× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8eb24d4ef3a8d349aee103c8c2d6a3cfa7f06ed8773552435b2baf30c70987a2
File name: a3d0e2f3a87d5d39b7acb4d02f2efcf0_INF2695.tmp
Detection ratio: 10 / 63
Analysis date: 2017-09-28 20:54:55 UTC ( 1 year, 6 months ago )
Antivirus Result Update
AegisLab Virus.W32.Virus!c 20170928
Avast Win32:Malware-gen 20170928
AVG Win32:Malware-gen 20170928
CAT-QuickHeal Trojan.IGENERIC 20170928
ClamAV Win.Trojan.FakeAV-1077 20170928
ESET-NOD32 Win32/PrcView potentially unsafe 20170928
MAX malware (ai score=20) 20170928
McAfee GenericTRA-AT!A3D0E2F3A87D 20170928
McAfee-GW-Edition Artemis!Trojan 20170928
Rising Malware.Heuristic!ET#84% (RDM+:cmRtazoU2waYqgqKwAfywDyYVk6+) 20170928
Ad-Aware 20170928
AhnLab-V3 20170928
Alibaba 20170911
ALYac 20170928
Antiy-AVL 20170928
Arcabit 20170928
Avast-Mobile 20170928
Avira (no cloud) 20170928
AVware 20170928
Baidu 20170928
BitDefender 20170928
CMC 20170928
Comodo 20170928
CrowdStrike Falcon (ML) 20170804
Cylance 20170928
Cyren 20170928
DrWeb 20170928
Emsisoft 20170928
Endgame 20170821
F-Prot 20170928
F-Secure 20170928
Fortinet 20170928
GData 20170928
Ikarus 20170928
Sophos ML 20170914
Jiangmin 20170928
K7AntiVirus 20170928
K7GW 20170928
Kaspersky 20170928
Kingsoft 20170928
Malwarebytes 20170928
Microsoft 20170928
eScan 20170928
NANO-Antivirus 20170928
nProtect 20170928
Palo Alto Networks (Known Signatures) 20170928
Panda 20170928
Qihoo-360 20170928
SentinelOne (Static ML) 20170806
Sophos AV 20170928
SUPERAntiSpyware 20170928
Symantec 20170928
Symantec Mobile Insight 20170928
Tencent 20170928
TheHacker 20170928
TrendMicro 20170928
Trustlook 20170928
VBA32 20170928
VIPRE 20170928
ViRobot 20170928
Webroot 20170928
WhiteArmor 20170927
Yandex 20170908
Zillya 20170928
ZoneAlarm by Check Point 20170928
Zoner 20170928
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright

File version
Description roguescanfix_setup Setup
Comments This installation was built with Inno Setup: http://www.innosetup.com
Packers identified
F-PROT INNO, UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x000097F0
Number of sections 8
PE sections
Overlays
MD5 e90d8bb16221731d2b401eb289413a02
File type data
Offset 52224
Size 862971
Entropy 8.00
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
CreateDirectoryA
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetLocaleInfoA
LocalAlloc
LockResource
IsDBCSLeadByte
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
CloseHandle
GetFullPathNameA
LocalFree
CreateProcessA
GetModuleFileNameA
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
FindResourceA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 1
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
ENGLISH US 4
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
This installation was built with Inno Setup: http://www.innosetup.com

InitializedDataSize
14336

ImageVersion
0.0

FileVersionNumber
0.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

LinkerVersion
2.25

FileTypeExtension
exe

MIMEType
application/octet-stream

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
roguescanfix_setup Setup

OSVersion
1.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Beamerke

CodeSize
36864

FileSubtype
0

ProductVersionNumber
0.0.0.0

EntryPoint
0x97f0

ObjectFileType
Executable application

File identification
MD5 a3d0e2f3a87d5d39b7acb4d02f2efcf0
SHA1 d93e0aa5486118d39fa71db97a136c404f7483ff
SHA256 8eb24d4ef3a8d349aee103c8c2d6a3cfa7f06ed8773552435b2baf30c70987a2
ssdeep
24576:rI39dZhAwSpowZ5T+RrIfUPXEvPBB7y6yeoCtyXyV/fabiSUk:r6drAwSqw5SRMAUvPb7bZtmy6Uk

authentihash 4681b9a2d1bd7e4a45d347c92a1ab8b8470e0086d9c658977934158e1ea69f5e
imphash 80417b621299e3e1de617305557a3c68
File size 893.7 KB ( 915195 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable PowerBASIC/Win 9.x (51.2%)
Inno Setup installer (37.9%)
Win32 Executable Delphi generic (4.9%)
Win32 Dynamic Link Library (generic) (2.2%)
Win32 Executable (generic) (1.5%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2009-05-02 10:59:11 UTC ( 9 years, 11 months ago )
Last submission 2017-09-28 20:54:55 UTC ( 1 year, 6 months ago )
File names XqI4rU.inf
roguescanfix_setup.exe
a3d0e2f3a87d5d39b7acb4d02f2efcf0.d93e0aa5486118d39fa71db97a136c404f7483ff
a3d0e2f3a87d5d39b7acb4d02f2efcf0
1490887
kziS.dotx
a3d0e2f3a87d5d39b7acb4d02f2efcf0.exse
a3d0e2f3a87d5d39b7acb4d02f2efcf0.bin
8eb24d4ef3a8d349aee103c8c2d6a3cfa7f06ed8773552435b2baf30c70987a2
output.1490887.txt
a3d0e2f3a87d5d39b7acb4d02f2efcf0_INF2695.tmp
aa
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!