× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a7fbc5ca02a49be9772b54caf3ab1a60bdda16e43e14051de407ace527bece15
File name: spore-2135-jetelecharge.exe
Detection ratio: 1 / 66
Analysis date: 2017-12-30 03:48:36 UTC ( 2 weeks, 3 days ago )
Antivirus Result Update
Ikarus Trojan.Crypt 20171229
Ad-Aware 20171225
AegisLab 20171230
AhnLab-V3 20171229
Alibaba 20171229
ALYac 20171230
Antiy-AVL 20171230
Arcabit 20171230
Avast 20171230
Avast-Mobile 20171229
AVG 20171230
Avira (no cloud) 20171229
AVware 20171230
Baidu 20171227
BitDefender 20171230
Bkav 20171229
CAT-QuickHeal 20171229
ClamAV 20171229
CMC 20171229
Comodo 20171230
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20171230
Cyren 20171230
DrWeb 20171230
eGambit 20171230
Emsisoft 20171230
Endgame 20171130
ESET-NOD32 20171230
F-Prot 20171230
F-Secure 20171230
Fortinet 20171230
GData 20171230
Sophos ML 20170914
Jiangmin 20171230
K7AntiVirus 20171230
K7GW 20171229
Kaspersky 20171230
Kingsoft 20171230
Malwarebytes 20171230
MAX 20171230
McAfee 20171230
McAfee-GW-Edition 20171230
Microsoft 20171230
eScan 20171230
NANO-Antivirus 20171230
nProtect 20171230
Palo Alto Networks (Known Signatures) 20171230
Panda 20171229
Qihoo-360 20171230
Rising 20171230
SentinelOne (Static ML) 20171224
Sophos AV 20171230
SUPERAntiSpyware 20171229
Symantec 20171229
Symantec Mobile Insight 20171230
Tencent 20171230
TheHacker 20171229
TotalDefense 20171229
TrendMicro 20171230
TrendMicro-HouseCall 20171230
Trustlook 20171230
VBA32 20171229
VIPRE 20171230
ViRobot 20171230
Webroot 20171230
WhiteArmor 20171226
Yandex 20171229
Zillya 20171229
ZoneAlarm by Check Point 20171230
Zoner 20171230
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2007 Macrovision Corporation

Product InstallShield
Original name Setup.exe
Internal name Setup
File version 14.0.162
Description Setup.exe
Signature verification Signed file, verified signature
Signing date 2:43 AM 6/4/2008
Signers
[+] Electronic Arts
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2004 CA
Valid from 1:00 AM 9/14/2006
Valid to 12:59 AM 10/5/2008
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 41A32027BA95FB23FDED6CD41CD21BE72B7B62D7
Serial number 71 4E CE 03 10 80 C3 24 06 EC F0 1D 69 8F FE 1D
[+] VeriSign Class 3 Code Signing 2004 CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 7/16/2004
Valid to 12:59 AM 7/16/2014
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 197A4AEBDB25F0170079BB8C73CB2D655E0018A4
Serial number 41 91 A1 5A 39 78 DF CF 49 65 66 38 1D 4C 75 C2
[+] VeriSign Class 3 Public Primary CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 1/29/1996
Valid to 12:59 AM 8/2/2028
Valid usage Email Protection, Client Auth, Code Signing, Server Auth
Algorithm md2RSA
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 1:00 AM 6/15/2007
Valid to 12:59 AM 6/15/2012
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-04-19 00:08:20
Entry Point 0x00022094
Number of sections 4
PE sections
Overlays
MD5 f2873a78e984098102b87c20a259cd96
File type data
Offset 372736
Size 215286992
Entropy 7.77
PE imports
RegDeleteKeyA
GetTokenInformation
RegOpenKeyA
RegCloseKey
OpenProcessToken
RegQueryValueA
FreeSid
RegQueryValueExA
AllocateAndInitializeSid
OpenThreadToken
RegEnumKeyA
EqualSid
RegOpenKeyExA
RegEnumKeyExA
GetDIBColorTable
SetMapMode
GetSystemPaletteEntries
PatBlt
SetStretchBltMode
SaveDC
TextOutA
CreateFontIndirectA
PlayMetaFile
GetDeviceCaps
CreateDCA
DeleteDC
RestoreDC
SetBkMode
SetMetaFileBitsEx
SetPixel
CreateSolidBrush
CreateHalftonePalette
RealizePalette
SetTextColor
CreatePatternBrush
GetObjectA
SelectObject
CreateBitmap
BitBlt
CreatePalette
GetStockObject
CreateDIBitmap
SetViewportOrgEx
SelectPalette
UnrealizeObject
SelectClipRgn
CreateCompatibleDC
StretchBlt
CreateRectRgn
DeleteObject
GetTextExtentPoint32A
SetWindowExtEx
SetWindowOrgEx
GetTextExtentPointA
SetBkColor
SetViewportExtEx
CreateCompatibleBitmap
DeleteMetaFile
GetPrivateProfileSectionNamesA
GetStdHandle
ReleaseMutex
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
HeapDestroy
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetDiskFreeSpaceA
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
GetThreadContext
SetStdHandle
FindResourceExA
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
HeapReAlloc
GetStringTypeW
SetEvent
LocalFree
ResumeThread
GetEnvironmentVariableA
LoadResource
FindClose
TlsGetValue
FormatMessageA
SetLastError
InitializeCriticalSection
WriteProcessMemory
ExitProcess
GetVersionExA
GetModuleFileNameA
RaiseException
LoadLibraryExA
GetPrivateProfileStringA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FlushInstructionCache
CreateMutexA
SetFilePointer
SetUnhandledExceptionFilter
GetCurrentProcess
MulDiv
GetSystemDirectoryA
MoveFileExA
SetThreadContext
TerminateProcess
VirtualQuery
SearchPathA
SetEndOfFile
GetVersion
InterlockedIncrement
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
FreeLibrary
GlobalSize
GetStartupInfoA
GetFileSize
OpenProcess
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetProcAddress
VirtualProtectEx
CompareStringW
lstrcmpA
FindFirstFileA
lstrcpyA
CompareStringA
GetTempFileNameA
CreateFileMappingA
FindNextFileA
DuplicateHandle
GlobalLock
RemoveDirectoryA
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
HeapCreate
GetSystemInfo
lstrlenA
GlobalFree
LCMapStringA
GlobalUnlock
GetEnvironmentStringsW
GetTempPathA
GlobalAlloc
lstrlenW
GetShortPathNameA
SizeofResource
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
GetSystemDefaultLangID
QueryPerformanceFrequency
MapViewOfFile
GetModuleHandleA
ReadFile
CloseHandle
lstrcpynA
GetACP
GetCurrentThreadId
FreeResource
GetEnvironmentStrings
CreateProcessA
UnmapViewOfFile
VirtualFree
Sleep
IsBadReadPtr
IsBadCodePtr
FindResourceA
VirtualAlloc
GetOEMCP
ResetEvent
LZCopy
LZClose
LZOpenFileA
VariantChangeType
SysStringLen
SysAllocStringLen
VariantClear
SysAllocString
SysReAllocStringLen
GetErrorInfo
SysFreeString
UuidToStringA
RpcStringFreeA
UuidCreate
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc
ShellExecuteExA
SetFocus
GetMessageA
GetParent
MapDialogRect
ReleaseDC
SetPropA
EndDialog
BeginPaint
MoveWindow
CreateDialogIndirectParamA
DefWindowProcA
ShowWindow
DrawFocusRect
GetPropA
MapWindowPoints
SendDlgItemMessageA
IsWindow
LoadIconA
GetWindowRect
DispatchMessageA
EndPaint
SetDlgItemTextA
DrawIcon
EnumChildWindows
GetDlgItemTextA
CallWindowProcA
MessageBoxA
PeekMessageA
GetWindowDC
SetWindowLongA
GetWindowLongA
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
IntersectRect
SetActiveWindow
GetDC
RegisterClassExA
SystemParametersInfoA
RemovePropA
SetWindowTextA
LoadStringA
GetWindowPlacement
SendMessageA
SetForegroundWindow
GetClientRect
CreateWindowExA
GetDlgItem
CreateDialogParamA
CharLowerBuffA
SetWindowPos
EnableMenuItem
ScreenToClient
InvalidateRect
wsprintfA
GetWindowTextLengthA
GetSysColor
UpdateWindow
DrawTextA
FillRect
CopyRect
WaitForInputIdle
GetDesktopWindow
InflateRect
LoadImageA
GetClassNameA
IsDialogMessageA
MsgWaitForMultipleObjects
EnableWindow
GetWindowTextA
DialogBoxIndirectParamA
DestroyWindow
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
CoUninitialize
CoInitialize
Number of PE resources by type
RT_ICON 4
RT_GROUP_ICON 1
RT_DIALOG 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 7
ENGLISH NEUTRAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
14.0.0.162

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Setup.exe

CharacterSet
Unicode

InitializedDataSize
73728

InternalBuildNumber
62562

OriginalFileName
Setup.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2007 Macrovision Corporation

FileVersion
14.0.162

TimeStamp
2007:04:19 01:08:20+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Setup

ProductVersion
14.0

SubsystemVersion
4.0

OSVersion
4.0

EntryPoint
0x22094

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Macrovision Corporation

CodeSize
294912

ProductName
InstallShield

ProductVersionNumber
14.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 9f5ea9fb54452ef7d55b0e9c0ff9c0fc
SHA1 06da5558e6ebbc39d2fac955eceab78cf8470e07
SHA256 a7fbc5ca02a49be9772b54caf3ab1a60bdda16e43e14051de407ace527bece15
ssdeep
3145728:J5nyRGaxtIYWABRJj1tQ6pVxTqbJ8NXbXMZ7qiE:LnyRxI27j13qP7qf

authentihash 1be064c7a68eb304262774352aa818e97a889c7f517347e5e41afa872355780b
imphash 8f244019e52c417786599750d44c515a
File size 205.7 MB ( 215659728 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID DirectShow filter (39.9%)
Windows ActiveX control (23.0%)
Win32 EXE PECompact compressed (v2.x) (11.7%)
InstallShield setup (8.5%)
Win32 EXE PECompact compressed (generic) (8.2%)
Tags
peexe overlay armadillo signed software-collection

VirusTotal metadata
First submission 2009-06-05 16:24:39 UTC ( 8 years, 7 months ago )
Last submission 2017-12-30 03:48:36 UTC ( 2 weeks, 3 days ago )
File names A7FBC5CA02A49BE9772B54CAF3AB1A60BDDA16E43E14051DE407ACE527BECE15
2016-01-18.56a9c12ce9fbfa0afde221d0.792248d6ad421d577132c2b648bbed45_scc_trial_na.exe
spore-2135-jetelecharge.exe
spore-2135-jetelecharge.exe
6422-spore.exe
Setup
scc_trial_na.exe
spore-2135-jetelecharge.exe
792248d6ad421d577132c2b648bbed45_scc_trial_na.exe
Setup.exe
spore-creature-creator.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!