× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a1bbf624e98b762097411e77ca48981e338860788ca471d3645b961efd85e105
File name: TreeSizeFreeSetup.exe
Detection ratio: 0 / 72
Analysis date: 2019-03-26 02:55:46 UTC ( 4 weeks, 1 day ago ) View latest
Antivirus Result Update
Acronis 20190325
Ad-Aware 20190326
AegisLab 20190326
AhnLab-V3 20190326
Alibaba 20190306
ALYac 20190326
Antiy-AVL 20190326
Arcabit 20190325
Avast 20190326
Avast-Mobile 20190325
AVG 20190326
Avira (no cloud) 20190325
Babable 20180918
Baidu 20190318
BitDefender 20190326
Bkav 20190326
CAT-QuickHeal 20190325
ClamAV 20190325
CMC 20190321
Comodo 20190326
CrowdStrike Falcon (ML) 20190212
Cybereason 20190325
Cylance 20190326
Cyren 20190326
DrWeb 20190326
eGambit 20190326
Emsisoft 20190326
Endgame 20190322
ESET-NOD32 20190326
F-Prot 20190325
F-Secure 20190325
FireEye 20190325
Fortinet 20190326
GData 20190326
Ikarus 20190325
Sophos ML 20190313
Jiangmin 20190326
K7AntiVirus 20190325
K7GW 20190325
Kaspersky 20190326
Kingsoft 20190326
Malwarebytes 20190326
MAX 20190326
McAfee 20190326
McAfee-GW-Edition 20190325
Microsoft 20190326
eScan 20190326
NANO-Antivirus 20190326
Palo Alto Networks (Known Signatures) 20190326
Panda 20190325
Qihoo-360 20190326
Rising 20190326
SentinelOne (Static ML) 20190317
Sophos AV 20190326
SUPERAntiSpyware 20190321
Symantec 20190325
Symantec Mobile Insight 20190325
TACHYON 20190326
Tencent 20190326
TheHacker 20190324
TotalDefense 20190325
Trapmine 20190325
TrendMicro 20190326
TrendMicro-HouseCall 20190326
Trustlook 20190326
VBA32 20190325
VIPRE 20190326
ViRobot 20190325
Webroot 20190326
Yandex 20190324
Zillya 20190324
ZoneAlarm by Check Point 20190326
Zoner 20190326
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© 1996-2019 by Joachim Marder e.K.

Product TreeSize Free
File version 4.3.1.493
Description TreeSize Free Setup
Comments This installation was built with Inno Setup.
Signature verification Signed file, verified signature
Signing date 12:24 PM 2/21/2019
Signers
[+] JAM Software GmbH
Status Valid
Issuer GlobalSign Extended Validation CodeSigning CA - SHA256 - G3
Valid from 04:49 PM 10/29/2018
Valid to 04:49 PM 01/29/2022
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint C63D5C8C46F45685302318CC49D210155F6E4F73
Serial number 77 00 6A FB 54 16 03 51 95 78 42 49
[+] GlobalSign Extended Validation CodeSigning CA - SHA256 - G3
Status Valid
Issuer GlobalSign
Valid from 12:00 AM 06/15/2016
Valid to 12:00 AM 06/15/2024
Valid usage Code Signing, OCSP Signing
Algorithm sha256RSA
Thumbprint 87A63D9ADB627D777836153C680A3DFCF27DE90C
Serial number 48 1B 6A 07 A9 42 4C 1E AA FE F3 CD F1 0F
[+] GlobalSign Root CA - R3
Status Valid
Issuer GlobalSign
Valid from 10:00 AM 03/18/2009
Valid to 10:00 AM 03/18/2029
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha256RSA
Thumbprint D69B561148F01C77C54578C10926DF5B856976AD
Serial number 04 00 00 00 00 01 21 58 53 08 A2
Counter signers
[+] GlobalSign TSA for Standard - G3 - 003-02
Status Valid
Issuer GlobalSign Timestamping CA - G2
Valid from 10:00 AM 06/14/2018
Valid to 12:00 PM 01/28/2028
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 02301ABC954ECD3CD6EE11D40ABBACEB76BD26FC
Serial number 73 10 B0 F0 5E FA 6C 4A F5 53 E4 DB
[+] GlobalSign Timestamping CA - G2
Status Valid
Issuer GlobalSign Root CA
Valid from 10:00 AM 04/13/2011
Valid to 12:00 PM 01/28/2028
Valid usage All
Algorithm sha1RSA
Thumbrint C0E49D2D7D90A5CD427F02D9125694D5D6EC5B71
Serial number 04 00 00 00 00 01 2F 4E E1 52 D7
[+] GlobalSign Root CA - R1
Status Valid
Issuer GlobalSign Root CA
Valid from 12:00 PM 09/01/1998
Valid to 12:00 PM 01/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbrint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
Packers identified
F-PROT INNO, appended
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-04-06 14:39:04
Entry Point 0x000117DC
Number of sections 8
PE sections
Overlays
MD5 3f6ba60a17c9ca30d70b16d78a8b8b83
File type data
Offset 197632
Size 7703312
Entropy 8.00
PE imports
RegCloseKey
OpenProcessToken
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
InitCommonControls
GetLastError
GetStdHandle
GetUserDefaultLangID
GetSystemInfo
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetThreadLocale
VirtualProtect
GetFileAttributesW
RtlUnwind
lstrlenW
GetExitCodeProcess
CreateProcessW
GetStartupInfoA
SizeofResource
GetWindowsDirectoryW
LocalAlloc
LockResource
GetDiskFreeSpaceW
GetCommandLineW
SetErrorMode
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
EnumCalendarInfoW
GetCPInfo
DeleteFileW
GetProcAddress
InterlockedCompareExchange
GetLocaleInfoW
lstrcpynW
RaiseException
WideCharToMultiByte
RemoveDirectoryW
SetFilePointer
GetSystemDirectoryW
GetFullPathNameW
ReadFile
GetEnvironmentVariableW
InterlockedExchange
CreateDirectoryW
WriteFile
GetCurrentProcess
CloseHandle
FindFirstFileW
GetACP
GetModuleHandleW
SignalObjectAndWait
SetEvent
FormatMessageW
LoadLibraryW
CreateEventW
GetVersion
LoadResource
FindResourceW
CreateFileW
VirtualQuery
VirtualFree
FindClose
TlsGetValue
Sleep
SetEndOfFile
TlsSetValue
ExitProcess
GetCurrentThreadId
VirtualAlloc
GetFileSize
SetLastError
ResetEvent
SysReAllocStringLen
SysFreeString
SysAllocStringLen
GetSystemMetrics
SetWindowLongW
MessageBoxW
PeekMessageW
LoadStringW
MessageBoxA
CreateWindowExW
MsgWaitForMultipleObjects
TranslateMessage
CharUpperBuffW
CallWindowProcW
CharNextW
GetKeyboardType
ExitWindowsEx
DispatchMessageW
DestroyWindow
Number of PE resources by type
RT_ICON 10
RT_STRING 6
RT_RCDATA 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 14
NEUTRAL 9
PE resources
ExifTool file metadata
SubsystemVersion
5.0

Comments
This installation was built with Inno Setup.

LinkerVersion
2.25

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
4.3.1.493

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
TreeSize Free Setup

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Unicode

InitializedDataSize
130048

EntryPoint
0x117dc

MIMEType
application/octet-stream

LegalCopyright
1996-2019 by Joachim Marder e.K.

FileVersion
4.3.1.493

TimeStamp
2016:04:06 15:39:04+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
4.3.1

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
JAM Software

CodeSize
66560

ProductName
TreeSize Free

ProductVersionNumber
4.3.1.493

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 4d1bf637bb418c715f2a33aff6570d11
SHA1 c852a08f8cac857e64310b71bdb48f4f403be7a9
SHA256 a1bbf624e98b762097411e77ca48981e338860788ca471d3645b961efd85e105
ssdeep
196608:UsTJ0kLegtGOaXz0QdEVQHYegysP4tR0S:UsnlsjYAEVQ42Ku

authentihash bfd98d9b1251fb230c2a519f98837bd3b486825816f6a0741f9c377ecd72be4a
imphash 20dd26497880c05caed9305b3c8b9109
File size 7.5 MB ( 7900944 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Delphi generic (52.9%)
Win32 Executable (generic) (16.8%)
Win16/32 Executable Delphi generic (7.7%)
OS/2 Executable (generic) (7.5%)
Generic Win/DOS Executable (7.4%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2019-02-21 13:00:09 UTC ( 2 months ago )
Last submission 2019-04-06 09:02:52 UTC ( 2 weeks, 4 days ago )
File names TreeSizeFreeSetup-neu.exe
TreeSizeFreeSetup.exe
TreeSizeFreeSetup.exe
TreeSizeFreeSetup.exe
TreeSizeFreeSetup.exe
TreeSize Free V4.31_Setup.exe
TreeSize Free (4.3.1.493).exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Runtime DLLs