× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9f286e2c21ed7def6568dfddac9293bb68979978be75f3f0d0b113542ce7f17b
File name: AudioEditorforFree.exe
Detection ratio: 20 / 67
Analysis date: 2018-05-03 02:27:04 UTC ( 8 months, 3 weeks ago )
Antivirus Result Update
Antiy-AVL GrayWare[AdWare]/Win32.FusionCore.a 20180502
BitDefender Application.Downloader.ALT 20180503
Bkav W32.HfsAdware.C8F7 20180502
DrWeb Trojan.InstallCore.2881 20180503
Emsisoft Application.Downloader.ALT (B) 20180503
Endgame malicious (high confidence) 20180402
ESET-NOD32 a variant of Win32/FusionCore.L potentially unwanted 20180502
F-Secure Application.Downloader.ALT 20180503
GData Win32.Application.FusionCore.D 20180503
Ikarus PUA.Downloader 20180502
Sophos ML heuristic 20180120
Malwarebytes PUP.Optional.FusionCore 20180502
MAX malware (ai score=99) 20180503
Microsoft PUA:Win32/Tsingsoft 20180502
eScan Application.Downloader.ALT 20180502
NANO-Antivirus Trojan.Win32.InstallCore.enegfp 20180502
Qihoo-360 Win32/Application.Downloader.d02 20180503
SentinelOne (Static ML) static engine - malicious 20180225
Webroot Pua.Downloadmanager 20180503
Yandex Riskware.Agent! 20180428
Ad-Aware 20180502
AegisLab 20180503
AhnLab-V3 20180503
Alibaba 20180502
ALYac 20180502
Arcabit 20180503
Avast 20180503
Avast-Mobile 20180502
AVG 20180503
Avira (no cloud) 20180502
AVware 20180428
Babable 20180406
Baidu 20180502
CAT-QuickHeal 20180502
ClamAV 20180502
CMC 20180502
Comodo 20180502
CrowdStrike Falcon (ML) 20180418
Cybereason None
Cylance 20180503
Cyren 20180503
eGambit 20180503
F-Prot 20180503
Fortinet 20180503
Jiangmin 20180502
K7AntiVirus 20180502
K7GW 20180502
Kaspersky 20180502
Kingsoft 20180503
McAfee 20180502
McAfee-GW-Edition 20180502
nProtect 20180502
Palo Alto Networks (Known Signatures) 20180503
Panda 20180502
Rising 20180502
Sophos AV 20180502
SUPERAntiSpyware 20180502
Symantec 20180502
Symantec Mobile Insight 20180501
Tencent 20180503
TheHacker 20180430
TotalDefense 20180502
TrendMicro 20180503
TrendMicro-HouseCall 20180502
Trustlook 20180503
VBA32 20180502
VIPRE 20180502
ViRobot 20180502
Zillya 20180502
ZoneAlarm by Check Point 20180503
Zoner 20180502
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright

Product Audio Editor Free
File version
Description Audio Editor Free Setup
Comments This installation was built with Inno Setup.
Signature verification Signed file, verified signature
Signing date 1:49 AM 12/23/2016
Signers
[+] Beijing Meikehuayi Technology Co., Ltd.
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer COMODO RSA Code Signing CA
Valid from 12:00 AM 8/29/2016
Valid to 11:59 PM 8/29/2017
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 069A55BF07251C0A4C536F95B11BFCC8B4257A88
Serial number 1C D5 85 A4 7B 43 CD 35 55 01 CC 01 DD 71 79 11
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 5/9/2013
Valid to 11:59 PM 5/8/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 1/19/2010
Valid to 11:59 PM 1/18/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] GlobalSign TSA for MS Authenticode - G2
Status Valid
Issuer GlobalSign Timestamping CA - G2
Valid from 12:00 AM 5/24/2016
Valid to 12:00 AM 6/24/2027
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 63B82FAB61F583909695050B00249C502933EC79
Serial number 11 21 D6 99 A7 64 97 3E F1 F8 42 7E E9 19 CC 53 41 14
[+] GlobalSign Timestamping CA - G2
Status Valid
Issuer GlobalSign Root CA
Valid from 10:00 AM 4/13/2011
Valid to 12:00 PM 1/28/2028
Valid usage All
Algorithm sha1RSA
Thumbrint C0E49D2D7D90A5CD427F02D9125694D5D6EC5B71
Serial number 04 00 00 00 00 01 2F 4E E1 52 D7
[+] GlobalSign Root CA - R1
Status Valid
Issuer GlobalSign Root CA
Valid from 12:00 PM 9/1/1998
Valid to 12:00 PM 1/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbrint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
Packers identified
F-PROT INNO, appended
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0000AA98
Number of sections 8
PE sections
Overlays
MD5 a71d23b3ea32d3d090c16e363bb1c41a
File type data
Offset 57856
Size 1393712
Entropy 7.93
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
CreateDirectoryA
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
LoadLibraryA
GetACP
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetLocaleInfoA
LocalAlloc
LockResource
IsDBCSLeadByte
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
CloseHandle
GetSystemDirectoryA
GetFullPathNameA
LocalFree
CreateProcessA
GetModuleFileNameA
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
GetVersion
FindResourceA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 4
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
DUTCH 4
ENGLISH US 3
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
This installation was built with Inno Setup.

LinkerVersion
2.25

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
17920

EntryPoint
0xaa98

MIMEType
application/octet-stream

TimeStamp
1992:06:19 22:22:17+00:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

FileDescription
Audio Editor Free Setup

OSVersion
1.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
ARE, Inc.

CodeSize
41472

ProductName
Audio Editor Free

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 86d52fd1772ee175ddafe8d59ba8b58e
SHA1 270de6d011170514755ef27c106482dda4940c41
SHA256 9f286e2c21ed7def6568dfddac9293bb68979978be75f3f0d0b113542ce7f17b
ssdeep
24576:E7blLC90fdCQUkR2/Z/NpKgC+3L0acsa7H8OotPC3Et5CM:E75FwQRw/Zmgl7razlYPpt5H

authentihash 80302de301854da7ec2287d6e9cd811a07621365ef1ed2aa4131b1924b6425b6
imphash 2fb819a19fe4dee5c03e8c6a79342f79
File size 1.4 MB ( 1451568 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (76.6%)
Win32 Executable Delphi generic (9.9%)
Win32 Dynamic Link Library (generic) (4.5%)
Win32 Executable (generic) (3.1%)
Win16/32 Executable Delphi generic (1.4%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2017-01-12 11:46:23 UTC ( 2 years ago )
Last submission 2018-05-03 02:27:04 UTC ( 8 months, 3 weeks ago )
File names AudioEditorforFree.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications