× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 91c018a7adc47944f994b5f1e94c16e8b4e28da8b5993f0d1af110ca5fa4c360
File name: InternetExplorer-Chrome.exe
Detection ratio: 15 / 54
Analysis date: 2014-10-15 08:54:49 UTC ( 3 years ago )
Antivirus Result Update
AVG AdPlugin.BIU 20141015
Avira (no cloud) Adware/iBryte.bxou 20141015
AVware Optimum Installer (fs) 20141015
Comodo Application.Win32.AgentCV.HWYE 20141015
DrWeb Adware.iBryte.493 20141015
ESET-NOD32 a variant of Win32/AdWare.iBryte.BM 20141015
F-Prot W32/A-512ed8f8!Eldorado 20141015
Fortinet W32/Zbot.AAN!tr 20141015
GData Win32.Adware.IBryte.V 20141015
Ikarus AdWare.AdPlugin 20141015
K7AntiVirus Adware ( 004ae51c1 ) 20141014
K7GW Adware ( 004ae51c1 ) 20141014
Kaspersky not-a-virus:AdWare.Win32.iBryte.jhr 20141015
Malwarebytes PUP.Optional.OptimunInstaller 20141015
VIPRE Optimum Installer (fs) 20141015
Ad-Aware 20141015
AegisLab 20141015
Yandex 20141015
AhnLab-V3 20141014
Antiy-AVL 20141015
Avast 20141015
Baidu-International 20141015
BitDefender 20141015
Bkav 20141014
ByteHero 20141015
CAT-QuickHeal 20141015
ClamAV 20141015
CMC 20141013
Cyren 20141015
Emsisoft 20141015
F-Secure 20141015
Jiangmin 20141014
Kingsoft 20141015
McAfee 20141015
McAfee-GW-Edition 20141015
Microsoft 20141015
eScan 20141015
NANO-Antivirus 20141015
Norman 20141015
nProtect 20141015
Qihoo-360 20141015
Rising 20141014
Sophos AV 20141015
SUPERAntiSpyware 20141015
Symantec 20141015
Tencent 20141015
TheHacker 20141013
TotalDefense 20141014
TrendMicro 20141015
TrendMicro-HouseCall 20141015
VBA32 20141014
ViRobot 20141015
Zillya 20141015
Zoner 20141014
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) Premium Installer

Publisher Safe Down
Product Premium Installer
File version 2.4.8.1
Description Premium Installer
Signature verification Signed file, verified signature
Signers
[+] Safe Down
Status Valid
Issuer None
Valid from 1:00 AM 3/18/2014
Valid to 12:59 AM 3/19/2015
Valid usage Code Signing
Algorithm SHA1
Thumbprint 602E0516FEE2CC15FC0ACD609903E052570A4464
Serial number 00 FA 71 45 9C 16 1D 5D 53 8F 76 12 AC FB FB B6 80
[+] COMODO Code Signing CA 2
Status Valid
Issuer None
Valid from 1:00 AM 8/24/2011
Valid to 11:48 AM 5/30/2020
Valid usage Code Signing
Algorithm SHA1
Thumbprint B64771392538D1EB7A9281998791C14AFD0C5035
Serial number 10 70 9D 4F F5 54 08 D7 30 60 01 D8 EA 91 75 BB
[+] UTN-USERFirst-Object
Status Valid
Issuer None
Valid from 9:09 AM 6/7/2005
Valid to 11:48 AM 5/30/2020
Valid usage All
Algorithm SHA1
Thumbprint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] USERTrust
Status Valid
Issuer None
Valid from 11:48 AM 5/30/2000
Valid to 11:48 AM 5/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm SHA1
Thumbprint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-10-15 08:00:18
Entry Point 0x000039E4
Number of sections 5
PE sections
PE imports
GetLastError
HeapFree
EnterCriticalSection
LoadLibraryW
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
FindResourceExW
GetModuleFileNameA
DeleteCriticalSection
GetCurrentProcess
SizeofResource
HeapSize
GetCurrentProcessId
LockResource
UnhandledExceptionFilter
GetStartupInfoW
GetProcAddress
InterlockedCompareExchange
GetProcessHeap
RaiseException
InterlockedExchange
SetUnhandledExceptionFilter
GetTempPathW
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
HeapReAlloc
TerminateProcess
InitializeCriticalSection
LoadResource
FindResourceW
CreateProcessW
HeapDestroy
Sleep
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PB_WHH@Z
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?push_back@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
?_Tidy@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEX_NI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
__p__fmode
memset
__dllonexit
_controlfp_s
_invalid_parameter_noinfo
_invoke_watson
_cexit
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
memcpy_s
??2@YAPAXI@Z
_lock
__p__commode
_onexit
_amsg_exit
_encode_pointer
_XcptFilter
exit
__setusermatherr
_initterm_e
_adjust_fdiv
sprintf
_acmdln
_CxxThrowException
_ismbblead
memmove_s
_unlock
_crt_debugger_hook
??3@YAXPAX@Z
free
wcsstr
_except_handler4_common
__getmainargs
_initterm
__CxxFrameHandler3
_decode_pointer
memcpy
_configthreadlocale
_exit
__set_app_type
LoadStringW
Number of PE resources by type
RT_ICON 8
RT_MANIFEST 1
RT_STRING 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 13
PE resources
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
53760

ImageVersion
0.0

ProductName
Premium Installer

FileVersionNumber
3.7.1.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Unicode

LinkerVersion
9.0

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.4.8.1

TimeStamp
2014:10:15 09:00:18+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2014:10:15 09:54:59+01:00

ProductVersion
2.4.8.1

FileDescription
Premium Installer

OSVersion
5.0

FileCreateDate
2014:10:15 09:54:59+01:00

FileOS
Win32

LegalCopyright
Copyright (C) Premium Installer

MachineType
Intel 386 or later, and compatibles

CompanyName
Premium Installer

CodeSize
13824

FileSubtype
0

ProductVersionNumber
3.7.1.0

EntryPoint
0x39e4

ObjectFileType
Executable application

File identification
MD5 7de9ddaf694ed9bc365ee98bb971c830
SHA1 da5d1e3ec2cbad520de186cdbd324475f9056d61
SHA256 91c018a7adc47944f994b5f1e94c16e8b4e28da8b5993f0d1af110ca5fa4c360
ssdeep
768:SUB8EmbkXC4Fc52o300jbIb5DcOaayNVpZU97kMz1h0o85:SUB8Ea52q0mb1OFOpSkmu5

authentihash 28cb05d730cb2e01b65028f43ce7e6ffb2bf5d7500af0b88d6c763a7c2915d45
imphash 564641e1040a15d102cca81e19d02e08
File size 72.4 KB ( 74096 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.6%)
Clipper DOS Executable (19.0%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
VXD Driver (0.2%)
Tags
peexe signed

VirusTotal metadata
First submission 2014-10-15 08:54:49 UTC ( 3 years ago )
Last submission 2014-10-15 08:54:49 UTC ( 3 years ago )
File names InternetExplorer-Chrome.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections