× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b44a501fd08b286d967842b83fe0890098427e5effab7713751e30a8f168c3c3
File name: Typograph_Setup.exe
Detection ratio: 0 / 63
Analysis date: 2017-08-17 00:25:18 UTC ( 5 months ago )
Antivirus Result Update
Ad-Aware 20170816
AegisLab 20170816
AhnLab-V3 20170816
Alibaba 20170816
Antiy-AVL 20170817
Arcabit 20170816
Avast 20170817
AVG 20170817
Avira (no cloud) 20170817
Baidu 20170816
BitDefender 20170817
Bkav 20170816
CAT-QuickHeal 20170816
ClamAV 20170816
CMC 20170816
Comodo 20170817
CrowdStrike Falcon (ML) 20170804
Cylance 20170817
Cyren 20170816
DrWeb 20170816
Emsisoft 20170816
Endgame 20170721
ESET-NOD32 20170817
F-Prot 20170816
F-Secure 20170816
Fortinet 20170816
GData 20170816
Ikarus 20170816
Sophos ML 20170607
Jiangmin 20170816
K7AntiVirus 20170816
K7GW 20170817
Kaspersky 20170816
Kingsoft 20170817
Malwarebytes 20170816
MAX 20170816
McAfee 20170816
McAfee-GW-Edition 20170816
Microsoft 20170817
eScan 20170817
NANO-Antivirus 20170816
nProtect 20170816
Palo Alto Networks (Known Signatures) 20170817
Panda 20170816
Qihoo-360 20170817
Rising 20170816
SentinelOne (Static ML) 20170806
Sophos AV 20170816
SUPERAntiSpyware 20170817
Symantec 20170816
Symantec Mobile Insight 20170816
Tencent 20170817
TheHacker 20170816
TotalDefense 20170816
TrendMicro 20170816
Trustlook 20170817
VBA32 20170816
VIPRE 20170816
ViRobot 20170816
Webroot 20170817
WhiteArmor 20170815
Yandex 20170815
Zillya 20170816
ZoneAlarm by Check Point 20170816
Zoner 20170816
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 10:10 AM 10/5/2015
Signers
[+] A. & M. Neuber Software
Status Valid
Issuer Symantec Class 3 SHA256 Code Signing CA
Valid from 1:00 AM 4/23/2015
Valid to 12:59 AM 6/22/2018
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 5A36630E6B7A686E9EAF4B766FF1313A7CC80CDE
Serial number 3D 42 E4 06 CF 5E 4F 4C 9C 8C 05 85 4C 07 29 7F
[+] Symantec Class 3 SHA256 Code Signing CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 12/10/2013
Valid to 12:59 AM 12/10/2023
Valid usage Client Auth, Code Signing
Algorithm sha256RSA
Thumbprint 007790F6561DAD89B0BCD85585762495E358F8A5
Serial number 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT eval, Unicode, appended, Aspack, ZIP
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-02-24 15:50:34
Entry Point 0x0000AF1E
Number of sections 5
PE sections
Overlays
MD5 6d3fde9ea5c329b6151c805b57a713c4
File type data
Offset 1880064
Size 6152
Entropy 7.33
PE imports
GetDeviceCaps
CreateDCA
DeleteDC
SelectObject
GetTextExtentPoint32A
CreateFontIndirectA
ExtTextOutA
DeleteObject
SetTextAlign
SetBkColor
GetBkColor
SetTextColor
GetStdHandle
GetConsoleOutputCP
WaitForSingleObject
GetDriveTypeA
HeapDestroy
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
SetErrorMode
_llseek
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
WriteFile
_lopen
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
LocalFree
GetEnvironmentVariableA
GlobalHandle
FindClose
TlsGetValue
FormatMessageA
SetLastError
GetSystemTime
InitializeCriticalSection
IsDebuggerPresent
ExitProcess
FlushFileBuffers
GetModuleFileNameA
GetVolumeInformationA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointer
_lclose
SetUnhandledExceptionFilter
MoveFileExA
GlobalMemoryStatus
WriteConsoleA
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetVersion
InterlockedIncrement
SetCurrentDirectoryA
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GlobalLock
_lread
GetProcessHeap
FindFirstFileA
CreateFileMappingA
FindNextFileA
TerminateProcess
GetProcAddress
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
DosDateTimeToFileTime
LCMapStringW
HeapCreate
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
RemoveDirectoryA
GetEnvironmentStrings
GetCurrentProcessId
SetFileTime
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetCurrentThreadId
CreateProcessA
IsValidCodePage
UnmapViewOfFile
VirtualFree
Sleep
VirtualAlloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc
ShellExecuteExA
GetMessageA
GetParent
UpdateWindow
EndDialog
BeginPaint
KillTimer
PostQuitMessage
DefWindowProcA
ShowWindow
SetWindowPos
SetWindowWord
GetSystemMetrics
GetWindowRect
DispatchMessageA
EndPaint
SetDlgItemTextA
PostMessageA
CharUpperBuffA
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
TranslateMessage
DialogBoxParamA
GetSysColor
SetActiveWindow
LoadStringA
SetWindowTextA
SendDlgItemMessageA
GetLastActivePopup
SendMessageA
GetClientRect
GetDlgItem
RegisterClassA
SetRect
InvalidateRect
GetWindowLongA
SetTimer
LoadCursorA
LoadIconA
GetTopWindow
CharNextA
GetWindowWord
EnableWindow
SetForegroundWindow
SetCursor
Number of PE resources by type
RT_ICON 9
RT_STRING 7
RT_DIALOG 2
RT_MANIFEST 1
WZ_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 21
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2009:02:24 16:50:34+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
77824

LinkerVersion
8.0

EntryPoint
0xaf1e

InitializedDataSize
65536

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 7b6d5841814c919f3cf1a537f39d039c
SHA1 734d0fd3dbbbf58e7a2fd9b7a7511462925fc54a
SHA256 b44a501fd08b286d967842b83fe0890098427e5effab7713751e30a8f168c3c3
ssdeep
49152:D265bOJYjotA5AJPVpmj2l8QgPI1dIz8lZhzy8kUt:D2bnpVtlBlL7YW

authentihash 201376daba1d0eb7fad9bf659141b62a974c15d28443c7e3162e3d51745cf23c
imphash 60f2858f8c859062bd16000a4cb2a2ed
File size 1.8 MB ( 1886216 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (32.1%)
Win64 Executable (generic) (28.5%)
Winzip Win32 self-extracting archive (generic) (23.7%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Tags
peexe aspack signed overlay

VirusTotal metadata
First submission 2015-10-05 19:50:10 UTC ( 2 years, 3 months ago )
Last submission 2017-01-13 21:43:36 UTC ( 1 year ago )
File names b44a501fd08b286d967842b83fe0890098427e5effab7713751e30a8f168c3c3.exe.000
7a19401e53b2de5286eb1c18b077468d5f3dfff4
1447373643-Typograph_Setup.exe
742907
Typograph_Setup.exe
Typograph_Setup.exe
B44A501FD08B286D967842B83FE0890098427E5EFFAB7713751E30A8F168C3C3
Typograph_Setup.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs