClamAV 20130707
F-Prot 20130706
Jiangmin 20130706
eScan 20130706
Rising 20130705
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-10-09 09:11:58
Entry Point 0x0000447C
Number of sections 9
PE sections
PE imports
lstrcpyW
PathGetDriveNumberA
PathIsURLW
PathIsRelativeA
SystemParametersInfoA
GetProcessWindowStation
GetThreadDesktop
PE exports
Number of PE resources by type
RT_ICON 5
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 6
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:10:09 10:11:58+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
86528

LinkerVersion
11.1

FileTypeExtension
exe

InitializedDataSize
113152

SubsystemVersion
5.1

EntryPoint
0x447c

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 c7b6b29eedaebbe35932ba6b65b9971c
SHA1 cae7dc9ccf1faa33367ef040bb034da6ef4de6f5
SHA256 8cc878be2d6971bcdff0a344a59dfd55eb283c4ba405a92103926a12b6aafc51
ssdeep
3072:hRvD9+hieKB42CgH3AxI85YkiMR5UQ1UBYQxsKvZAgJpxH5oRfDidxI8FEWiq:hRvDXd42CoOYkDRiQZQmKxAgvxXIyiq

authentihash 70272de808f4491159a82be9a33f209f65f5fff8059408299683dc4282950435
imphash 5e13115e853b01a60bb2fe5f6745ce6b
File size 196.0 KB ( 200704 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2013-02-15 07:17:54 UTC ( 5 years, 11 months ago )
Last submission 2015-07-15 20:38:26 UTC ( 3 years, 6 months ago )
File names TrustedInstaller.exe0
TrustedInstaller.dll
TrustedInstaller.ex_.exe
TrustedInstaller.ex_
TrustedInstaller.exe
c7b6b29eedaebbe35932ba6b65b9971c
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs