× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: af24fcdd574c1097cc1709c9be008fe129c7a9d0ec9690c7694940e3b482afa6
File name: WiperSoft-installer.exe
Detection ratio: 2 / 68
Analysis date: 2018-12-14 18:30:15 UTC ( 4 months, 1 week ago ) View latest
Antivirus Result Update
ESET-NOD32 a variant of Win64/WiperSoft.A potentially unwanted 20181214
Malwarebytes PUP.Optional.WiperSoft 20181214
Ad-Aware 20181214
AegisLab 20181214
AhnLab-V3 20181214
Alibaba 20180921
ALYac 20181214
Antiy-AVL 20181214
Arcabit 20181214
Avast 20181214
Avast-Mobile 20181214
AVG 20181214
Avira (no cloud) 20181214
Babable 20180918
Baidu 20181207
BitDefender 20181214
Bkav 20181214
CAT-QuickHeal 20181214
ClamAV 20181214
CMC 20181213
Comodo 20181214
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181214
Cyren 20181214
DrWeb 20181214
eGambit 20181214
Emsisoft 20181214
Endgame 20181108
F-Prot 20181214
F-Secure 20181214
Fortinet 20181214
GData 20181214
Ikarus 20181214
Sophos ML 20181128
Jiangmin 20181214
K7AntiVirus 20181214
K7GW 20181214
Kaspersky 20181214
Kingsoft 20181214
MAX 20181214
McAfee 20181214
McAfee-GW-Edition 20181214
Microsoft 20181214
eScan 20181214
NANO-Antivirus 20181214
Palo Alto Networks (Known Signatures) 20181214
Panda 20181213
Qihoo-360 20181214
Rising 20181214
SentinelOne (Static ML) 20181011
Sophos AV 20181214
SUPERAntiSpyware 20181212
Symantec 20181214
Symantec Mobile Insight 20181212
TACHYON 20181214
Tencent 20181214
TheHacker 20181213
Trapmine 20181205
TrendMicro 20181214
TrendMicro-HouseCall 20181214
Trustlook 20181214
VBA32 20181214
ViRobot 20181214
Webroot 20181214
Yandex 20181214
Zillya 20181213
ZoneAlarm by Check Point 20181214
Zoner 20181214
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2013-2018.

Product WiperSoft
Original name WiperSoft_installer.exe
Internal name WiperSoft_installer.exe
File version 1.1.113.32
Description WiperSoft installer
Comments Written by: WiperSoft
Signature verification Signed file, verified signature
Signing date 5:03 PM 8/21/2018
Signers
[+] Wiper Software, UAB
Status Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer DigiCert EV Code Signing CA (SHA2)
Valid from 12:00 AM 09/11/2017
Valid to 12:00 PM 09/16/2020
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 50FA70177010BFCBECB288815CE20B946D62355A
Serial number 0D 17 9B C6 CA 85 D8 1A D6 E2 79 AF 01 63 AE 9C
[+] DigiCert EV Code Signing CA (SHA2)
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 12:00 PM 04/18/2012
Valid to 12:00 PM 04/18/2027
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 60EE3FC53D4BDFD1697AE5BEAE1CAB1C0F3AD4E3
Serial number 03 F1 B4 E1 5F 3A 82 F1 14 96 78 B3 D7 D8 47 5C
[+] DigiCert
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 01:00 AM 11/10/2006
Valid to 01:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
Serial number 02 AC 5C 26 6A 0B 40 9B 8F 0B 79 F2 AE 46 25 77
Counter signers
[+] DigiCert Timestamp Responder
Status Valid
Issuer DigiCert Assured ID CA-1
Valid from 12:00 AM 10/22/2014
Valid to 12:00 AM 10/22/2024
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 614D271D9102E30169822487FDE5DE00A352B01D
Serial number 03 01 9A 02 3A FF 58 B1 6B D6 D5 EA E6 17 F0 66
[+] DigiCert Assured ID CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 01:00 AM 11/10/2006
Valid to 01:00 AM 11/10/2021
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing
Algorithm sha1RSA
Thumbrint 19A09B5A36F4DD99727DF783C17A51231A56C117
Serial number 06 FD F9 03 96 03 AD EA 00 0A EB 3F 27 BB BA 1B
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 01:00 AM 11/10/2006
Valid to 01:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbrint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-08-21 15:02:49
Entry Point 0x000D360B
Number of sections 5
PE sections
Overlays
MD5 c7160f246772032e1ef3268142150626
File type data
Offset 2031104
Size 15472
Entropy 7.14
PE imports
RegCreateKeyExW
RegCloseKey
OpenServiceW
ControlService
RegSetKeySecurity
RegDeleteValueW
RegDeleteKeyW
DeleteService
CheckTokenMembership
RegQueryValueExW
SetSecurityDescriptorDacl
CloseServiceHandle
QueryServiceStatus
RegOpenKeyExW
CreateServiceW
CryptReleaseContext
CryptAcquireContextA
GetUserNameW
RegQueryInfoKeyW
CryptGenRandom
RegEnumKeyExW
SetEntriesInAclW
RegSetValueExW
FreeSid
OpenSCManagerW
AllocateAndInitializeSid
InitializeSecurityDescriptor
InitCommonControlsEx
CertFreeCertificateContext
GetDeviceCaps
ExcludeClipRect
SelectObject
GetTextMetricsW
DeleteDC
CreateRectRgn
CreateFontIndirectW
SetBkMode
SetWindowOrgEx
SetViewportOrgEx
CreateSolidBrush
BitBlt
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetTextColor
GetAdaptersInfo
GetStdHandle
GetDriveTypeW
VerifyVersionInfoA
FileTimeToSystemTime
WaitForSingleObject
LockResource
SetEndOfFile
EncodePointer
QueueUserAPC
VerifyVersionInfoW
CreatePipe
GetCurrentProcess
GetConsoleMode
LocalAlloc
UnhandledExceptionFilter
ExpandEnvironmentStringsA
SetErrorMode
FreeEnvironmentStringsW
InitializeSListHead
InterlockedPopEntrySList
GetLocaleInfoW
SetStdHandle
GetCPInfo
InterlockedExchange
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
ResumeThread
GetExitCodeProcess
FreeLibraryAndExitThread
CreateEventW
OutputDebugStringW
GetFileAttributesW
TlsGetValue
QueryDosDeviceW
FormatMessageA
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetSystemTime
DeviceIoControl
InterlockedDecrement
CopyFileW
LoadResource
GetModuleFileNameW
TryEnterCriticalSection
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
lstrcmpiW
VerSetConditionMask
LoadLibraryExA
FindClose
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
SystemTimeToTzSpecificLocalTime
SetFilePointerEx
FlushInstructionCache
MoveFileW
GetFullPathNameW
InterlockedExchangeAdd
CreateThread
MoveFileExW
DeleteCriticalSection
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
IsProcessorFeaturePresent
GetSystemDirectoryA
DecodePointer
SetEnvironmentVariableA
WaitForMultipleObjectsEx
TerminateProcess
GetModuleHandleExW
GlobalAlloc
ReadConsoleW
SetWaitableTimer
GetProcAddress
SleepEx
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
PeekNamedPipe
TerminateThread
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
ExitThread
LeaveCriticalSection
GetFileSize
LCMapStringW
OpenProcess
GetDateFormatW
GetStartupInfoW
ReadProcessMemory
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
GetComputerNameW
GetTimeFormatW
WriteFile
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
GetCurrentThreadId
ResetEvent
CreateWaitableTimerA
FindFirstFileW
IsValidLocale
DuplicateHandle
FindFirstFileExW
WaitForMultipleObjects
SetEvent
GetTimeZoneInformation
CreateFileW
CreateEventA
GetFileType
TlsSetValue
ExitProcess
InterlockedIncrement
GetLastError
InitializeCriticalSection
InterlockedPushEntrySList
SystemTimeToFileTime
CreateWaitableTimerW
GetSystemInfo
GlobalFree
GetConsoleCP
CompareStringW
GetEnvironmentStringsW
GlobalUnlock
WaitForSingleObjectEx
lstrlenW
Process32NextW
GetQueuedCompletionStatus
SwitchToThread
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
CreateIoCompletionPort
GetCommandLineW
WideCharToMultiByte
HeapSize
RaiseException
GetCommandLineA
InterlockedCompareExchange
Process32FirstW
QueryPerformanceFrequency
ReleaseSemaphore
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GlobalLock
GetModuleHandleW
GetFileAttributesExW
GetLongPathNameW
CreateProcessA
IsValidCodePage
FindResourceW
PostQueuedCompletionStatus
VirtualFree
Sleep
OpenEventA
VirtualAlloc
VarUI4FromStr
GetProcessImageFileNameW
ShellExecuteW
ShellExecuteExW
CommandLineToArgvW
GetUserNameExW
SetFocus
RedrawWindow
GetMonitorInfoW
GetClassInfoExW
UpdateWindow
GetMessageW
OffsetRect
DefWindowProcW
MoveWindow
GetCapture
GetParent
KillTimer
DestroyMenu
TrackMouseEvent
PostQuitMessage
ScreenToClient
ShowWindow
MessageBeep
SetWindowPos
EndPaint
SetCursor
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
RegisterClassExW
SetCapture
ReleaseCapture
MapWindowPoints
AppendMenuW
TranslateMessage
GetMenuItemCount
GetWindow
PostMessageW
MessageBoxW
SetActiveWindow
GetDC
GetCursorPos
ReleaseDC
BeginPaint
CreatePopupMenu
SendMessageW
LoadStringA
MonitorFromWindow
TranslateAcceleratorW
wsprintfW
GetSystemMetrics
LoadStringW
SetWindowTextW
GetDCEx
IsCharAlphaNumericW
BringWindowToTop
LoadImageW
DispatchMessageW
ClientToScreen
SetRect
CharNextW
InvalidateRect
wsprintfA
SetTimer
CallWindowProcW
UnregisterClassW
EnableWindow
GetMenuItemInfoW
MonitorFromPoint
GetClientRect
TrackPopupMenuEx
ValidateRect
LoadCursorW
RemoveMenu
CreateWindowExW
GetWindowLongW
SetForegroundWindow
PtInRect
SetWindowRgn
DestroyWindow
getaddrinfo
ioctlsocket
WSAStartup
freeaddrinfo
connect
getsockname
htons
getpeername
WSAGetLastError
getsockopt
closesocket
send
ntohs
select
__WSAFDIsSet
WSACleanup
WSASetLastError
recv
WSAIoctl
setsockopt
socket
bind
GdipSetClipRectI
GdipStringFormatGetGenericTypographic
GdipSetImageAttributesColorMatrix
GdipSetCompositingQuality
GdipDrawRectangleI
GdipScaleWorldTransform
GdipResetWorldTransform
GdipCloneBrush
GdipDeleteBrush
GdipGetCellDescent
GdipCreateSolidFill
GdipSetSmoothingMode
GdipDrawPath
GdipSetStringFormatMeasurableCharacterRanges
GdipGetRegionBounds
GdiplusShutdown
GdipDeleteFontFamily
GdipSetTextContrast
GdipDisposeImage
GdipCreatePath
GdipGetEmHeight
GdipCreateRegion
GdiplusStartup
GdipGetLineSpacing
GdipMeasureCharacterRanges
GdipDeleteGraphics
GdipGetFamily
GdipFillPath
GdipCreateBitmapFromStream
GdipFillRectangleI
GdipGetFontSize
GdipCreateImageAttributes
GdipSetPixelOffsetMode
GdipDeleteFont
GdipCreatePen1
GdipSetInterpolationMode
GdipGetCellAscent
GdipCreateFromHDC
GdipSetStringFormatAlign
GdipGetImageWidth
GdipAlloc
GdipClosePathFigures
GdipSetStringFormatLineAlign
GdipDrawImageRectI
GdipDrawImageRectRectI
GdipCreateFont
GdipDeletePath
GdipDeletePen
GdipDeleteRegion
GdipDisposeImageAttributes
GdipDrawLineI
GdipGetGenericFontFamilySansSerif
GdipCloneStringFormat
GdipFree
GdipDrawString
GdipResetClip
GdipSetStringFormatFlags
GdipGetImageHeight
GdipDeleteStringFormat
GdipGetStringFormatFlags
GdipSetStringFormatTrimming
GdipCloneImage
GdipTranslateWorldTransform
GdipSetCompositingMode
GdipAddPathArcI
GdipCreateFontFamilyFromName
GdipSetTextRenderingHint
GdipSetPenLineCap197819
CoInitializeEx
CoUninitialize
CoInitialize
CoTaskMemAlloc
CreateStreamOnHGlobal
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
Number of PE resources by type
RT_ICON 18
RT_GROUP_ICON 2
RT_VERSION 1
RT_RCDATA 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 23
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

Comments
Written by: WiperSoft

LinkerVersion
14.15

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.1.113.32

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
WiperSoft installer

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
880128

EntryPoint
0xd360b

OriginalFileName
WiperSoft_installer.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2013-2018.

FileVersion
1.1.113.32

TimeStamp
2018:08:21 17:02:49+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
WiperSoft_installer.exe

ProductVersion
1.1.113.32

UninitializedDataSize
0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
WiperSoft

CodeSize
1155584

ProductName
WiperSoft

ProductVersionNumber
1.1.113.32

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
File identification
MD5 9e3604e2f65d31c8a6a01fd3ddbecc39
SHA1 d0efc6e4a424e277239c535802d66b619bd02872
SHA256 af24fcdd574c1097cc1709c9be008fe129c7a9d0ec9690c7694940e3b482afa6
ssdeep
49152:6Xtk19qUPSC9/ZbhyjAxUK9mTO4xi0OMQL2YNEtrShEq:QVC9/PUsCdTQqYNj

authentihash e562dc697585bfa1d021890eea240eea85a530cb268a4b4a0e032c61545349f1
imphash e9697397809db411772ec7026dfce855
File size 2.0 MB ( 2046576 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
revoked-cert peexe signed overlay

VirusTotal metadata
First submission 2018-08-28 08:08:50 UTC ( 7 months, 3 weeks ago )
Last submission 2019-01-23 08:53:13 UTC ( 2 months, 4 weeks ago )
File names WiperSoft-installer.exe
WiperSoft-installer.exe
WiperSoft-inst.exe
WiperSoft-installer(2).exe
WiperSoft-installer (20).exe
WiperSoft-installer(1).exe
WiperSoft_installer.exe
WiperSoft-inst.exe
WiperSoft-inst.exe
WiperSoft-installer.exe
WiperSoft-inst.exe
WiperSoft-installer.exe
$RFKH3VA.exe
WiperSoft-installer.exe
WiperSoft-installer.exe
WiperSoft-installer (1).exe
WiperSoft-installer.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created mutexes
Runtime DLLs
HTTP requests
DNS requests
TCP connections