× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b159b81a9d6e1473b0192a9ffd179af8c9b6f553830fa210be919ba2cfbce6c6
File name: googletalk-setup-tr.exe
Detection ratio: 0 / 68
Analysis date: 2018-06-18 12:34:02 UTC ( 9 months ago ) View latest
Antivirus Result Update
Ad-Aware 20180618
AegisLab 20180618
AhnLab-V3 20180618
Alibaba 20180615
ALYac 20180618
Antiy-AVL 20180618
Arcabit 20180618
Avast 20180618
Avast-Mobile 20180618
AVG 20180618
Avira (no cloud) 20180618
AVware 20180618
Babable 20180406
Baidu 20180615
BitDefender 20180618
Bkav 20180618
CAT-QuickHeal 20180618
ClamAV 20180618
CMC 20180618
Comodo 20180618
CrowdStrike Falcon (ML) 20180530
Cybereason 20180225
Cylance 20180618
Cyren 20180618
DrWeb 20180618
eGambit 20180618
Emsisoft 20180618
Endgame 20180612
ESET-NOD32 20180618
F-Prot 20180618
F-Secure 20180618
Fortinet 20180618
GData 20180618
Ikarus 20180618
Sophos ML 20180601
Jiangmin 20180618
K7AntiVirus 20180618
K7GW 20180618
Kaspersky 20180618
Kingsoft 20180618
Malwarebytes 20180618
MAX 20180618
McAfee 20180618
McAfee-GW-Edition 20180618
Microsoft 20180618
eScan 20180618
NANO-Antivirus 20180618
Palo Alto Networks (Known Signatures) 20180618
Panda 20180618
Qihoo-360 20180618
Rising 20180618
SentinelOne (Static ML) 20180617
Sophos AV 20180618
SUPERAntiSpyware 20180617
Symantec 20180618
Symantec Mobile Insight 20180614
TACHYON 20180618
Tencent 20180618
TheHacker 20180613
TotalDefense 20180618
TrendMicro 20180618
TrendMicro-HouseCall 20180618
Trustlook 20180618
VBA32 20180618
VIPRE 20180618
ViRobot 20180618
Webroot 20180618
Yandex 20180618
Zillya 20180615
ZoneAlarm by Check Point 20180618
Zoner 20180618
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 10:34 PM 11/20/2007
Signers
[+] Google Inc
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2004 CA
Valid from 11:00 PM 06/18/2007
Valid to 10:59 PM 06/18/2010
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint FE5008FE0DA7A2033816752D6EAFE95214F5A7E1
Serial number 31 44 C0 6A 6C FB 50 76 C1 5D 39 95 72 C6 94 21
[+] VeriSign Class 3 Code Signing 2004 CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Class 3 Public Primary Certification Authority
Valid from 11:00 PM 07/15/2004
Valid to 10:59 PM 07/15/2014
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 197A4AEBDB25F0170079BB8C73CB2D655E0018A4
Serial number 41 91 A1 5A 39 78 DF CF 49 65 66 38 1D 4C 75 C2
[+] VeriSign Class 3 Public Primary CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 12:00 AM 01/29/1996
Valid to 10:59 PM 08/01/2028
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm md2RSA
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 11:00 PM 06/14/2007
Valid to 10:59 PM 06/14/2012
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 12:00 AM 12/04/2003
Valid to 11:59 PM 12/03/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 01/01/1997
Valid to 11:59 PM 12/31/2020
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT NSIS
PEiD NSIS Installer --> NullSoft
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-07-23 15:09:34
Entry Point 0x00003339
Number of sections 5
PE sections
Overlays
MD5 a2519328672e1c2ed02f0ca572c3a379
File type data
Offset 56320
Size 1288648
Entropy 8.00
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
RegDeleteValueA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SetBkMode
CreateBrushIndirect
CreateFontIndirectA
SelectObject
SetBkColor
DeleteObject
SetTextColor
GetLastError
GetUserDefaultLangID
LoadLibraryA
CreateFileMappingA
GetFileAttributesA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
ExitProcess
SetFileTime
GlobalUnlock
GetModuleFileNameA
RemoveDirectoryA
GetShortPathNameA
GetCommandLineA
GetCurrentProcess
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
SetFilePointer
GlobalLock
SetFileAttributesA
lstrlenA
GetTempPathA
lstrcmpiA
CreateThread
MapViewOfFile
GetModuleHandleA
ReadFile
lstrcpyA
FindFirstFileA
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
GetSystemDirectoryA
GetDiskFreeSpaceA
ExpandEnvironmentStringsA
GetFullPathNameA
FreeLibrary
MoveFileA
CreateProcessA
GetEnvironmentVariableA
UnmapViewOfFile
WriteFile
GlobalAlloc
SearchPathA
FindClose
Sleep
SetEndOfFile
CreateFileA
GetTickCount
GetProcAddress
SetCurrentDirectoryA
MulDiv
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
SHFileOperationA
CharPrevA
GetMessagePos
PeekMessageA
EmptyClipboard
EndDialog
DestroyWindow
PostQuitMessage
DefWindowProcA
SetWindowTextA
SetClassLongA
LoadBitmapA
SetWindowPos
EndPaint
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
ScreenToClient
SetDlgItemTextA
LoadImageA
GetDlgItemTextA
MessageBoxA
DialogBoxParamA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
FindWindowExA
SystemParametersInfoA
BeginPaint
CreatePopupMenu
wsprintfA
ShowWindow
SetClipboardData
IsWindowVisible
GetClassInfoA
SetForegroundWindow
GetClientRect
SetTimer
GetDlgItem
CreateDialogParamA
DrawTextA
RegisterClassA
InvalidateRect
GetWindowLongA
SendMessageTimeoutA
CreateWindowExA
LoadCursorA
TrackPopupMenu
SendMessageA
FillRect
CharNextA
CallWindowProcA
EnableWindow
CloseClipboard
SetCursor
ExitWindowsEx
OpenClipboard
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
OleUninitialize
CoCreateInstance
OleInitialize
Number of PE resources by type
RT_ICON 8
RT_DIALOG 6
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 16
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2005:07:23 08:09:34-07:00

