× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b0ff4a823eafe565e0402a70bcdc970c9d2c60d84d15656afc3afbbc9065c557
File name: install_spartanu3.exe
Detection ratio: 0 / 55
Analysis date: 2017-01-18 03:53:04 UTC ( 4 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware 20170118
AegisLab 20170118
AhnLab-V3 20170117
Alibaba 20170118
ALYac 20170118
Antiy-AVL 20170118
Arcabit 20170118
Avast 20170118
AVG 20170118
Avira (no cloud) 20170117
AVware 20170118
Baidu 20170117
BitDefender 20170118
CAT-QuickHeal 20170117
ClamAV 20170118
CMC 20170117
Comodo 20170118
CrowdStrike Falcon (ML) 20161024
Cyren 20170118
DrWeb 20170118
Emsisoft 20170118
ESET-NOD32 20170118
F-Prot 20170118
F-Secure 20170118
Fortinet 20170118
GData 20170118
Ikarus 20170117
Invincea 20170111
Jiangmin 20170118
K7AntiVirus 20170117
K7GW 20170118
Kaspersky 20170118
Kingsoft 20170118
Malwarebytes 20170118
McAfee 20170118
McAfee-GW-Edition 20170118
Microsoft 20170117
eScan 20170117
NANO-Antivirus 20170117
nProtect 20170118
Panda 20170117
Qihoo-360 20170118
Rising 20170118
Sophos 20170118
SUPERAntiSpyware 20170118
Symantec 20170117
Tencent 20170118
TheHacker 20170117
TotalDefense 20170117
TrendMicro 20170118
Trustlook 20170118
VBA32 20170117
VIPRE 20170118
ViRobot 20170118
WhiteArmor 20170117
Yandex 20170117
Zillya 20170117
Zoner 20170118
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 16.1.0.0
Packers identified
F-PROT UTF-8
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-04-10 07:11:20
Entry Point 0x0001BE36
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegEnumKeyW
RegOpenKeyExW
RegDeleteKeyW
RegQueryValueExW
RegQueryValueW
RegOpenKeyW
Ord(17)
_TrackMouseEvent
GetWindowExtEx
SetMapMode
TextOutW
CreateFontIndirectW
PatBlt
GetRgnBox
SaveDC
SetTextAlign
CreateRectRgnIndirect
LPtoDP
CombineRgn
GetClipBox
GetViewportOrgEx
GetPixel
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetBkMode
CreateSolidBrush
DeleteObject
GetObjectW
BitBlt
SetTextColor
RectVisible
ExtTextOutW
CreateBitmap
Escape
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
SetBkColor
PtVisible
ExtSelectClipRgn
CreateCompatibleDC
GetBkColor
ScaleViewportExtEx
CreateRectRgn
SetViewportExtEx
GetMapMode
SetWindowExtEx
GetTextColor
SetWindowOrgEx
DPtoLP
SelectObject
GetViewportExtEx
GetTextExtentPoint32W
CreateCompatibleBitmap
GetStdHandle
ReleaseMutex
FileTimeToSystemTime
WaitForSingleObject
HeapDestroy
GetFileAttributesW
DuplicateHandle
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
MapViewOfFileEx
GetVolumeInformationW
SetErrorMode
FreeEnvironmentStringsW
lstrcatW
GetLocaleInfoW
SetStdHandle
GetFileTime
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
FormatMessageW
InitializeCriticalSection
OutputDebugStringW
GlobalHandle
FindClose
InterlockedDecrement
GetFullPathNameW
GetCurrentThread
SetLastError
GlobalFindAtomW
GetUserDefaultLangID
LoadResource
GetModuleFileNameW
ExitProcess
FlushFileBuffers
GetModuleFileNameA
LoadLibraryA
EnumResourceLanguagesW
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
GlobalAddAtomW
SetUnhandledExceptionFilter
ConvertDefaultLocale
CreateMutexW
MulDiv
SetEnvironmentVariableA
TerminateProcess
VirtualQuery
GetDiskFreeSpaceExW
SetEndOfFile
GetVersion
LeaveCriticalSection
LoadLibraryExW
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
VirtualProtect
GetVersionExA
lstrcmpiW
RtlUnwind
GetStartupInfoA
UnlockFile
GetFileSize
GlobalDeleteAtom
OpenProcess
GetModuleHandleW
GetStartupInfoW
CreateDirectoryW
GlobalLock
GetProcessHeap
CreateFileMappingW
CompareStringW
lstrcpyW
GlobalReAlloc
VerLanguageNameW
CompareStringA
FindFirstFileW
lstrcmpW
GetProcAddress
GlobalAlloc
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
InterlockedIncrement
GetLastError
LocalReAlloc
LCMapStringW
UnmapViewOfFile
GetSystemInfo
lstrlenA
GlobalFree
FindResourceW
LCMapStringA
GetProcessTimes
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
LockFile
lstrlenW
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentProcessId
LockResource
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
WritePrivateProfileStringW
lstrcpynW
RaiseException
TlsFree
GetModuleHandleA
ReadFile
GlobalFlags
CloseHandle
GetACP
GetCurrentThreadId
FreeResource
SizeofResource
HeapCreate
FindResourceExW
VirtualFree
Sleep
IsBadReadPtr
IsBadCodePtr
VirtualAlloc
OleCreateFontIndirect
SysStringLen
SystemTimeToVariantTime
SysAllocStringLen
SysStringByteLen
VariantChangeType
VariantClear
SysAllocString
SafeArrayDestroy
VariantCopy
VariantInit
SysFreeString
SysAllocStringByteLen
OleLoadPicture
SHGetSpecialFolderPathW
SHGetFileInfoW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
PathFindFileNameW
MapWindowPoints
GetMessagePos
SetWindowRgn
RedrawWindow
SetMenuItemBitmaps
LoadBitmapW
DestroyMenu
SetSystemCursor
PostQuitMessage
GetForegroundWindow
DrawStateW
SetWindowPos
IsWindow
GrayStringW
EndPaint
GetMessageTime
SetActiveWindow
DispatchMessageW
GetCursorPos
MapDialogRect
GetDlgCtrlID
GetMenu
UnregisterClassW
GetClassInfoW
DrawTextW
GetNextDlgTabItem
CallNextHookEx
LoadImageW
GetTopWindow
GetWindowTextW
CopyAcceleratorTableW
GetWindowTextLengthW
GetActiveWindow
InvalidateRgn
PtInRect
DrawEdge
GetClassInfoExW
UpdateWindow
GetPropW
EqualRect
GetMessageW
ShowWindow
GetNextDlgGroupItem
SetPropW
ValidateRect
PeekMessageW
EnableWindow
CharUpperW
TranslateMessage
IsWindowEnabled
GetWindow
LoadStringA
RegisterClassW
GetWindowPlacement
DestroyWindow
EnableMenuItem
DrawFocusRect
IsDialogMessageW
SetWindowContextHelpId
GetSysColorBrush
CreateWindowExW
TabbedTextOutW
GetWindowLongW
CharNextW
IsChild
SetFocus
RegisterWindowMessageW
IsIconic
BeginPaint
OffsetRect
DefWindowProcW
DrawIcon
GetComboBoxInfo
GetParent
SendDlgItemMessageA
GetSystemMetrics
SetWindowLongW
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
DrawTextExW
SendDlgItemMessageW
PostMessageW
CheckMenuItem
GetSubMenu
GetClassLongW
GetLastActivePopup
SetWindowTextW
GetDlgItem
GetMenuCheckMarkDimensions
ClientToScreen
PostThreadMessageW
GetMenuItemCount
GetMenuState
SetWindowsHookExW
LoadCursorW
LoadIconW
GetMenuItemID
SetForegroundWindow
GetClientRect
CreateDialogIndirectParamW
ReleaseDC
IntersectRect
EndDialog
CopyRect
GetCapture
ScreenToClient
MessageBeep
MessageBoxW
SendMessageW
UnhookWindowsHookEx
MoveWindow
MessageBoxA
GetWindowDC
AdjustWindowRectEx
SendMessageTimeoutW
GetSysColor
RegisterClipboardFormatW
GetKeyState
SystemParametersInfoA
DestroyIcon
IsWindowVisible
WinHelpW
GetDesktopWindow
GetDC
FrameRect
SetRect
InvalidateRect
CallWindowProcW
GetClassNameW
ModifyMenuW
IsRectEmpty
GetFocus
wsprintfW
SetCursor
RemovePropW
ClosePrinter
DocumentPropertiesW
OpenPrinterW
GetFileTitleW
CreateStreamOnHGlobal
OleUninitialize
CoTaskMemFree
CoInitialize
OleInitialize
StgCreateDocfileOnILockBytes
OleFlushClipboard
StgOpenStorageOnILockBytes
CoCreateInstance
CLSIDFromProgID
CoRevokeClassObject
CoFreeUnusedLibraries
CoRegisterMessageFilter
OleIsCurrentClipboard
CoTaskMemAlloc
CLSIDFromString
CreateILockBytesOnHGlobal
CoGetClassObject
OleUIBusyW
Number of PE resources by type
RT_STRING 27
RT_CURSOR 16
RT_GROUP_CURSOR 15
Struct(255) 7
RT_BITMAP 7
RT_ICON 6
RT_DIALOG 2
BIN 1
RT_HTML 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 67
GERMAN 3
FRENCH 3
CHINESE SIMPLIFIED 3
JAPANESE DEFAULT 3
SPANISH MODERN 3
ITALIAN 3
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

CustomBuild
1.0

LinkerVersion
7.1

ImageVersion
0.0

FileVersionNumber
16.1.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
6516736

PrivateBuild
1.0.0.10

EntryPoint
0x1be36

MIMEType
application/octet-stream

FileVersion
16.1.0.0

TimeStamp
2006:04:10 08:11:20+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
16.1.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
233472

FileSubtype
0

ProductVersionNumber
16.1.0.0

Warning
Possibly corrupt Version resource

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 4df5e18d97eb0719c949ae70ebeb7770
SHA1 515d8548034735ae51361347fb3448ebec50de45
SHA256 b0ff4a823eafe565e0402a70bcdc970c9d2c60d84d15656afc3afbbc9065c557
ssdeep
196608:/xFvsAlt3Ujy0v8tBdlCOVDsF3YA0bN2Dak88aSAa5I:Lv/3Um9WKDAoA0Z858h10I

authentihash 20f5c61f853a156ba1bd8518105787df4a6c8513b62651f4edb515bf8e6aaca7
imphash 1d49cd30071ffbb7ed4f870a9a26e643
File size 6.4 MB ( 6754304 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (34.8%)
Win32 Executable MS Visual C++ (generic) (25.2%)
Win64 Executable (generic) (22.3%)
Windows screen saver (10.6%)
Win32 Executable (generic) (3.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-01-17 18:52:05 UTC ( 4 months, 1 week ago )
Last submission 2017-01-27 19:26:15 UTC ( 4 months ago )
File names install_spartanu3.exe
B0FF4A823EAFE565E0402A70BCDC970C9D2C60D84D15656AFC3AFBBC9065C557.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications