× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a54b7d2fd77054d188d273e9e912b6676d860d0c85dee3d3139b980b7f8958f3
File name: 1346803724-Download_m-ipad-to-pc-transfer.exe
Detection ratio: 0 / 68
Analysis date: 2018-08-30 19:52:09 UTC ( 2 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware 20180830
AegisLab 20180830
AhnLab-V3 20180830
Alibaba 20180713
ALYac 20180830
Antiy-AVL 20180830
Arcabit 20180830
Avast 20180830
Avast-Mobile 20180830
AVG 20180830
Avira (no cloud) 20180830
AVware 20180823
Babable 20180822
Baidu 20180830
BitDefender 20180830
Bkav 20180830
CAT-QuickHeal 20180830
ClamAV 20180830
CMC 20180830
Comodo 20180830
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20180830
Cyren 20180830
DrWeb 20180830
eGambit 20180830
Emsisoft 20180830
Endgame 20180730
ESET-NOD32 20180830
F-Prot 20180830
F-Secure 20180830
Fortinet 20180830
GData 20180830
Ikarus 20180830
Sophos ML 20180717
Jiangmin 20180830
K7AntiVirus 20180829
K7GW 20180830
Kaspersky 20180830
Kingsoft 20180830
Malwarebytes 20180830
MAX 20180830
McAfee 20180830
McAfee-GW-Edition 20180830
Microsoft 20180830
eScan 20180830
NANO-Antivirus 20180830
Palo Alto Networks (Known Signatures) 20180830
Panda 20180830
Qihoo-360 20180830
Rising 20180830
SentinelOne (Static ML) 20180830
Sophos AV 20180830
SUPERAntiSpyware 20180830
Symantec 20180830
Symantec Mobile Insight 20180829
TACHYON 20180830
Tencent 20180830
TheHacker 20180829
TotalDefense 20180830
TrendMicro 20180830
TrendMicro-HouseCall 20180830
Trustlook 20180830
VBA32 20180830
VIPRE 20180830
ViRobot 20180830
Webroot 20180830
Yandex 20180830
Zillya 20180830
ZoneAlarm by Check Point 20180830
Zoner 20180830
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2007-2012 TextBlue Ltd.

Product TextBlue Bluetooth Proximity Marketing
File version 6.10.0.0
Description TextBlue Bluetooth Proximity Marketing
Comments This installation was built with Inno Setup.
Signature verification Signed file, verified signature
Signing date 8:25 PM 2/7/2012
Signers
[+] TextBlue Limited
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 10/15/2009
Valid to 12:59 AM 10/15/2012
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 33AC8BF9AB2858900C69824ECA98D4FD82691F20
Serial number 00 85 A9 6A 63 2F 3A 44 99 B4 00 29 52 51 3E 2F 98
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbprint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 1:00 AM 6/15/2007
Valid to 12:59 AM 6/15/2012
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT INNO, appended
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-03-17 10:22:54
Entry Point 0x00016478
Number of sections 8
PE sections
Overlays
MD5 0d86d36a6ab03f55091c2e1e10489a1d
File type data
Offset 171008
Size 4582600
Entropy 8.00
PE imports
RegCloseKey
OpenProcessToken
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
InitCommonControls
GetLastError
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetThreadLocale
VirtualProtect
GetFileAttributesW
RtlUnwind
lstrlenW
GetLocalTime
CreateProcessW
DeleteCriticalSection
GetStartupInfoA
SizeofResource
GetWindowsDirectoryW
LocalAlloc
LockResource
GetDiskFreeSpaceW
GetCommandLineW
SetErrorMode
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
EnumCalendarInfoW
GetCPInfo
DeleteFileW
GetProcAddress
GetDateFormatW
InterlockedCompareExchange
GetLocaleInfoW
lstrcpynW
CompareStringW
RaiseException
WideCharToMultiByte
RemoveDirectoryW
SetFilePointer
GetFullPathNameW
ReadFile
GetEnvironmentVariableW
InterlockedExchange
CreateDirectoryW
WriteFile
GetCurrentProcess
CloseHandle
FindFirstFileW
GetACP
GetModuleHandleW
SignalObjectAndWait
SetEvent
FormatMessageW
LoadLibraryW
CreateEventW
GetExitCodeProcess
GetVersion
InitializeCriticalSection
LoadResource
FindResourceW
CreateFileW
VirtualQuery
VirtualFree
FindClose
TlsGetValue
Sleep
SetEndOfFile
TlsSetValue
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
GetFileSize
SetLastError
ResetEvent
VariantChangeType
SafeArrayGetLBound
SafeArrayPtrOfIndex
SysAllocStringLen
VariantClear
SafeArrayCreate
SysReAllocStringLen
SafeArrayGetUBound
VariantCopy
SysFreeString
VariantInit
GetSystemMetrics
SetWindowLongW
MessageBoxW
PeekMessageW
LoadStringW
MessageBoxA
CreateWindowExW
MsgWaitForMultipleObjects
TranslateMessage
CharUpperBuffW
CallWindowProcW
CharNextW
GetKeyboardType
ExitWindowsEx
DispatchMessageW
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 5
RT_RCDATA 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 9
ENGLISH US 9
PE resources
ExifTool file metadata
SubsystemVersion
5.0

Comments
This installation was built with Inno Setup.

LinkerVersion
2.25

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
6.10.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
TextBlue Bluetooth Proximity Marketing

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Unicode

InitializedDataSize
83968

EntryPoint
0x16478

MIMEType
application/octet-stream

LegalCopyright
Copyright 2007-2012 TextBlue Ltd.

FileVersion
6.10.0.0

TimeStamp
2011:03:17 11:22:54+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
6.10.0.0

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
TextBlue Ltd.

CodeSize
86016

ProductName
TextBlue Bluetooth Proximity Marketing

ProductVersionNumber
6.10.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 9c0cde7051943f6eaa568bd9d6eef220
SHA1 8c20ef22b9a87c564be5a4fdd863f227a2d99f9d
SHA256 a54b7d2fd77054d188d273e9e912b6676d860d0c85dee3d3139b980b7f8958f3
ssdeep
98304:o4sJ2e1H7n3H8wOIdQywnKMrR3JLO0P/N8jojZZkXcml:o4rehLlQy0KYPhPl8jEZi

authentihash abc938d7199a214af2bcb982558629aeaff9d4bf3d9c7fd8c6e1c073229f4ec6
imphash 483f0c4259a9148c34961abbda6146c1
File size 4.5 MB ( 4753608 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (80.3%)
Win32 Executable Delphi generic (10.3%)
Win32 Executable (generic) (3.3%)
Win16/32 Executable Delphi generic (1.5%)
OS/2 Executable (generic) (1.4%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2012-02-09 07:10:00 UTC ( 6 years, 9 months ago )
Last submission 2016-06-24 08:42:05 UTC ( 2 years, 4 months ago )
File names A54B7D2FD77054D188D273E9E912B6676D860D0C85DEE3D3139B980B7F8958F3
TextBlueSetup.exe
1346803724-Download_m-ipad-to-pc-transfer.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!