FileType
Win32 EXE

PEType
PE32

CodeSize
23040

LinkerVersion
6.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x3339

InitializedDataSize
121344

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
1024

Compressed bundles
File identification
MD5 db633633837b00ae23da84a006e27f8c
SHA1 e030656df8d2843725af9c76481cef3dfafab209
SHA256 b159b81a9d6e1473b0192a9ffd179af8c9b6f553830fa210be919ba2cfbce6c6
ssdeep
24576:a09fMgEEWjKvgolpjLKSYvs/j/kEkDtuiikHCjDa03zzdZhPKkrfvUd:a09f9EfE1zLBUimykHYDdFSkr0d

authentihash a810a1411ad845f90b2bcf2d1776d119813b64f54fabf51843a4f695087d9ac2
imphash b711f65a9aff6a22fb2f57f0ac8bda33
File size 1.3 MB ( 1344968 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID NSIS - Nullsoft Scriptable Install System (94.6%)
Win32 Executable MS Visual C++ (generic) (3.4%)
Win32 Dynamic Link Library (generic) (0.7%)
Win32 Executable (generic) (0.5%)
OS/2 Executable (generic) (0.2%)
Tags
nsis peexe overlay signed nullsoft

VirusTotal metadata
First submission 2009-12-12 11:21:03 UTC ( 9 years, 3 months ago )
Last submission 2019-03-07 18:14:58 UTC ( 1 week, 3 days ago )
File names htjm5yup42.exe
db633633837b00ae23da84a006e27f8c
googletalk-setup-tr.exe
googletalk-setup-tr.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!