× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a60a4e8dfd0f194e235f232fb525f84a6f6984e910e3c44b2de772f3035601dd
File name: FeedDemonInstall45.exe
Detection ratio: 0 / 67
Analysis date: 2018-10-10 16:44:01 UTC ( 6 days, 3 hours ago )
Antivirus Result Update
Ad-Aware 20181010
AegisLab 20181010
AhnLab-V3 20181010
Alibaba 20180921
ALYac 20181010
Antiy-AVL 20181010
Arcabit 20181010
Avast 20181010
Avast-Mobile 20181010
AVG 20181010
Avira (no cloud) 20181010
Babable 20180918
Baidu 20181010
BitDefender 20181010
Bkav 20181009
CAT-QuickHeal 20181008
ClamAV 20181010
CMC 20181010
Comodo 20181010
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20181010
Cyren 20181010
DrWeb 20181010
eGambit 20181010
Emsisoft 20181010
Endgame 20180730
ESET-NOD32 20181010
F-Prot 20181010
F-Secure 20181010
Fortinet 20181010
GData 20181010
Ikarus 20181010
Sophos ML 20180717
Jiangmin 20181009
K7AntiVirus 20181010
K7GW 20181010
Kaspersky 20181010
Kingsoft 20181010
Malwarebytes 20181010
MAX 20181010
McAfee 20181010
McAfee-GW-Edition 20181010
Microsoft 20181010
eScan 20181010
NANO-Antivirus 20181010
Palo Alto Networks (Known Signatures) 20181010
Panda 20181010
Qihoo-360 20181010
Rising 20181010
SentinelOne (Static ML) 20180926
Sophos AV 20181010
SUPERAntiSpyware 20181006
Symantec 20181010
Symantec Mobile Insight 20181001
TACHYON 20181010
Tencent 20181010
TheHacker 20181008
TotalDefense 20181010
TrendMicro 20181010
TrendMicro-HouseCall 20181010
Trustlook 20181010
VBA32 20181010
VIPRE 20181010
ViRobot 20181010
Webroot 20181010
Zillya 20181010
ZoneAlarm by Check Point 20181010
Zoner 20181010
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2003-2013 NewsGator Technologies, Inc.

Product FeedDemon
File version 4.5.0.0
Description FeedDemon Setup
Comments This installation was built with Inno Setup.
Packers identified
F-PROT INNO, UTF-8
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00009C40
Number of sections 8
PE sections
Overlays
MD5 4b37523b5ec536c531abed8d69118d42
File type data
Offset 90112
Size 3995962
Entropy 8.00
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
CreateDirectoryA
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetLocaleInfoA
LocalAlloc
LockResource
IsDBCSLeadByte
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
CloseHandle
GetACP
GetFullPathNameA
LocalFree
CreateProcessA
GetModuleFileNameA
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
FindResourceA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_ICON 12
RT_STRING 6
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 15
NEUTRAL 7
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
This installation was built with Inno Setup.

InitializedDataSize
51200

ImageVersion
6.0

ProductName
FeedDemon

FileVersionNumber
4.5.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Unicode

LinkerVersion
2.25

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
4.5.0.0

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
4.5.0.0

FileDescription
FeedDemon Setup

OSVersion
1.0

FileOS
Win32

LegalCopyright
Copyright 2003-2013 NewsGator Technologies, Inc.

MachineType
Intel 386 or later, and compatibles

CompanyName
NewsGator Technologies, Inc.

CodeSize
37888

FileSubtype
0

ProductVersionNumber
4.5.0.0

EntryPoint
0x9c40

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Compressed bundles
File identification
MD5 6bde3895fdd54360094e6257098ebc04
SHA1 1b437743298718a22ec5796558b2bb9162eb8683
SHA256 a60a4e8dfd0f194e235f232fb525f84a6f6984e910e3c44b2de772f3035601dd
ssdeep
98304:HRQUhdmbR81PvjWs7EH4uVAsjWSfnwnm3Wdycj/G:xzcR81XjThu2sjWSfwnm3Wd3/G

authentihash 508adba2722711287eb1f70dc13be0c1cf7585ae3182a8a75db93e24fc868d3a
imphash 884310b1928934402ea6fec1dbd3cf5e
File size 3.9 MB ( 4086074 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (76.6%)
Win32 Executable Delphi generic (9.9%)
Win32 Dynamic Link Library (generic) (4.5%)
Win32 Executable (generic) (3.1%)
Win16/32 Executable Delphi generic (1.4%)
Tags
peexe overlay

VirusTotal metadata
First submission 2013-06-19 19:56:46 UTC ( 5 years, 4 months ago )
Last submission 2018-10-10 16:44:01 UTC ( 6 days, 3 hours ago )
File names FeedDemonInstall45.exe
setup_product_10674.exe
FeedDemonInstall45.exe
Setup_product_10674.exe
FeedDemonInstall45.exe
file
6bde3895fdd54360094e6257098ebc04.exe
FeedDemoInstall.exe
feed-demon_4-5-0-0_6bd.exe
file-5635619_exe
FeedDemonInstall45(1).exe
FeedDemonInstall4520170629-18719-149z2h.exe
FeedDemonInstall45.exe
FeedDemon 4.5.exe
myfile
filename
FeedDemonInstall45.exe
56_27#T2#28836
56_27#T2#28836
feeddemon-4-5-en-win.exe
FeedDemonInstall45 (1).exe
2728c6819553e1ff00c018205b2a7d237d0e5ae86254d1141438f94ccb30b933d460a1908993ab4a743f079c5be7c70c2f31c05657528076dabad190e4653862
A60A4E8DFD0F194E235F232FB525F84A6F6984E910E3C44B2DE772F3035601DD.dat
FeedDemonInstall45.exe
FeedDemon4500.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Created processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications