× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: affa89bd9857c805dedb6a837072ca1560ede7b6ab6028afe0f2a744cfead57b
File name: sentry30-setup.exe
Detection ratio: 14 / 68
Analysis date: 2017-11-14 02:08:04 UTC ( 2 months, 1 week ago )
Antivirus Result Update
AegisLab Dr.Delf.Ov!c 20171114
Avira (no cloud) DR/Delf.OV.1 20171114
Cylance Unsafe 20171114
eGambit Unsafe.AI_Score_94% 20171114
K7AntiVirus Trojan ( 7000000f1 ) 20171114
K7GW Trojan ( 7000000f1 ) 20171113
Qihoo-360 Win32/Trojan.Dropper.013 20171114
Sophos AV Mal/Generic-S 20171114
Symantec Trojan.Gen.8!cloud 20171113
TrendMicro TROJ_AGENT.YCA 20171114
TrendMicro-HouseCall TROJ_AGENT.YCA 20171114
VBA32 Worm.Delf 20171113
ViRobot Worm.Win32.Delf.3160209 20171113
Webroot W32.Malware.Heur.Dkvt 20171114
Ad-Aware 20171114
AhnLab-V3 20171113
Alibaba 20170911
ALYac 20171114
Antiy-AVL 20171114
Arcabit 20171114
Avast 20171114
Avast-Mobile 20171113
AVG 20171114
AVware 20171114
Baidu 20171113
BitDefender 20171114
Bkav 20171114
CAT-QuickHeal 20171113
ClamAV 20171113
CMC 20171109
Comodo 20171114
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cyren 20171114
DrWeb 20171114
Emsisoft 20171114
Endgame 20171024
ESET-NOD32 20171114
F-Prot 20171114
F-Secure 20171114
Fortinet 20171114
GData 20171114
Ikarus 20171113
Sophos ML 20170914
Jiangmin 20171113
Kaspersky 20171114
Kingsoft 20171114
Malwarebytes 20171114
MAX 20171114
McAfee 20171114
McAfee-GW-Edition 20171114
Microsoft 20171114
eScan 20171114
NANO-Antivirus 20171114
nProtect 20171114
Palo Alto Networks (Known Signatures) 20171114
Panda 20171113
Rising 20171114
SentinelOne (Static ML) 20171113
SUPERAntiSpyware 20171114
Symantec Mobile Insight 20171114
Tencent 20171114
TheHacker 20171112
TotalDefense 20171113
Trustlook 20171114
VIPRE 20171114
WhiteArmor 20171104
Yandex 20171113
Zillya 20171110
ZoneAlarm by Check Point 20171114
Zoner 20171114
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT NSIS, maxorder, appended
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-10-04 14:26:14
Entry Point 0x00003131
Number of sections 5
PE sections
Overlays
MD5 fd64eb8103b2cd31d548a7be497315bc
File type data
Offset 46592
Size 3113617
Entropy 8.00
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
RegDeleteValueA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SetBkMode
CreateBrushIndirect
CreateFontIndirectA
SelectObject
SetBkColor
DeleteObject
SetTextColor
SetFilePointer
GetLastError
GetUserDefaultLangID
LoadLibraryA
CreateFileMappingA
GetFileAttributesA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
ExitProcess
CreateDirectoryA
GlobalUnlock
GetModuleFileNameA
RemoveDirectoryA
GetShortPathNameA
GetCurrentProcess
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
SetFileTime
DeleteFileA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GlobalLock
SetFileAttributesA
lstrlenA
GetTempPathA
lstrcmpiA
CreateThread
MapViewOfFile
GetModuleHandleA
ReadFile
lstrcpyA
FindFirstFileA
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
GetSystemDirectoryA
GetDiskFreeSpaceA
ExpandEnvironmentStringsA
GetFullPathNameA
FreeLibrary
MoveFileA
CreateProcessA
GetEnvironmentVariableA
UnmapViewOfFile
WriteFile
GlobalAlloc
SearchPathA
FindClose
Sleep
SetEndOfFile
CreateFileA
GetTickCount
GetProcAddress
SetCurrentDirectoryA
MulDiv
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
SHFileOperationA
EmptyClipboard
GetMessagePos
EndPaint
CharPrevA
EndDialog
DestroyWindow
PostQuitMessage
DefWindowProcA
SetWindowTextA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
ScreenToClient
SetDlgItemTextA
LoadImageA
GetDlgItemTextA
DialogBoxParamA
MessageBoxA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
FindWindowExA
SystemParametersInfoA
BeginPaint
CreatePopupMenu
wsprintfA
ShowWindow
SetClipboardData
IsWindowVisible
GetClassInfoA
SetForegroundWindow
GetClientRect
CreateWindowExA
GetDlgItem
CreateDialogParamA
DrawTextA
RegisterClassA
InvalidateRect
GetWindowLongA
SendMessageTimeoutA
SetTimer
LoadCursorA
TrackPopupMenu
SendMessageA
FillRect
CharNextA
CallWindowProcA
EnableWindow
CloseClipboard
SetCursor
ExitWindowsEx
OpenClipboard
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
OleUninitialize
CoCreateInstance
OleInitialize
Number of PE resources by type
RT_ICON 7
RT_DIALOG 5
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 14
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2005:10:04 15:26:14+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
23040

LinkerVersion
6.0

EntryPoint
0x3131

InitializedDataSize
120832

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
1024

File identification
MD5 de15aaf7b7955846654c18dfff9c68cf
SHA1 5efea2bc4e5b10800eeedc81a4d3cabd73956fd9
SHA256 affa89bd9857c805dedb6a837072ca1560ede7b6ab6028afe0f2a744cfead57b
ssdeep
49152:cJkvXQ2L38l9AQWb1m/Bp/UKEgDu1EIDA0gZkrhcdusDOofuBn8vMl/k:8kpL329Ax1mongq1EIGkrhpRYkn8u/k

authentihash 4367b5d3d42d6ab2b154b6f1051c607fd95c0d2a945ad999f0a9e686f8df6f20
imphash 1776ef176e821fae67f5fb6eb56cce45
File size 3.0 MB ( 3160209 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID NSIS - Nullsoft Scriptable Install System (94.8%)
Win32 Executable MS Visual C++ (generic) (3.4%)
Win32 Dynamic Link Library (generic) (0.7%)
Win32 Executable (generic) (0.5%)
Generic Win/DOS Executable (0.2%)
Tags
nsis peexe overlay

VirusTotal metadata
First submission 2010-03-04 17:32:51 UTC ( 7 years, 10 months ago )
Last submission 2012-09-28 01:55:33 UTC ( 5 years, 3 months ago )
File names KP8c.dot
file-3089799_EXE
affa89bd9857c805dedb6a837072ca1560ede7b6ab6028afe0f2a744cfead57b
sentry30-setup.exe
aa
69 (90)
5EFEA2BC4E5B10800EEEDC81A4D3CABD73956FD9.dat
q1lD.tif
5EFEA2BC4E5B10800EEEDC81A4D3CABD73956FD9.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!