× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b2ad33f0852f5220c21ed2f0feade12957eb748272c463ba21b7938677b8a13e
File name: RecoveryToolboxForZipInstall.exe
Detection ratio: 1 / 57
Analysis date: 2016-03-22 14:55:07 UTC ( 3 years ago ) View latest
Antivirus Result Update
CAT-QuickHeal (Suspicious) - DNAScan 20160322
Ad-Aware 20160322
AegisLab 20160322
Yandex 20160316
AhnLab-V3 20160322
Alibaba 20160322
ALYac 20160322
Antiy-AVL 20160322
Arcabit 20160322
Avast 20160322
AVG 20160321
Avira (no cloud) 20160322
AVware 20160322
Baidu 20160322
Baidu-International 20160322
BitDefender 20160322
Bkav 20160322
ByteHero 20160322
ClamAV 20160319
CMC 20160322
Comodo 20160322
Cyren 20160322
DrWeb 20160322
Emsisoft 20160322
ESET-NOD32 20160322
F-Prot 20160322
F-Secure 20160322
Fortinet 20160322
GData 20160322
Ikarus 20160322
Jiangmin 20160322
K7AntiVirus 20160322
K7GW 20160322
Kaspersky 20160322
Malwarebytes 20160322
McAfee 20160322
McAfee-GW-Edition 20160322
Microsoft 20160322
eScan 20160322
NANO-Antivirus 20160322
nProtect 20160322
Panda 20160321
Qihoo-360 20160322
Rising 20160322
Sophos AV 20160322
SUPERAntiSpyware 20160322
Symantec 20160322
Tencent 20160322
TheHacker 20160321
TotalDefense 20160322
TrendMicro 20160322
TrendMicro-HouseCall 20160322
VBA32 20160322
VIPRE 20160322
ViRobot 20160322
Zillya 20160322
Zoner 20160322
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright

Product Recovery Toolbox for Zip
File version
Description Recovery Toolbox for Zip Setup
Comments This installation was built with Inno Setup.
Signature verification Signed file, verified signature
Signing date 1:12 PM 10/29/2015
Signers
[+] Recovery Toolbox Inc
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer GlobalSign CodeSigning CA - SHA256 - G2
Valid from 11:09 AM 7/16/2014
Valid to 11:09 AM 7/16/2017
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 7891C5ABAED700206433B46ECC8DAAEF8119B613
Serial number 11 21 7A EC C2 F3 F0 69 0F B7 E4 2C B9 90 1A 13 0F 78
[+] GlobalSign CodeSigning CA - SHA256 - G2
Status Valid
Issuer GlobalSign
Valid from 11:00 AM 8/2/2011
Valid to 11:00 AM 8/2/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 4E34C4841080D07059EFC1F3C5DE4D79905A36FF
Serial number 04 00 00 00 00 01 31 89 C6 37 E8
[+] GlobalSign Root CA - R3
Status Valid
Issuer GlobalSign
Valid from 11:00 AM 3/18/2009
Valid to 11:00 AM 3/18/2029
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha256RSA
Thumbprint D69B561148F01C77C54578C10926DF5B856976AD
Serial number 04 00 00 00 00 01 21 58 53 08 A2
Counter signers
[+] GlobalSign TSA for MS Authenticode - G2
Status Valid
Issuer GlobalSign Timestamping CA - G2
Valid from 1:00 AM 2/3/2015
Valid to 1:00 AM 3/3/2026
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint B36308B4D4CDED4FCFBD66B955FAE3BFB12C29E6
Serial number 11 21 06 A0 81 D3 3F D8 7A E5 82 4C C1 6B 52 09 4E 03
[+] GlobalSign Timestamping CA - G2
Status Valid
Issuer GlobalSign Root CA
Valid from 11:00 AM 4/13/2011
Valid to 1:00 PM 1/28/2028
Valid usage All
Algorithm sha1RSA
Thumbrint C0E49D2D7D90A5CD427F02D9125694D5D6EC5B71
Serial number 04 00 00 00 00 01 2F 4E E1 52 D7
[+] GlobalSign Root CA - R1
Status Valid
Issuer GlobalSign Root CA
Valid from 1:00 PM 9/1/1998
Valid to 1:00 PM 1/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbrint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
Packers identified
F-PROT INNO, appended, Aspack, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-10-09 08:48:22
Entry Point 0x0000F3BC
Number of sections 8
PE sections
Overlays
MD5 6164d80a2d5d81bb1186c67a4c256ecb
File type data
Offset 132096
Size 2911208
Entropy 8.00
PE imports
RegCloseKey
OpenProcessToken
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
InitCommonControls
GetLastError
GetStdHandle
GetUserDefaultLangID
GetSystemInfo
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetThreadLocale
VirtualProtect
GetFileAttributesW
RtlUnwind
lstrlenW
GetExitCodeProcess
CreateProcessW
GetStartupInfoA
SizeofResource
GetWindowsDirectoryW
LocalAlloc
LockResource
GetDiskFreeSpaceW
GetCommandLineW
SetErrorMode
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
EnumCalendarInfoW
GetCPInfo
DeleteFileW
GetProcAddress
InterlockedCompareExchange
GetLocaleInfoW
lstrcpynW
RaiseException
WideCharToMultiByte
RemoveDirectoryW
SetFilePointer
GetFullPathNameW
ReadFile
GetEnvironmentVariableW
InterlockedExchange
CreateDirectoryW
WriteFile
GetCurrentProcess
CloseHandle
FindFirstFileW
GetACP
GetModuleHandleW
SignalObjectAndWait
SetEvent
FormatMessageW
LoadLibraryW
CreateEventW
GetVersion
LoadResource
FindResourceW
CreateFileW
VirtualQuery
VirtualFree
FindClose
TlsGetValue
Sleep
SetEndOfFile
TlsSetValue
ExitProcess
GetCurrentThreadId
VirtualAlloc
GetFileSize
SetLastError
ResetEvent
SysReAllocStringLen
SysFreeString
SysAllocStringLen
GetSystemMetrics
SetWindowLongW
MessageBoxW
PeekMessageW
LoadStringW
MessageBoxA
CreateWindowExW
MsgWaitForMultipleObjects
TranslateMessage
CharUpperBuffW
CallWindowProcW
CharNextW
GetKeyboardType
ExitWindowsEx
DispatchMessageW
DestroyWindow
Number of PE resources by type
RT_ICON 6
RT_STRING 6
RT_RCDATA 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 10
NEUTRAL 9
PE resources
ExifTool file metadata
SubsystemVersion
5.0

Comments
This installation was built with Inno Setup.

InitializedDataSize
70656

ImageVersion
6.0

ProductName
Recovery Toolbox for Zip

FileVersionNumber
0.0.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Unicode

LinkerVersion
2.25

FileTypeExtension
exe

MIMEType
application/octet-stream

TimeStamp
2012:10:09 09:48:22+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
Recovery Toolbox for Zip Setup

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Recovery Toolbox, Inc.

CodeSize
60416

FileSubtype
0

ProductVersionNumber
0.0.0.0

EntryPoint
0xf3bc

ObjectFileType
Executable application

File identification
MD5 66789e941f10946770dba3258bebe92c
SHA1 ec93656a6418786466d41b8dafb3dc54b26ac626
SHA256 b2ad33f0852f5220c21ed2f0feade12957eb748272c463ba21b7938677b8a13e
ssdeep
49152:kVkmvxGaoErcWHGf9kfU2ExcJ78D2LsL54eMpWxofrtskyUkJV:Ykmvx6/WmfavExP32uoztskyU4

authentihash 2d16afda96c3558c23ef9c3d9619dbfd37614f7acae061d329232caffdeddb29
imphash 48aa5c8931746a9655524f67b25a47ef
File size 2.9 MB ( 3043304 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Delphi generic (42.4%)
Win32 Dynamic Link Library (generic) (19.7%)
Win32 Executable (generic) (13.5%)
Win16/32 Executable Delphi generic (6.2%)
OS/2 Executable (generic) (6.0%)
Tags
peexe aspack signed overlay

VirusTotal metadata
First submission 2015-10-29 17:54:15 UTC ( 3 years, 4 months ago )
Last submission 2016-05-30 02:18:48 UTC ( 2 years, 10 months ago )
File names 757130
recoverytoolboxforzipinstall.exe
72a9da725b6d3543cc5ef74c06d1f2080d5ccdd9
RecoveryToolboxForZipInstall.exe
RecoveryToolboxForZipInstall.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Runtime DLLs