× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9223b8a657f72e422ab02d9931ce5276bb3bae6ef1d58f57e820cc357e4a2465
Detection ratio: 0 / 67
Analysis date: 2018-01-11 13:13:04 UTC ( 1 year, 2 months ago )
Antivirus Result Update
Ad-Aware 20180111
AegisLab 20180111
AhnLab-V3 20180111
Alibaba 20180111
ALYac 20180111
Antiy-AVL 20180111
Arcabit 20180111
Avast 20180111
Avast-Mobile 20180111
AVG 20180111
Avira (no cloud) 20180111
AVware 20180103
Baidu 20180111
BitDefender 20180111
Bkav 20180111
CAT-QuickHeal 20180111
ClamAV 20180111
CMC 20180111
Comodo 20180111
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20180111
Cyren 20180111
DrWeb 20180111
eGambit 20180111
Emsisoft 20180111
Endgame 20171130
ESET-NOD32 20180111
F-Prot 20180111
F-Secure 20180111
Fortinet 20180111
GData 20180111
Ikarus 20180111
Sophos ML 20170914
Jiangmin 20180111
K7AntiVirus 20180111
K7GW 20180111
Kaspersky 20180111
Kingsoft 20180111
Malwarebytes 20180111
MAX 20180111
McAfee 20180110
McAfee-GW-Edition 20180111
Microsoft 20180111
eScan 20180111
NANO-Antivirus 20180111
nProtect 20180111
Palo Alto Networks (Known Signatures) 20180111
Panda 20180111
Qihoo-360 20180111
Rising 20180111
SentinelOne (Static ML) 20171224
Sophos AV 20180111
SUPERAntiSpyware 20180111
Symantec 20180111
Symantec Mobile Insight 20180111
Tencent 20180111
TheHacker 20180108
TotalDefense 20180111
TrendMicro 20180111
Trustlook 20180111
VBA32 20180111
VIPRE 20180111
ViRobot 20180111
Webroot 20180111
WhiteArmor 20180110
Yandex 20180111
Zillya 20180111
ZoneAlarm by Check Point 20180111
Zoner 20180111
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright

Product
File version 8.0.90
Description
Comments This installation was built with Inno Setup.
Signature verification Signed file, verified signature
Signing date 6:44 AM 10/25/2015
Signers
[+] RayShare Co.,Ltd
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer GlobalSign CodeSigning CA - SHA256 - G2
Valid from 9:49 AM 7/14/2014
Valid to 9:49 AM 7/14/2017
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint A0FA4AA247E3F4CDE3C55471A7BFFFD315BE50E8
Serial number 11 21 F6 5A 22 6F 72 16 7B 25 1D C1 DA D6 06 03 EF F1
[+] GlobalSign CodeSigning CA - SHA256 - G2
Status Valid
Issuer GlobalSign
Valid from 11:00 AM 8/2/2011
Valid to 11:00 AM 8/2/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 4E34C4841080D07059EFC1F3C5DE4D79905A36FF
Serial number 04 00 00 00 00 01 31 89 C6 37 E8
[+] GlobalSign Root CA - R3
Status Valid
Issuer GlobalSign
Valid from 11:00 AM 3/18/2009
Valid to 11:00 AM 3/18/2029
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha256RSA
Thumbprint D69B561148F01C77C54578C10926DF5B856976AD
Serial number 04 00 00 00 00 01 21 58 53 08 A2
Counter signers
[+] GlobalSign TSA for MS Authenticode - G2
Status Valid
Issuer GlobalSign Timestamping CA - G2
Valid from 1:00 AM 2/3/2015
Valid to 1:00 AM 3/3/2026
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint B36308B4D4CDED4FCFBD66B955FAE3BFB12C29E6
Serial number 11 21 06 A0 81 D3 3F D8 7A E5 82 4C C1 6B 52 09 4E 03
[+] GlobalSign Timestamping CA - G2
Status Valid
Issuer GlobalSign Root CA
Valid from 11:00 AM 4/13/2011
Valid to 1:00 PM 1/28/2028
Valid usage All
Algorithm sha1RSA
Thumbrint C0E49D2D7D90A5CD427F02D9125694D5D6EC5B71
Serial number 04 00 00 00 00 01 2F 4E E1 52 D7
[+] GlobalSign Root CA - R1
Status Valid
Issuer GlobalSign Root CA
Valid from 1:00 PM 9/1/1998
Valid to 1:00 PM 1/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbrint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
Packers identified
F-PROT INNO, appended, UTF-8
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-11-28 12:22:21
Entry Point 0x000173D4
Number of sections 8
PE sections
Overlays
MD5 509976cf4c8b4d64a6f0338a55963bca
File type data
Offset 558592
Size 25494088
Entropy 8.00
PE imports
RegCloseKey
OpenProcessToken
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
InitCommonControls
GetUserDefaultUILanguage
GetLastError
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
lstrcmpiA
WaitForSingleObject
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetThreadLocale
VirtualProtect
LoadLibraryA
GetCommandLineW
RtlUnwind
lstrlenW
GetExitCodeProcess
CreateProcessW
DeleteCriticalSection
GetStartupInfoA
SizeofResource
GetWindowsDirectoryW
LocalAlloc
LockResource
GetDiskFreeSpaceW
GetModuleHandleW
SetErrorMode
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
EnumCalendarInfoW
GetCPInfo
DeleteFileW
GetProcAddress
InterlockedCompareExchange
GetLocaleInfoW
lstrcpynW
RemoveDirectoryW
CompareStringW
RaiseException
WideCharToMultiByte
GetModuleFileNameW
SetFilePointer
GetSystemDefaultUILanguage
GetFullPathNameW
ReadFile
GetEnvironmentVariableW
InterlockedExchange
CreateDirectoryW
WriteFile
GetCurrentProcess
CloseHandle
ResetEvent
FindFirstFileW
IsValidLocale
GetACP
GetCurrentThreadId
SignalObjectAndWait
SetEvent
LocalFree
FormatMessageW
GetFileAttributesW
LoadLibraryW
CreateEventW
InitializeCriticalSection
LoadResource
FindResourceW
CreateFileW
VirtualQuery
VirtualFree
FindClose
TlsGetValue
Sleep
SetEndOfFile
TlsSetValue
ExitProcess
GetVersion
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysReAllocStringLen
SysFreeString
SysAllocStringLen
GetSystemMetrics
SetWindowLongW
MessageBoxW
PeekMessageW
LoadStringW
MessageBoxA
CreateWindowExW
MsgWaitForMultipleObjects
TranslateMessage
CharUpperBuffW
CallWindowProcW
CharNextW
ExitWindowsEx
DispatchMessageW
DestroyWindow
Number of PE resources by type
RT_ICON 10
RT_STRING 6
RT_RCDATA 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 14
NEUTRAL 9
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
This installation was built with Inno Setup.

InitializedDataSize
465408

ImageVersion
6.0

FileVersionNumber
8.0.90.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
2.25

FileTypeExtension
exe

MIMEType
application/octet-stream

FileVersion
8.0.90

TimeStamp
2013:11:28 13:22:21+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
8.0.90

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Aiseesoft Studio

CodeSize
92160

FileSubtype
0

ProductVersionNumber
8.0.90.0

EntryPoint
0x173d4

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 cb882d01de3936b63e7d03a7382a4656
SHA1 d8eb2be24a471bb6766843b8ced17265bc9d909f
SHA256 9223b8a657f72e422ab02d9931ce5276bb3bae6ef1d58f57e820cc357e4a2465
ssdeep
786432:XwDUElLiUIw6qol+ID8eVb794oTlAW/hhsIrm:Xn0VfID8UnpTlAW/TdS

authentihash 31597931c75abbc4649e31d605766f2392b6965709472cadfb37ea35c40fd649
imphash edfd53923a80fa45309099d71acee533
File size 24.8 MB ( 26052680 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (generic) (79.7%)
Win32 Executable (generic) (8.6%)
Win16/32 Executable Delphi generic (3.9%)
Generic Win/DOS Executable (3.8%)
DOS Executable Generic (3.8%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2015-12-07 19:50:08 UTC ( 3 years, 3 months ago )
Last submission 2018-01-02 02:47:37 UTC ( 1 year, 2 months ago )
File names fonelab8.exe
fonelab8.exe
9223B8A657F72E422AB02D9931CE5276BB3BAE6EF1D58F57E820CC357E4A2465
9223B8A657F72E422AB02D9931CE5276BB3BAE6EF1D58F57E820CC357E4A2465.exe
fonelab8.exe
fonelab8.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!