× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b1f8e21bd1a0b70256ad2e990d76b86032054741946728c513973b226145b578
File name: nod32-1885.exe
Detection ratio: 0 / 69
Analysis date: 2018-09-28 15:04:25 UTC ( 1 month, 3 weeks ago )
Antivirus Result Update
Ad-Aware 20180928
AegisLab 20180928
AhnLab-V3 20180928
Alibaba 20180921
ALYac 20180928
Antiy-AVL 20180928
Arcabit 20180928
Avast 20180927
Avast-Mobile 20180927
AVG 20180927
Avira (no cloud) 20180928
AVware 20180925
Babable 20180918
Baidu 20180928
BitDefender 20180928
Bkav 20180928
CAT-QuickHeal 20180928
ClamAV 20180928
CMC 20180928
Comodo 20180928
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20180928
Cyren 20180928
DrWeb 20180928
eGambit 20180928
Emsisoft 20180928
Endgame 20180730
ESET-NOD32 20180928
F-Prot 20180928
F-Secure 20180928
Fortinet 20180928
GData 20180928
Ikarus 20180928
Sophos ML 20180717
Jiangmin 20180928
K7AntiVirus 20180928
K7GW 20180928
Kaspersky 20180928
Kingsoft 20180928
Malwarebytes 20180928
MAX 20180928
McAfee 20180928
McAfee-GW-Edition 20180928
Microsoft 20180928
eScan 20180928
NANO-Antivirus 20180928
Palo Alto Networks (Known Signatures) 20180928
Panda 20180928
Qihoo-360 20180928
Rising 20180928
SentinelOne (Static ML) 20180926
Sophos AV 20180928
SUPERAntiSpyware 20180907
Symantec 20180928
Symantec Mobile Insight 20180924
TACHYON 20180928
Tencent 20180928
TheHacker 20180927
TotalDefense 20180925
TrendMicro 20180928
TrendMicro-HouseCall 20180928
Trustlook 20180928
VBA32 20180928
VIPRE 20180928
ViRobot 20180928
Webroot 20180928
Yandex 20180927
Zillya 20180928
ZoneAlarm by Check Point 20180925
Zoner 20180927
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (c) ESET, spol. s r.o. 1992-2012. All rights reserved.

