× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a628d1faaff8eee7e81c579aa5bfafed642698ea2d1b61eedcd0dfbdd230fbd5
File name: output.69088297.txt
Detection ratio: 50 / 56
Analysis date: 2015-07-11 12:00:58 UTC ( 3 years, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Win32.Parite.B 20150711
Yandex Win32.Parite.B 20150711
AhnLab-V3 Win32/Parite 20150711
ALYac Win32.Parite.B 20150711
Antiy-AVL Virus/Win32.Parite.b 20150711
Arcabit Win32.Parite.B 20150711
Avast Win32:Parite 20150711
AVG Win32/Parite 20150711
Avira (no cloud) W32/Parite 20150711
AVware Win32.Parite.b (v) 20150711
Baidu-International Virus.Win32.Parite.$b 20150711
BitDefender Win32.Parite.B 20150711
Bkav W32.Pinfi.B 20150708
CAT-QuickHeal W32.Perite.A 20150711
ClamAV Heuristics.W32.Parite.B 20150711
Comodo Virus.Win32.Parite.gen 20150711
Cyren W32/Parite.B 20150711
DrWeb Win32.Parite.2 20150711
Emsisoft Win32.Parite.B (B) 20150711
ESET-NOD32 Win32/Parite.B 20150711
F-Prot W32/Parite.B 20150711
F-Secure Win32.Parite.B 20150711
Fortinet W32/Parite.B 20150711
GData Win32.Parite.B 20150711
Ikarus Virus.Parite 20150711
Jiangmin Win32/Parite.b 20150710
K7AntiVirus Virus ( 00001b711 ) 20150711
K7GW Virus ( 00001b711 ) 20150711
Kaspersky Virus.Win32.Parite.b 20150711
Kingsoft Win32.Parite.xp.1243622 20150711
McAfee W32/Pate.b 20150711
McAfee-GW-Edition W32/Pate.b 20150710
Microsoft Virus:Win32/Parite.B 20150711
eScan Win32.Parite.B 20150711
NANO-Antivirus Virus.Win32.Parite.bgvo 20150711
nProtect Virus/W32.Parite.C 20150710
Panda W32/Parite.B 20150711
Rising PE:Win32.Parite.b!16043 20150709
Sophos AV W32/Parite-B 20150711
Symantec W32.Pinfi.B 20150711
Tencent Virus.Win32.Dropper.c 20150711
TheHacker W32/Pate.B 20150709
TotalDefense Win32/Pinfi.A 20150711
TrendMicro PE_PARITE.A 20150711
TrendMicro-HouseCall PE_PARITE.A 20150711
VBA32 Virus.Win32.Parite.b 20150710
VIPRE Win32.Parite.b (v) 20150711
ViRobot Win32.Parite.A[h] 20150711
Zillya Virus.Parite.Win32.9 20150711
Zoner Win32.Parite.B 20150711
AegisLab 20150711
Alibaba 20150710
ByteHero 20150711
Malwarebytes 20150711
Qihoo-360 20150711
SUPERAntiSpyware 20150711
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT embedded
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-11-18 15:53:37
Entry Point 0x00010000
Number of sections 5
PE sections
Overlays
MD5 466611a7ac6003611a97f9d87a96366a
File type data
Offset 2797568
Size 173526
Entropy 7.97
PE imports
InitCommonControlsEx
GetSystemTime
GetLastError
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
LoadLibraryA
WaitForSingleObject
GetOEMCP
LCMapStringA
HeapDestroy
ExitProcess
IsBadWritePtr
GetEnvironmentStringsW
FlushFileBuffers
RemoveDirectoryA
RtlUnwind
GetModuleFileNameA
GetLocalTime
FreeEnvironmentStringsA
GetCurrentProcess
GetEnvironmentStrings
SetThreadPriority
GetFileSize
DeleteFileA
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetFileType
SetStdHandle
CompareStringW
GetTempPathA
RaiseException
CreateThread
GetStringTypeA
SetFilePointer
ReadFile
SetUnhandledExceptionFilter
IsBadCodePtr
WriteFile
GetStartupInfoA
CloseHandle
GetACP
HeapReAlloc
GetStringTypeW
SetEnvironmentVariableA
TerminateProcess
ResumeThread
CreateProcessA
GetTimeZoneInformation
WideCharToMultiByte
HeapCreate
VirtualFree
IsBadReadPtr
CreateFileA
HeapAlloc
GetVersion
VirtualAlloc
GetModuleHandleA
CompareStringA
GetMessageA
GetParent
OffsetRect
PostQuitMessage
ShowWindow
SetWindowPos
GetSystemMetrics
GetWindowRect
DispatchMessageA
PostMessageA
MessageBoxA
TranslateMessage
wsprintfA
SendMessageA
GetDlgItem
CreateDialogParamA
GetWindowLongA
LoadIconA
GetDesktopWindow
LoadImageA
IsDialogMessageA
DestroyWindow
CoUninitialize
CoInitialize
Number of PE resources by type
RT_ICON 1
RT_DIALOG 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2002:11:18 16:53:37+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
36864

LinkerVersion
6.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x10000

InitializedDataSize
24576

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 53d887fe12e502abdee7e9df6a4d17fd
SHA1 09261f8d4e1d080104d4e0c610b2a750f27dd015
SHA256 a628d1faaff8eee7e81c579aa5bfafed642698ea2d1b61eedcd0dfbdd230fbd5
ssdeep
49152:l1k+yQKHfb55UrKwgSUzWN28Xo9YTxIF7fPbpFMDN/LHeZixnBGzz6Mill+:l1k+yDb55KKpSUiI+oYC9cNzbxnBGzzr

authentihash 14ba8006892eb42065e711e9e51c15b4b8316e723da36932bf9e3e67a7fd75a6
imphash c9fbe6a3ad09f249bfeaad218ed56d1a
File size 2.8 MB ( 2971094 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (29.5%)
Win64 Executable (generic) (26.1%)
Microsoft Visual C++ compiled executable (generic) (15.6%)
Windows screen saver (12.4%)
Win32 Dynamic Link Library (generic) (6.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-04-12 03:24:23 UTC ( 4 years, 1 month ago )
Last submission 2018-12-21 20:32:59 UTC ( 5 months ago )
File names ipsetup.exe
53d887fe12e502abdee7e9df6a4d17fd
TDq0RGabf.gif
output.69088297.txt
69088297
IPSETUP.EXE
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.