× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b369a458f085cda6f84a5e2fd6fdf6ffcf5495be77f6e3cf709a0cd86defa20a
File name: setup.exe
Detection ratio: 0 / 56
Analysis date: 2016-11-22 12:42:12 UTC ( 7 months ago )
Antivirus Result Update
Ad-Aware 20161122
AegisLab 20161122
AhnLab-V3 20161122
Alibaba 20161122
ALYac 20161122
Antiy-AVL 20161122
Arcabit 20161122
Avast 20161122
AVG 20161122
Avira (no cloud) 20161122
AVware 20161122
Baidu 20161122
BitDefender 20161122
Bkav 20161122
CAT-QuickHeal 20161122
ClamAV 20161122
CMC 20161122
Comodo 20161122
CrowdStrike Falcon (ML) 20161024
Cyren 20161122
DrWeb 20161122
Emsisoft 20161122
ESET-NOD32 20161122
F-Prot 20161122
F-Secure 20161122
Fortinet 20161122
GData 20161122
Ikarus 20161122
Invincea 20161018
Jiangmin 20161122
K7AntiVirus 20161122
K7GW 20161122
Kaspersky 20161122
Kingsoft 20161122
Malwarebytes 20161122
McAfee 20161122
McAfee-GW-Edition 20161122
Microsoft 20161122
eScan 20161122
NANO-Antivirus 20161122
nProtect 20161122
Panda 20161121
Qihoo-360 20161122
Rising 20161122
Sophos 20161122
SUPERAntiSpyware 20161122
Symantec 20161122
Tencent 20161122
TheHacker 20161122
TotalDefense 20161122
TrendMicro 20161122
TrendMicro-HouseCall 20161122
Trustlook 20161122
VBA32 20161122
VIPRE 20161122
ViRobot 20161122
Yandex 20161122
Zillya 20161122
Zoner 20161122
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Original name setup.exe
Internal name setup.exe
File version 14.0.23107.0 built by: D14REL
Description Setup
Signature verification Signed file, verified signature
Signing date 7:49 AM 10/12/2016
Signers
[+] Duoserve
Status Valid
Issuer COMODO RSA Code Signing CA
Valid from 1:00 AM 2/23/2015
Valid to 12:59 AM 2/23/2018
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint C2754DCA6496BD7E1EFEEE849024AA2C78725678
Serial number 00 93 02 F3 8F 2B 70 A6 7A 69 5B 8F 63 05 77 9F 8F
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 5/9/2013
Valid to 12:59 AM 5/9/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE?
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 1/19/2010
Valid to 12:59 AM 1/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] COMODO SHA-1 Time Stamping Signer
Status Valid
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 12/31/2015
Valid to 7:40 PM 7/9/2019
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 03A5B14663EB12023091B84A6D6A68BC871DE66B
Serial number 16 88 F0 39 25 5E 63 8E 69 14 39 07 E6 33 0B
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-07-07 06:26:33
Entry Point 0x000330C2
Number of sections 5
PE sections
Overlays
MD5 fc7a3f1a9d3d2cdec2ab8d5007ebfd40
File type data
Offset 513536
Size 5336
Entropy 7.45
PE imports
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
GetDeviceCaps
GetTextMetricsW
DeleteDC
CreateFontIndirectW
SelectObject
GetTextExtentPoint32W
GetStockObject
EnumFontFamiliesExW
GetObjectW
CreateCompatibleDC
DeleteObject
GetStdHandle
WaitForSingleObject
GetFileAttributesW
GetExitCodeProcess
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
UnhandledExceptionFilter
LoadLibraryExW
FreeEnvironmentStringsW
InitializeSListHead
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
FormatMessageW
GetEnvironmentVariableA
LoadResource
OutputDebugStringW
FindClose
BeginUpdateResourceW
BeginUpdateResourceA
SetLastError
InitializeCriticalSection
CopyFileW
UpdateResourceW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
UpdateResourceA
HeapSetInformation
LoadLibraryExA
EnumSystemLocalesW
TlsGetValue
MultiByteToWideChar
SetFilePointerEx
CreateThread
GetSystemDirectoryW
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
TerminateProcess
GetModuleHandleExW
GlobalAlloc
GetDiskFreeSpaceExW
SetEndOfFile
GetVersion
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
EndUpdateResourceW
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
RtlUnwind
FreeLibrary
GetWindowsDirectoryW
OpenProcess
DeleteFileA
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
GetTempFileNameW
CompareStringW
WriteFile
ExpandEnvironmentStringsW
FindNextFileW
GetEnvironmentVariableW
FindFirstFileW
IsValidLocale
FindFirstFileExW
GetProcAddress
ReadConsoleW
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
GetTimeFormatW
GetEnvironmentStringsW
VirtualQuery
lstrlenW
Process32NextW
SwitchToThread
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
Process32FirstW
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
FindResourceW
Sleep
FindResourceA
GetCurrentThreadId
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetMalloc
ShellExecuteA
GetComputerObjectNameW
SetFocus
CreateDialogIndirectParamW
DrawTextW
SetClassLongW
ShowWindow
ShowScrollBar
MessageBoxW
PeekMessageW
GetWindowRect
EnableWindow
MoveWindow
MessageBoxA
SendDlgItemMessageW
SetDlgItemTextW
DispatchMessageW
CreateDialogParamW
ReleaseDC
SendMessageW
TranslateMessage
GetSystemMetrics
SendMessageA
SetWindowTextW
GetDlgItem
SystemParametersInfoW
ScreenToClient
LoadImageW
IsDialogMessageW
GetClientRect
GetDialogBaseUnits
LoadCursorW
LoadIconW
GetFocus
GetDC
MsgWaitForMultipleObjects
SetForegroundWindow
SetCursor
ExitWindowsEx
DestroyWindow
InternetCrackUrlW
InternetCombineUrlW
Ord(78)
Ord(150)
Ord(8)
Ord(92)
CoUninitialize
CoInitialize
PE exports
Number of PE resources by type
Struct(43) 92
RT_ICON 18
RT_DIALOG 3
Struct(40) 3
Struct(45) 2
RT_GROUP_ICON 2
Struct(44) 1
RT_MANIFEST 1
Struct(41) 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 99
ENGLISH US 25
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
14.0

ImageVersion
10.0

FileVersionNumber
14.0.23107.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
147968

EntryPoint
0x330c2

OriginalFileName
setup.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
14.0.23107.0 built by: D14REL

TimeStamp
2015:07:07 07:26:33+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
setup.exe

ProductVersion
14.0.23107.0

FileDescription
Setup

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
364544

FileSubtype
0

ProductVersionNumber
14.0.23107.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 81c005117be1ed3b6265f3e5e17e0784
SHA1 f0a65dcb59b768acc9f61ccc25090bb70b2c2116
SHA256 b369a458f085cda6f84a5e2fd6fdf6ffcf5495be77f6e3cf709a0cd86defa20a
ssdeep
12288:uDPdsil5fCMggBIiMVO26kk+FGPeMb01JQntLOCV1UN:uD1s2ts96kTsemV4

authentihash 2f619478e46f3c33284adef881ccaea1cdbe358e665ba51d35bdaffdcb6d8f3d
imphash 81fd276d49dcfb5944ab1253641f139e
File size 506.7 KB ( 518872 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2016-10-25 06:34:29 UTC ( 8 months ago )
Last submission 2016-10-25 06:34:29 UTC ( 8 months ago )
File names setup.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
UDP communications