Product ESET Live Installer
Original name liveinstaller.exe
Internal name liveinstaller.exe
File version 6.0.8.0
Description ESET Live Installer
Signature verification Signed file, verified signature
Signing date 2:56 PM 10/29/2012
Signers
[+] ESET, spol. s r.o.
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2009-2 CA
Valid from 1:00 AM 5/6/2010
Valid to 12:59 AM 6/13/2013
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 11D4DADFAE3C289DC80C48991F7D67570A7063EE
Serial number 4C 61 AD DA E2 E6 A4 FC 5E 52 A2 F8 CD 38 E3 83
[+] VeriSign Class 3 Code Signing 2009-2 CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 5/21/2009
Valid to 12:59 AM 5/21/2019
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 12D4872BC3EF019E7E0B6F132480AE29DB5B1CA3
Serial number 65 52 26 E1 B2 2E 18 E1 59 0F 29 85 AC 22 E7 5C
[+] VeriSign Class 3 Public Primary CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 1/29/1996
Valid to 12:59 AM 8/2/2028
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm md2RSA
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
Counter signers
[+] Symantec Time Stamping Services Signer - G3
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 1:00 AM 5/1/2012
Valid to 12:59 AM 1/1/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 8FD99D63FB3AFBD534A4F6E31DACD27F59504021
Serial number 79 A2 A5 85 F9 D1 15 42 13 D9 B8 3E F6 B6 8D ED
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT ZIP
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-10-29 13:48:04
Entry Point 0x00086B23
Number of sections 4
PE sections
Overlays
MD5 7f9a9224017726e5f1318d6a50596851
File type data
Offset 1400832
Size 14992
Entropy 7.64
PE imports
GetTokenInformation
RegDeleteValueW
OpenProcessToken
RegEnumKeyW
QueryServiceStatus
RegQueryInfoKeyW
OpenSCManagerW
RegEnumKeyExW
AllocateAndInitializeSid
OpenThreadToken
EqualSid
RegOpenKeyW
RegDeleteKeyW
FreeSid
RegEnumKeyExA
RegQueryValueW
InitCommonControlsEx
GetFileTitleW
SetDIBits
GetTextMetricsW
SetMapMode
TextOutW
CreateFontIndirectW
SetBitmapBits
CreatePen
GetRgnBox
SaveDC
CreateRectRgnIndirect
LPtoDP
GetClipBox
GetWindowExtEx
GetBitmapBits
Rectangle
GetDeviceCaps
SetViewportExtEx
LineTo
DeleteDC
RestoreDC
GetMapMode
EnumFontFamiliesW
GetPixel
GetTextExtentExPointW
SetWindowOrgEx
DeleteObject
GetObjectW
BitBlt
CreateDIBSection
SetTextColor
GetCurrentObject
RectVisible
ExtTextOutW
CreateBitmap
MoveToEx
GetStockObject
CreateDIBitmap
SetViewportOrgEx
ScaleWindowExtEx
GetViewportExtEx
PtVisible
GetDIBits
ExtSelectClipRgn
CreateCompatibleDC
SetBkMode
Escape
ScaleViewportExtEx
OffsetViewportOrgEx
CreateRectRgn
GetTextExtentPoint32W
CreateCompatibleBitmap
SetWindowExtEx
GetTextColor
CreateSolidBrush
DPtoLP
SelectObject
SetBkColor
GetBkColor
Ellipse
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
SetEvent
FindFirstFileW
HeapDestroy
GetFileAttributesW
lstrcmpW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
GetVolumeInformationW
SetErrorMode
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetFileTime
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
WaitForSingleObject
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
FormatMessageW
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
GetCurrentThread
SetLastError
GlobalFindAtomW
GetModuleFileNameW
ExitProcess
GetVersionExA
GetModuleFileNameA
EnumSystemLocalesA
EnumResourceLanguagesW
WritePrivateProfileSectionW
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetPrivateProfileStringW
SetFilePointer
GetFullPathNameW
GlobalAddAtomW
MoveFileExW
SetUnhandledExceptionFilter
ConvertDefaultLocale
CreateMutexW
MulDiv
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
VirtualQuery
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
GetProcAddress
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
UnlockFile
GetWindowsDirectoryW
GetFileSize
GlobalDeleteAtom
OpenProcess
GetModuleHandleW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetPrivateProfileIntW
GetProcessHeap
GetTempFileNameW
CompareStringW
GlobalReAlloc
RemoveDirectoryW
ExpandEnvironmentStringsW
lstrcmpA
FindFirstFileA
InterlockedIncrement
ResetEvent
FindNextFileA
IsValidLocale
DuplicateHandle
WaitForMultipleObjects
GetPrivateProfileSectionW
GetTimeZoneInformation
GetFileType
TlsSetValue
HeapAlloc
LeaveCriticalSection
GetLastError
LocalReAlloc
DosDateTimeToFileTime
LCMapStringW
GetShortPathNameW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
FindResourceW
LCMapStringA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
GlobalAlloc
lstrlenW
LockFile
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
InterlockedCompareExchange
WritePrivateProfileStringW
lstrcpynW
RaiseException
TlsFree
GetModuleHandleA
ReadFile
GlobalFlags
FindNextFileW
GetACP
GlobalLock
GetVersion
FreeResource
FindResourceExW
SizeofResource
IsValidCodePage
HeapCreate
GetTempPathW
VirtualFree
Sleep
VirtualAlloc
CompareStringA
VariantChangeType
VariantTimeToSystemTime
SysStringLen
SystemTimeToVariantTime
SysAllocStringLen
OleCreateFontIndirect
VariantClear
SysAllocString
SafeArrayDestroy
VariantCopy
SysFreeString
SysAllocStringByteLen
VariantInit
ShellExecuteExW
SHGetMalloc
SHGetDesktopFolder
PathIsUNCW
PathStripToRootW
PathIsRootW
PathFindExtensionW
PathFindFileNameW
SetFocus
GetMessagePos
SetMenuItemBitmaps
LoadBitmapW
SetRectEmpty
DestroyMenu
PostQuitMessage
GetForegroundWindow
SetWindowPos
IsWindow
GrayStringW
EndPaint
WindowFromPoint
GetMessageTime
SetActiveWindow
GetMenuItemID
GetCursorPos
MapDialogRect
GetDlgCtrlID
GetMenu
UnregisterClassA
UnregisterClassW
GetClassInfoW
DrawTextW
GetNextDlgTabItem
CallNextHookEx
GetClientRect
ClientToScreen
GetTopWindow
GetWindowTextW
CopyAcceleratorTableW
GetWindowTextLengthW
GetActiveWindow
InvalidateRgn
DestroyWindow
GetClassInfoExW
UpdateWindow
GetPropW
EqualRect
GetMessageW
ShowWindow
GetNextDlgGroupItem
SetPropW
GetMenuState
PeekMessageW
EnableWindow
CharUpperW
GetSystemMenu
TranslateMessage
IsWindowEnabled
GetWindow
SetParent
RegisterClassW
GetWindowPlacement
IsIconic
TrackPopupMenuEx
GetSubMenu
SetTimer
IsDialogMessageW
FillRect
SetWindowContextHelpId
GetSysColorBrush
CreateWindowExW
TabbedTextOutW
GetWindowLongW
CharNextW
IsChild
MapWindowPoints
RegisterWindowMessageW
BeginPaint
OffsetRect
DefWindowProcW
KillTimer
GetParent
SendDlgItemMessageA
GetSystemMetrics
SetWindowLongW
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
IntersectRect
SendDlgItemMessageW
PostMessageW
CreatePopupMenu
CheckMenuItem
DrawFocusRect
GetClassLongW
GetLastActivePopup
PtInRect
DrawIconEx
SetWindowTextW
GetDlgItem
GetMenuCheckMarkDimensions
ScreenToClient
PostThreadMessageW
GetMenuItemCount
ValidateRect
SetWindowsHookExW
LoadCursorW
LoadIconW
DispatchMessageW
SetForegroundWindow
ExitWindowsEx
GetMenuStringW
GetAsyncKeyState
CreateDialogIndirectParamW
ReleaseDC
DrawTextExW
EndDialog
CopyRect
GetCapture
MessageBeep
GetWindowThreadProcessId
MessageBoxW
SendMessageW
UnhookWindowsHookEx
MoveWindow
AppendMenuW
GetWindowDC
DestroyCursor
AdjustWindowRectEx
GetSysColor
RegisterClipboardFormatW
GetKeyState
SystemParametersInfoA
DestroyIcon
IsWindowVisible
WinHelpW
GetDesktopWindow
GetDC
SetRect
InvalidateRect
CallWindowProcW
GetClassNameW
ModifyMenuW
EnableMenuItem
IsRectEmpty
GetFocus
SetCursor
RemovePropW
DocumentPropertiesW
ClosePrinter
OpenPrinterW
htonl
ioctlsocket
WSAStartup
connect
htons
select
getsockopt
recv
inet_addr
send
getservbyport
ntohs
WSAGetLastError
gethostbyaddr
__WSAFDIsSet
WSACleanup
gethostbyname
inet_ntoa
closesocket
setsockopt
socket
getservbyname
Ord(92)
Ord(159)
Ord(141)
Ord(88)
Ord(137)
Ord(32)
Ord(120)
Ord(8)
Ord(160)
OleUninitialize
CoTaskMemFree
OleInitialize
CoRevokeClassObject
OleFlushClipboard
StgOpenStorageOnILockBytes
CLSIDFromProgID
CoFreeUnusedLibraries
CoRegisterMessageFilter
OleIsCurrentClipboard
StgCreateDocfileOnILockBytes
CoTaskMemAlloc
CLSIDFromString
CreateILockBytesOnHGlobal
CoGetClassObject
OleUIBusyW
Number of PE resources by type
RT_ICON 32
PNG 25
RT_DIALOG 11
RT_STRING 3
RT_GROUP_ICON 2
XML 1
ZIP 1
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 72
SLOVAK DEFAULT 4
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
CodeSize
720896

SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.0.8.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
ESET Live Installer

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
675840

EntryPoint
0x86b23

OriginalFileName
liveinstaller.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) ESET, spol. s r.o. 1992-2012. All rights reserved.

FileVersion
6.0.8.0

TimeStamp
2012:10:29 14:48:04+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
liveinstaller.exe

ProductVersion
6.0.8.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
ESET

LegalTrademarks
NOD, NOD32, AMON, ESET are registered trademarks of ESET.

ProductName
ESET Live Installer

ProductVersionNumber
6.0.8.0

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Execution parents
Compressed bundles
File identification
MD5 42a3b5f6c40e54e770efb4e564ab94f9
SHA1 cf747ffdc77493e23e5c5f9b0d0cbd9469660af5
SHA256 b1f8e21bd1a0b70256ad2e990d76b86032054741946728c513973b226145b578
ssdeep
24576:ySNSt3h2GoTiLcML9Sswx90RT6F2iTjwwa5hvufIV2bBDCZ8GD:0h+ZML9SsK90RT6FXTjwwivufa2FWD

authentihash 3efc8353c4b9d1ae823bc024a1074db58862ed636de2e3ae69632b6056c231ee
imphash eea09e1de3279aedb7f29281c67e7f9f
File size 1.4 MB ( 1415824 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2012-11-06 15:59:40 UTC ( 6 years ago )
Last submission 2018-09-28 15:04:25 UTC ( 1 month, 3 weeks ago )
File names eset_nod32_antivirus_live_installer (1) (1).exe
nod32-6-0-316-1-es-en-win.exe
liveinstaller.exe
eset_nod32_antivirus_live_installer.exe
eset_nod32_antivirus_live_installer-1-.exe
ESET%20NOD32%20Antivirus%20para%20Speedy.exe
383397
412816b6f4f8dfa5081fbd29a23a3126af0a75c2c4ef67f9f75eb0fd7679e9db17b6d22210fb9755589cb11a3871aa34c08e68ce276318be7a8afdd3ba1dace5
eset_nod32_antivirus_live_installer(1).exe
filename
nod32-1885-jetelecharge.exe
eset_nod32_antivirus_live_installer.exe
42a3b5f6c40e54e770efb4e564ab94f9.cf747ffdc77493e23e5c5f9b0d0cbd9469660af5
test
f_000203
ESET-NOD32-Antivirus603160.exe
eset_nod32_antivirus_live_installer%20(1).exe
eset-nod32-antivirus.exe
output.8913507.txt
nod32-1885-jetelecharge.exe
eset-nod-32-antivirus-6.0.exe
ESET NOD32 Live Installer.exe
nod32-1885-jetelecharge.exe
octet-stream
eset_nod32_antivirus_live_installer_6.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Set keys
Created mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications