× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a64cb3cb7b2b077910014357bb2fa9c772c8ecd76459f66d938be46eac7ab7f7
File name: dwgsee.exe
Detection ratio: 0 / 57
Analysis date: 2016-04-01 16:39:21 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware 20160401
AegisLab 20160401
AhnLab-V3 20160401
Alibaba 20160401
ALYac 20160401
Antiy-AVL 20160401
Arcabit 20160401
Avast 20160401
AVG 20160401
Avira (no cloud) 20160401
AVware 20160401
Baidu 20160331
Baidu-International 20160401
BitDefender 20160401
Bkav 20160401
CAT-QuickHeal 20160401
ClamAV 20160401
CMC 20160322
Comodo 20160401
Cyren 20160401
DrWeb 20160401
Emsisoft 20160401
ESET-NOD32 20160401
F-Prot 20160401
F-Secure 20160401
Fortinet 20160401
GData 20160401
Ikarus 20160401
Jiangmin 20160401
K7AntiVirus 20160401
K7GW 20160401
Kaspersky 20160401
Kingsoft 20160401
Malwarebytes 20160401
McAfee 20160401
McAfee-GW-Edition 20160401
Microsoft 20160401
eScan 20160401
NANO-Antivirus 20160401
nProtect 20160401
Panda 20160401
Qihoo-360 20160401
Rising 20160401
Sophos AV 20160401
SUPERAntiSpyware 20160401
Symantec 20160331
Tencent 20160401
TheHacker 20160330
TotalDefense 20160330
TrendMicro 20160401
TrendMicro-HouseCall 20160401
VBA32 20160401
VIPRE 20160401
ViRobot 20160401
Yandex 20160316
Zillya 20160401
Zoner 20160401
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2009 Acresso Software Inc. and/or InstallShield Co. Inc. All Rights Reserved.

Product InstallShield
Original name Setup.exe
Internal name Setup
File version 16.0.328
Description InstallScript Setup Launcher
Signature verification Certificate out of its validity period
Signers
[+] Hangzhou Taishi Technology Co.,Ltd.
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer WoSign Class 3 Code Signing CA G2
Valid from 7:20 AM 11/23/2015
Valid to 7:20 AM 1/23/2017
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 749B4FE844914E38C42A2A77B36A960840935305
Serial number 31 FC 56 F2 AB A1 BB 70 EF 42 DA 3C FF 1A 01 C8
[+] WoSign Class 3 Code Signing CA G2
Status Valid
Issuer Certification Authority of WoSign
Valid from 1:58 AM 11/8/2014
Valid to 1:58 AM 11/8/2029
Valid usage Code Signing, 1.3.6.1.4.1.311.2.1.22
Algorithm sha256RSA
Thumbprint FDF066448E05E060B1B14E542F6DE002B59B0C71
Serial number 37 A6 0E 92 5F 23 F8 0C FD CD 97 65 92 98 C3 54
[+] Certification Authority of WoSign
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer StartCom Certification Authority
Valid from 2:00 AM 3/1/2011
Valid to 2:00 AM 3/1/2016
Valid usage All
Algorithm sha1RSA
Thumbprint 868241C8B85AF79E2DAC79EDADB723E82A36AFC3
Serial number 3D
[+] StartCom Certification Authority
Status Valid
Issuer StartCom Certification Authority
Valid from 8:46 PM 9/17/2006
Valid to 8:46 PM 9/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbprint 3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F
Serial number 01
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-06-10 17:24:16
Entry Point 0x0003D474
Number of sections 4
PE sections
Overlays
MD5 46d42024391eac58d57d4bf939939845
File type data
Offset 802304
Size 23846216
Entropy 7.99
PE imports
RegDeleteKeyA
SetSecurityDescriptorOwner
LookupPrivilegeValueA
RegCloseKey
RegEnumValueA
RegQueryValueExA
AdjustTokenPrivileges
RegCreateKeyExA
SetSecurityDescriptorDacl
RegOpenKeyA
OpenProcessToken
RegOpenKeyExA
EqualSid
GetTokenInformation
OpenThreadToken
RegEnumKeyA
RegEnumKeyExA
FreeSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegSetValueExA
RegDeleteValueA
SetSecurityDescriptorGroup
GetDIBColorTable
SetMapMode
GetSystemPaletteEntries
CreateHalftonePalette
PlayMetaFile
SaveDC
TextOutA
CreateFontIndirectA
SetStretchBltMode
GetDeviceCaps
CreateDCA
TranslateCharsetInfo
DeleteDC
RestoreDC
SetBkMode
SetMetaFileBitsEx
SetPixel
SetWindowOrgEx
BitBlt
RealizePalette
SetTextColor
CreatePatternBrush
GetObjectA
CreateBitmap
CreatePalette
GetStockObject
CreateDIBitmap
SetViewportOrgEx
SelectPalette
UnrealizeObject
SelectClipRgn
CreateCompatibleDC
StretchBlt
CreateRectRgn
SelectObject
GetTextExtentPoint32A
PatBlt
SetWindowExtEx
CreateSolidBrush
SetViewportExtEx
SetBkColor
DeleteObject
CreateCompatibleBitmap
DeleteMetaFile
GetPrivateProfileSectionNamesA
GetStdHandle
ReleaseMutex
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
HeapDestroy
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
GetThreadContext
SetStdHandle
GetFileTime
GetTempPathA
WideCharToMultiByte
GetStringTypeA
InterlockedExchange
WriteFile
GetDiskFreeSpaceA
GetStringTypeW
SetFileAttributesA
FreeLibrary
LocalFree
ResumeThread
GetEnvironmentVariableA
LoadResource
FindClose
InterlockedDecrement
FormatMessageA
SetLastError
VerLanguageNameA
InitializeCriticalSection
WriteProcessMemory
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
RaiseException
GetPrivateProfileStringA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
FlushInstructionCache
CreateMutexA
GetModuleHandleA
CreateThread
SetUnhandledExceptionFilter
MulDiv
ExitThread
MoveFileExA
SetThreadContext
TerminateProcess
VirtualQuery
SearchPathA
GetVersion
LeaveCriticalSection
SetCurrentDirectoryA
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GetSystemDirectoryA
GetStartupInfoA
GetDateFormatA
GetFileSize
OpenProcess
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
SetEvent
GetProcAddress
VirtualProtectEx
GetProcessHeap
CompareStringW
lstrcmpA
FindFirstFileA
lstrcpyA
CompareStringA
GetTempFileNameA
CreateFileMappingA
FindNextFileA
DuplicateHandle
ExpandEnvironmentStringsA
RemoveDirectoryA
CreateEventA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
HeapCreate
GetSystemInfo
lstrlenA
GlobalFree
LCMapStringA
HeapReAlloc
GetProcessTimes
GlobalUnlock
GetEnvironmentStringsW
FindResourceExA
IsDBCSLeadByte
GlobalAlloc
lstrlenW
GetCPInfo
FileTimeToLocalFileTime
GetEnvironmentStrings
CompareFileTime
GetCurrentProcessId
LockResource
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetCurrentThread
GetSystemDefaultLangID
QueryPerformanceFrequency
MapViewOfFile
SetFilePointer
ReadFile
CloseHandle
GetTimeFormatA
lstrcpynA
GetACP
GlobalLock
GetCurrentThreadId
FreeResource
SizeofResource
CreateProcessA
UnmapViewOfFile
VirtualFree
Sleep
IsBadReadPtr
IsBadCodePtr
FindResourceA
VirtualAlloc
GetOEMCP
ResetEvent
LZCopy
LZClose
LZOpenFileA
VariantChangeType
SysStringLen
SysAllocStringLen
VariantClear
SysAllocString
SysReAllocStringLen
GetErrorInfo
SysFreeString
RpcStringFreeA
UuidToStringA
UuidCreate
ShellExecuteExA
SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListA
SetFocus
GetMessageA
SetDlgItemTextA
GetParent
MapDialogRect
ReleaseDC
SetPropA
EndDialog
BeginPaint
DrawIcon
CreateDialogIndirectParamA
DefWindowProcA
ShowWindow
DrawFocusRect
GetPropA
MapWindowPoints
SendDlgItemMessageA
GetSystemMetrics
IsWindow
GetWindowRect
InflateRect
EndPaint
UpdateWindow
PostMessageA
MoveWindow
EnumChildWindows
GetDlgItemTextA
CallWindowProcA
IntersectRect
MessageBoxA
PeekMessageA
GetWindowDC
SetWindowLongA
GetWindowLongA
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
SetActiveWindow
GetDC
RegisterClassExA
SystemParametersInfoA
RemovePropA
SetWindowTextA
LoadStringA
IsWindowVisible
SendMessageA
GetWindowTextA
GetClientRect
CreateWindowExA
GetDlgItem
CreateDialogParamA
SetWindowPos
EnableMenuItem
ScreenToClient
InvalidateRect
wsprintfA
FindWindowExA
GetSysColor
LoadIconA
DrawTextA
FillRect
CopyRect
WaitForInputIdle
GetDesktopWindow
DispatchMessageA
LoadImageA
GetClassNameA
IsDialogMessageA
MsgWaitForMultipleObjects
EnableWindow
SetForegroundWindow
ExitWindowsEx
DialogBoxIndirectParamA
DestroyWindow
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Ord(136)
Ord(87)
Ord(8)
Ord(141)
Ord(168)
CoUninitialize
CoInitialize
CoInitializeSecurity
Number of PE resources by type
RT_STRING 25
RT_DIALOG 23
RT_ICON 11
RT_BITMAP 6
RT_GROUP_ICON 3
RT_MANIFEST 1
GIF 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 45
ENGLISH US 26
PE resources
ExifTool file metadata
FileTypeExtension
exe

SubsystemVersion
5.0

InitializedDataSize
385536

ImageVersion
0.0

ProductName
InstallShield

FileVersionNumber
16.0.0.328

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

InternalBuildNumber
90563

OriginalFileName
Setup.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
16.0.328

TimeStamp
2009:06:10 18:24:16+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Setup

ProductVersion
16.0

FileDescription
InstallScript Setup Launcher

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright (C) 2009 Acresso Software Inc. and/or InstallShield Co. Inc. All Rights Reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Acresso Software Inc.

CodeSize
415744

FileSubtype
0

ProductVersionNumber
16.0.0.0

EntryPoint
0x3d474

ObjectFileType
Dynamic link library

File identification
MD5 12601fe95d9e7d97e17b543069eda73c
SHA1 7d2a9cbe40bc36e85f34c6fafa7c6465cdec3c4a
SHA256 a64cb3cb7b2b077910014357bb2fa9c772c8ecd76459f66d938be46eac7ab7f7
ssdeep
393216:25Royci/zUjltz8EkvKzKlp8JRf7hKE6F/Sq4ZEkMGQ615G5dJYI+O:25WjiLUjwE4K+lpafctF/SpZfQ60d

authentihash 882ac0f7350d53229fb84a6b0c68867c278b735c6b377c0e99687e74bead643f
imphash fc349687b82a59bedb5788849f9f2c0e
File size 23.5 MB ( 24648520 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID DirectShow filter (44.1%)
Windows ActiveX control (25.5%)
Win32 EXE PECompact compressed (v2.x) (12.9%)
Win32 EXE PECompact compressed (generic) (9.0%)
Win64 Executable (generic) (6.0%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2016-01-14 23:07:37 UTC ( 3 years, 4 months ago )
Last submission 2016-04-15 00:51:29 UTC ( 3 years, 1 month ago )
File names Setup.exe
Setup
dwgsee.exe
779217
A64CB3CB7B2B077910014357BB2FA9C772C8ECD76459F66D938BE46EAC7AB7F7.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!