× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9195c89121025b2de8a5c06b6221ba4d08610b0f23603c5b1be625467d382262
File name: avira_fr_fass0_58f66924165b6__ws.exe
Detection ratio: 0 / 61
Analysis date: 2017-04-18 19:30:10 UTC ( 1 year, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware 20170418
AegisLab 20170418
AhnLab-V3 20170418
Alibaba 20170418
ALYac 20170418
Antiy-AVL 20170418
Arcabit 20170418
Avast 20170418
AVG 20170418
Avira (no cloud) 20170418
AVware 20170418
Baidu 20170418
BitDefender 20170418
Bkav 20170418
CAT-QuickHeal 20170418
ClamAV 20170418
CMC 20170418
Comodo 20170418
CrowdStrike Falcon (ML) 20170130
Cyren 20170418
DrWeb 20170418
Emsisoft 20170418
Endgame 20170413
ESET-NOD32 20170418
F-Prot 20170418
F-Secure 20170418
Fortinet 20170418
GData 20170418
Ikarus 20170418
Sophos ML 20170413
Jiangmin 20170418
K7AntiVirus 20170418
K7GW 20170418
Kaspersky 20170418
Kingsoft 20170418
Malwarebytes 20170418
McAfee 20170418
McAfee-GW-Edition 20170418
Microsoft 20170418
eScan 20170418
NANO-Antivirus 20170418
nProtect 20170418
Palo Alto Networks (Known Signatures) 20170418
Panda 20170418
Qihoo-360 20170418
Rising 20170418
SentinelOne (Static ML) 20170330
Sophos AV 20170418
SUPERAntiSpyware 20170418
Symantec 20170418
Symantec Mobile Insight 20170414
Tencent 20170418
TheHacker 20170416
TrendMicro 20170418
TrendMicro-HouseCall 20170418
Trustlook 20170418
VBA32 20170418
VIPRE 20170418
ViRobot 20170418
Webroot 20170418
WhiteArmor 20170409
Yandex 20170418
Zillya 20170418
ZoneAlarm by Check Point 20170418
Zoner 20170418
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2015 Avira Operations GmbH & Co. KG and its Licensors

Product Avira Connect
Original name Avira.OE.Setup.Bundle.exe
Internal name setup
File version 1.2.83.46341
Description Avira Connect
Signature verification Signed file, verified signature
Signing date 8:55 AM 4/11/2017
Signers
[+] Avira Operations GmbH & Co. KG
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Symantec Class 3 Extended Validation Code Signing CA - G2
Valid from 1:00 AM 11/24/2016
Valid to 12:59 AM 5/18/2018
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99
Serial number 39 CF 93 7C F8 90 9F 05 79 33 00 DE 20 B4 E4 5F
[+] Symantec Class 3 Extended Validation Code Signing CA - G2
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 3/4/2014
Valid to 12:59 AM 3/4/2024
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 5B8F88C80A73D35F76CD412A9E74E916594DFA67
Serial number 19 1A 32 CB 75 9C 97 B8 CF AC 11 8D D5 12 7F 49
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] COMODO SHA-256 Time Stamping Signer
Status Valid
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 12/31/2015
Valid to 7:40 PM 7/9/2019
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 36527D4FA26A68F9EB4596F1D99ABB2C0EA76DFA
Serial number 4E B0 87 8F CC 24 35 36 B2 D8 C9 F7 BF 39 55 77
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
Packers identified
F-PROT CAB, UTF-8
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-04-11 07:51:15
Entry Point 0x0002C134
Number of sections 7
PE sections
Overlays
MD5 7558c5b55bc67284e6c11a612841eb95
File type data
Offset 462848
Size 4274592
Entropy 8.00
PE imports
SetSecurityDescriptorOwner
RegCreateKeyExW
RegCloseKey
OpenServiceW
AdjustTokenPrivileges
ControlService
InitializeAcl
LookupPrivilegeValueW
RegDeleteKeyW
CryptHashData
CheckTokenMembership
DecryptFileW
RegQueryValueExW
CryptCreateHash
SetSecurityDescriptorDacl
CloseServiceHandle
ConvertStringSecurityDescriptorToSecurityDescriptorW
CreateWellKnownSid
OpenProcessToken
QueryServiceStatus
RegOpenKeyExW
QueryServiceConfigW
GetTokenInformation
CryptReleaseContext
GetUserNameW
RegQueryInfoKeyW
SetEntriesInAclW
RegEnumKeyExW
CryptAcquireContextW
CryptDestroyHash
InitializeSecurityDescriptor
RegDeleteValueW
RegSetValueExW
CryptGetHashParam
OpenSCManagerW
RegEnumValueW
AllocateAndInitializeSid
InitiateSystemShutdownExW
SetEntriesInAclA
ChangeServiceConfigW
SetSecurityDescriptorGroup
SetNamedSecurityInfoW
DeleteDC
SelectObject
GetObjectW
CreateCompatibleDC
DeleteObject
StretchBlt
GetVolumePathNameW
GetStdHandle
ReleaseMutex
WaitForSingleObject
EncodePointer
ProcessIdToSessionId
GetFileAttributesW
GetExitCodeProcess
GetProcessId
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
InterlockedExchange
WriteFile
GetTimeZoneInformation
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetEvent
LocalFree
FormatMessageW
ConnectNamedPipe
InitializeCriticalSection
OutputDebugStringW
FindClose
InterlockedDecrement
SetFileAttributesW
SetLastError
GetSystemTime
TlsGetValue
CopyFileW
GetUserDefaultLangID
RemoveDirectoryW
IsDebuggerPresent
HeapAlloc
VerSetConditionMask
HeapSetInformation
LoadLibraryExA
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
VerifyVersionInfoW
SetFilePointerEx
GetModuleHandleA
GetFullPathNameW
CreateThread
MoveFileExW
GetSystemDirectoryW
GetExitCodeThread
SetNamedPipeHandleState
SetUnhandledExceptionFilter
CreateMutexW
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetModuleHandleExW
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
GetSystemWow64DirectoryW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
RtlUnwind
SystemTimeToFileTime
GetWindowsDirectoryW
OpenProcess
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GetTempFileNameW
GetComputerNameW
CompareStringW
GetFileSizeEx
GetModuleFileNameW
ExpandEnvironmentStringsW
FindNextFileW
ResetEvent
FindFirstFileW
DuplicateHandle
WaitForMultipleObjects
CreateFileMappingW
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetNativeSystemInfo
GetLastError
DosDateTimeToFileTime
LCMapStringW
CreateNamedPipeW
lstrlenA
GlobalFree
GetConsoleCP
GetThreadLocale
GetEnvironmentStringsW
lstrlenW
VirtualFree
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCommandLineW
GetCPInfo
HeapSize
CopyFileExW
InterlockedCompareExchange
GetSystemDefaultLangID
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
SetThreadExecutionState
GetLocalTime
IsValidCodePage
UnmapViewOfFile
GetTempPathW
CreateProcessW
Sleep
SystemTimeToTzSpecificLocalTime
VirtualAlloc
GetOEMCP
CompareStringA
SysFreeString
VariantClear
VariantInit
SysAllocString
UuidCreate
SHGetFolderPathW
ShellExecuteExW
CommandLineToArgvW
GetMonitorInfoW
LoadBitmapW
GetMessageW
DefWindowProcW
PostQuitMessage
SetWindowLongW
IsWindow
PeekMessageW
TranslateMessage
PostMessageW
DispatchMessageW
GetCursorPos
RegisterClassW
UnregisterClassW
MessageBoxW
PostThreadMessageW
MonitorFromPoint
WaitForInputIdle
IsDialogMessageW
LoadCursorW
CreateWindowExW
MsgWaitForMultipleObjects
GetWindowLongW
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
CoInitializeSecurity
CLSIDFromProgID
CoTaskMemFree
StringFromGUID2
Number of PE resources by type
RT_ICON 4
RT_VERSION 1
RT_MANIFEST 1
RT_MESSAGETABLE 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 8
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
175616

ImageVersion
0.0

ProductName
Avira Connect

FileVersionNumber
1.2.83.46341

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Avira Connect

CharacterSet
Windows, Latin1

LinkerVersion
12.0

FileTypeExtension
exe

OriginalFileName
Avira.OE.Setup.Bundle.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.2.83.46341

TimeStamp
2017:04:11 08:51:15+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
setup

ProductVersion
1.2.83.46341

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

LegalCopyright
Copyright 2015 Avira Operations GmbH & Co. KG and its Licensors

MachineType
Intel 386 or later, and compatibles

CompanyName
Avira Operations GmbH & Co. KG

CodeSize
286208

FileSubtype
0

ProductVersionNumber
1.2.83.46341

EntryPoint
0x2c134

ObjectFileType
Executable application

File identification
MD5 c25980fa7e8c04c50f778a1c078501ff
SHA1 d8eda30caa7e1f8a34c061fa6c1d8c02490a7eb9
SHA256 9195c89121025b2de8a5c06b6221ba4d08610b0f23603c5b1be625467d382262
ssdeep
98304:+U4DVR/CxRuwfHyAfihwAe5kdXr++YqUBVcJZx8y/gz5AB6:+L6bzfSA0Mcr++YqUb0Roz5p

authentihash da8d525005e4902eb34275a4a3976d0b78cce0546f8f9f98df6b3dd824501769
imphash 79e2dd30295d9a91a6da73c91619f48b
File size 4.5 MB ( 4737440 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2017-04-11 13:22:26 UTC ( 1 year, 10 months ago )
Last submission 2017-10-01 20:15:07 UTC ( 1 year, 4 months ago )
File names avira_fr_fass0_58f26e8862a5b__ws.exe
avira_en_av_58eff74a2ee9b__wsd.exe
avira_es_av_58f0a527157e8__wsd.exe
antivirus avira.exe
avira_en_fass0_58f4fcf4d0ed6__ws.exe
avira_fr_av_58f8fb5a52736__ws.exe
avira_en_avsc0_58c93dad70a73__ws.exe
avira_ptbr_av_58f76ca46b314__ws.exe
1010523
avira_en_fass0_58e7bb5119a87__wsd.exe
avira_fr_vpnb0_58f133cb02743__ws.exe
avira_fr_fass0_58f66924165b6__ws.exe
avira_fr_fass0_58efb82230925__ws.exe
avira_en_fass0_58fab5db8ed92__ws.exe
avira_it_av_58f88dda7c208__ws.exe
avira_en_av_56a46d6d48a9d__adw.exe
avira_en_av_58fc6a0257b94__ws.exe
avira_en_asu60_58ab2d9d4d3b9__ws.exe
avira_zhtw_av_58f992c7cba19__ws.exe
avira_en_av_58f0d943972a0__ws.exe
as.exe
avira_en_atss0_3029158117_bj3mwlpcjap5nrmrdyni_wd.exe
avira_de_fass0_58f8db1aab074__bng.exe
avira_de_avsc0_58ee3c7a1e577_ws.exe
avira_ja_av_58c7d3becc290__ws.exe
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Runtime DLLs
UDP communications