× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b1b5c4b544bbaeadfbef7396430f30232f823fe805cd572e4ba2f2f51fab7d43
File name: backlink-checker.exe
Detection ratio: 0 / 56
Analysis date: 2015-10-15 03:25:54 UTC ( 3 years, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware 20151015
AegisLab 20151014
Yandex 20151014
AhnLab-V3 20151014
Alibaba 20151015
Antiy-AVL 20151015
Arcabit 20151015
Avast 20151014
AVG 20151015
Avira (no cloud) 20151015
AVware 20151014
Baidu-International 20151014
BitDefender 20151015
Bkav 20151014
ByteHero 20151015
CAT-QuickHeal 20151014
ClamAV 20151015
CMC 20151014
Comodo 20151014
Cyren 20151015
DrWeb 20151015
Emsisoft 20151015
ESET-NOD32 20151015
F-Prot 20151015
F-Secure 20151014
Fortinet 20151015
GData 20151015
Ikarus 20151015
Jiangmin 20151014
K7AntiVirus 20151014
K7GW 20151015
Kaspersky 20151015
Kingsoft 20151015
Malwarebytes 20151014
McAfee 20151015
McAfee-GW-Edition 20151015
Microsoft 20151015
eScan 20151015
NANO-Antivirus 20151015
nProtect 20151014
Panda 20151014
Qihoo-360 20151015
Rising 20151014
Sophos AV 20151014
SUPERAntiSpyware 20151015
Symantec 20151014
Tencent 20151015
TheHacker 20151012
TotalDefense 20151014
TrendMicro 20151015
TrendMicro-HouseCall 20151015
VBA32 20151014
VIPRE 20151015
ViRobot 20151014
Zillya 20151014
Zoner 20151015
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2007-2012

Product DRPU Back Link Checker(Demo) Application
Original name DRPU Back Link Checker(Demo).EXE
Internal name DRPU Back Link Checker(Demo)
File version 3. 0. 1. 5
Description DRPU Back Link Checker(Demo) Application
Signature verification Signed file, verified signature
Signing date 9:56 AM 12/20/2012
Signers
[+] DRPU Software Private Limited
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 9/8/2010
Valid to 12:59 AM 9/8/2013
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint B0770677B9584E56C09D72E1CD6D6BF23F6CC461
Serial number 00 8D CD F2 09 44 D8 5E EB BD 5F FE 8E 4D 15 9B 97
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbprint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 5/20/2022
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint D43989A11E5961CC13A58008172BF544DA11F1E6
Serial number 7E 1F DF 72 99 E8 D2 45 A1 5D 0B A8 E5 B1 59 BA
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
PEiD BobSoft Mini Delphi -> BoB / BobSoft
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00028A6C
Number of sections 8
PE sections
Overlays
MD5 68e182ad6b613e57de56309e63e9f135
File type data
Offset 195072
Size 2541520
Entropy 8.00
PE imports
RegOpenKeyExA
LookupAccountNameA
RegQueryValueExA
RegCloseKey
GetUserNameA
InitCommonControls
GetDeviceCaps
LineTo
SelectObject
GetTextExtentPoint32A
MoveToEx
CreatePen
GetTextMetricsA
CreateSolidBrush
DeleteObject
CreateFontA
GetStdHandle
FileTimeToDosDateTime
GetFileAttributesA
GetDriveTypeA
GetLocalTime
DeleteCriticalSection
GetLocaleInfoA
LocalAlloc
SetErrorMode
SetFileAttributesA
GetTempPathA
GetCPInfo
WriteFile
GetDiskFreeSpaceA
GetFullPathNameA
GetExitCodeProcess
LocalFree
MoveFileA
GetEnvironmentVariableA
FindClose
TlsGetValue
FormatMessageA
GetStringTypeExA
DeviceIoControl
InitializeCriticalSection
GlobalFindAtomA
ExitProcess
GetModuleFileNameA
RaiseException
EnumCalendarInfoA
LoadLibraryExA
GetPrivateProfileStringA
UnhandledExceptionFilter
GetModuleHandleA
GlobalAddAtomA
MulDiv
GetSystemDirectoryA
TerminateProcess
VirtualQuery
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
SetCurrentDirectoryA
EnterCriticalSection
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
GetFileSize
OpenProcess
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetProcAddress
FindFirstFileA
GetComputerNameA
FindNextFileA
CopyFileA
GetFileType
TlsSetValue
CreateFileA
LeaveCriticalSection
GetLastError
DosDateTimeToFileTime
GlobalDeleteAtom
lstrlenA
GetThreadLocale
IsDBCSLeadByte
RemoveDirectoryA
WinExec
FileTimeToLocalFileTime
WritePrivateProfileStringA
GetCurrentProcessId
SetFileTime
WideCharToMultiByte
GetShortPathNameA
GetCommandLineA
QueryPerformanceFrequency
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
GetVersion
CreateProcessA
VirtualFree
Sleep
VirtualAlloc
SysReAllocStringLen
SysFreeString
SysAllocStringLen
ShellExecuteA
SetFocus
GetMessageA
EnableWindow
ReleaseDC
PostQuitMessage
EnumWindows
KillTimer
RegisterWindowMessageA
DefWindowProcA
ShowWindow
SetWindowPos
GetWindowThreadProcessId
GetSystemMetrics
GetWindowRect
DispatchMessageA
EndPaint
LoadStringA
PostMessageA
DrawIcon
MessageBoxA
PeekMessageA
SetWindowLongA
TranslateMessage
GetWindow
GetSysColor
SetActiveWindow
GetDC
SystemParametersInfoA
BeginPaint
FindWindowA
UnregisterClassA
IsWindowVisible
SendMessageA
GetClientRect
SetTimer
EnableMenuItem
RegisterClassA
GetWindowLongA
CreateWindowExA
LoadCursorA
LoadIconA
GetActiveWindow
CharNextA
GetDesktopWindow
GetSystemMenu
GetFocus
FillRect
GetWindowTextA
GetKeyboardType
CharToOemA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetSetOptionA
InternetGetLastResponseInfoA
Number of PE resources by type
RT_STRING 6
RT_RCDATA 2
RT_VERSION 2
RT_ICON 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 9
HEBREW DEFAULT 3
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
162816

FileDescription
DRPU Back Link Checker(Demo) Application

InitializedDataSize
31232

ImageVersion
0.0

ProductName
DRPU Back Link Checker(Demo) Application

FileVersionNumber
3.0.1.5

LanguageCode
English (U.S.)

FileFlagsMask
0x0002

CharacterSet
Windows, Latin1

LinkerVersion
2.25

FileTypeExtension
exe

OriginalFileName
DRPU Back Link Checker(Demo).EXE

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
3. 0. 1. 5

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
DRPU Back Link Checker(Demo)

SubsystemVersion
4.0

ProductVersion
3. 0. 1. 5

UninitializedDataSize
0

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2007-2012

MachineType
Intel 386 or later, and compatibles

CompanyName
DRPU Software Pvt. Ltd.

LegalTrademarks
DRPU

FileSubtype
0

ProductVersionNumber
3.0.1.5

EntryPoint
0x28a6c

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 6c3e6fae3171b9f53007340f444620b8
SHA1 2ee10674de59c1caff64512ed1ac9755a6a01d96
SHA256 b1b5c4b544bbaeadfbef7396430f30232f823fe805cd572e4ba2f2f51fab7d43
ssdeep
49152:bfdIwCvfh/CxQb6odPyOdvvbvNj0V6+TzIHNyNxYAPM+K4rLPXkT:bfawY9ooxLdRw6UIHwfU+7XkT

authentihash f92a24bc740305b71be48005c3aab256f4c633fdc549e12a9f391c27c6aa8058
imphash c1a1896c511e1df507cce3e5f7bec89d
File size 2.6 MB ( 2736592 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (49.2%)
Win32 Executable Delphi generic (16.2%)
Windows screen saver (14.9%)
Win32 Dynamic Link Library (generic) (7.5%)
Win32 Executable (generic) (5.1%)
Tags
bobsoft peexe signed overlay

VirusTotal metadata
First submission 2012-12-21 20:54:42 UTC ( 6 years, 5 months ago )
Last submission 2016-02-24 00:18:28 UTC ( 3 years, 3 months ago )
File names backlink-checker.exe
backlink-checker.exe
aa
141482542234659-backlink_checker.exe
DRPU Back Link Checker(Demo)
b1b5c4b544bbaeadfbef7396430f30232f823fe805cd572e4ba2f2f51fab7d43
backlink-checker.exe$
9930500
6c3e6fae3171b9f53007340f444620b8.2ee10674de59c1caff64512ed1ac9755a6a01d96
output.9930500.txt
340435
file-5582230_ViR
DRPU Back Link Checker(Demo).EXE
6c3e6fae3171b9f53007340f444620b8
backlink-checker.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!