× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9b5d1ddabc8d19246443e5afd73e95a9c34d3ffadb1f55d624488ba5bcb18cdc
File name: Download.exe
Detection ratio: 13 / 48
Analysis date: 2013-10-17 04:51:30 UTC ( 6 months ago )
Antivirus Result Update
AVG MalSign.Generic.2EF 20131017
AntiVir ADWARE/InstallRex.Gen 20131016
Avast Win32:InstalleRex-AI [PUP] 20131017
DrWeb Adware.Downware.1541 20131017
ESET-NOD32 Win32/InstalleRex.K 20131017
Fortinet Riskware/InstalleRex 20131017
Kaspersky not-a-virus:Downloader.Win32.AdLoad.fwz 20131017
Kingsoft Win32.Troj.Undef.(kcloud) 20130829
Malwarebytes PUP.Optional.InstalleRex 20131017
Rising Trojan.Win32.Fednu.upv 20131017
Sophos InstallRex 20131017
VBA32 Downware.TSU 20131016
VIPRE Installerex/WebPick (fs) 20131017
Agnitum 20131016
AhnLab-V3 20131016
Antiy-AVL 20131016
Baidu-International 20131016
BitDefender 20131012
Bkav 20131017
ByteHero 20131016
CAT-QuickHeal 20131017
ClamAV 20131016
Commtouch 20131017
Comodo 20131017
Emsisoft 20131017
F-Prot 20131017
F-Secure 20131017
GData 20131017
Ikarus 20131017
Jiangmin 20131017
K7AntiVirus 20131016
K7GW 20131016
McAfee 20131017
McAfee-GW-Edition 20131017
MicroWorld-eScan 20131016
Microsoft 20131017
NANO-Antivirus 20131017
Norman 20131016
PCTools 20131002
Panda 20131016
SUPERAntiSpyware 20131016
Symantec 20131017
TheHacker 20131015
TotalDefense 20131016
TrendMicro 20131017
TrendMicro-HouseCall 20131017
ViRobot 20131017
nProtect 20131017
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
Authenticode signature block
Copyright
Copyright © 2012 SummerSoft

Publisher Ivan Kostin
Product SummerSoft
Version 1.0.0.1
Original name TSULoader.exe
Internal name TSULoader
File version 2013.10.14.1854
Description Installer for SummerSoft
Comments WinNT (x86) Unicode Lib Rel
Signature verification Signed file, verified signature
Signing date 5:49 AM 10/17/2013
Signers
[+] Ivan Kostin
Status Valid
Valid from 1:00 AM 8/25/2013
Valid to 12:59 AM 8/26/2014
Valid usage Code Signing
Algorithm SHA1
Thumbrint 0432CB44B9C12244EDB8E2499E4915750651DF5C
Serial number 00 EB 11 D2 4C E6 DD BB F7 52 FE 4D C3 D6 83 D2 BF
[+] COMODO Code Signing CA 2
Status Valid
Valid from 1:00 AM 8/24/2011
Valid to 11:48 AM 5/30/2020
Valid usage Code Signing
Algorithm SHA1
Thumbrint B64771392538D1EB7A9281998791C14AFD0C5035
Serial number 10 70 9D 4F F5 54 08 D7 30 60 01 D8 EA 91 75 BB
[+] UTN-USERFirst-Object
Status Valid
Valid from 9:09 AM 6/7/2005
Valid to 11:48 AM 5/30/2020
Valid usage All
Algorithm SHA1
Thumbrint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] USERTrust
Status Valid
Valid from 11:48 AM 5/30/2000
Valid to 11:48 AM 5/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm SHA1
Thumbrint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-12 08:51:45
Entry Point 0x000014DB
Number of sections 7
PE sections
PE imports
GetLastError
HeapFree
CreateFileMappingW
LoadLibraryW
FreeLibrary
ExitProcess
GetFileAttributesW
lstrlenW
GetTickCount
GetFileSize
SetFileTime
GetCommandLineW
MultiByteToWideChar
DeleteFileW
GetProcAddress
GetProcessHeap
lstrcpynW
GetModuleFileNameW
MapViewOfFile
SetFilePointer
ReadFile
GetCurrentThreadId
GetTempPathW
CloseHandle
GetSystemTimeAsFileTime
GetModuleHandleW
UnmapViewOfFile
WriteFile
CreateFileW
Sleep
SetFileAttributesW
HeapAlloc
OutputDebugStringA
GetCurrentProcessId
MessageBoxA
PostMessageW
wvsprintfA
wsprintfW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
Number of PE resources by type
RT_ICON 3
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 6
File identification
MD5 bc44e23e46fa4c3e73413c130d4f2018
SHA1 8f20890813cd5672f93b212d80df053636448678
SHA256 9b5d1ddabc8d19246443e5afd73e95a9c34d3ffadb1f55d624488ba5bcb18cdc
ssdeep
6144:hrko9uEo2S1YnQmCX492DkwNP3qpYF2JA06CzL31tE5ioKpbgLoMmGvgk052lABZ:hrkAu6/eIo4R/P1EioKMbmGvgZ2lAB/B

File size 303.2 KB ( 310472 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe signed

VirusTotal metadata
First submission 2013-10-17 04:51:30 UTC ( 6 months ago )
Last submission 2013-10-17 04:51:30 UTC ( 6 months ago )
File names TSULoader
TSULoader.exe
Download.exe
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Set keys
Created processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections