× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b44a501fd08b286d967842b83fe0890098427e5effab7713751e30a8f168c3c3
File name: Typograph_Setup.exe
Detection ratio: 0 / 67
Analysis date: 2018-03-14 00:32:13 UTC ( 2 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware 20180314
AegisLab 20180313
AhnLab-V3 20180313
Alibaba 20180313
ALYac 20180313
Antiy-AVL 20180314
Arcabit 20180314
Avast 20180314
Avast-Mobile 20180313
AVG 20180314
Avira (no cloud) 20180313
AVware 20180314
Baidu 20180313
BitDefender 20180314
Bkav 20180313
CAT-QuickHeal 20180313
ClamAV 20180314
CMC 20180313
Comodo 20180314
CrowdStrike Falcon (ML) 20170201
Cybereason None
Cylance 20180314
Cyren 20180314
DrWeb 20180314
eGambit 20180314
Emsisoft 20180313
Endgame 20180308
ESET-NOD32 20180314
F-Prot 20180314
F-Secure 20180309
Fortinet 20180314
GData 20180314
Ikarus 20180314
Sophos ML 20180121
Jiangmin 20180314
K7AntiVirus 20180313
K7GW 20180313
Kaspersky 20180313
Kingsoft 20180314
Malwarebytes 20180314
MAX 20180314
McAfee 20180314
McAfee-GW-Edition 20180314
Microsoft 20180313
eScan 20180314
NANO-Antivirus 20180314
nProtect 20180313
Palo Alto Networks (Known Signatures) 20180314
Panda 20180313
Qihoo-360 20180314
Rising 20180314
SentinelOne (Static ML) 20180225
Sophos AV 20180313
SUPERAntiSpyware 20180313
Symantec 20180313
Symantec Mobile Insight 20180311
Tencent 20180314
TheHacker 20180311
TotalDefense 20180313
TrendMicro 20180314
TrendMicro-HouseCall 20180314
Trustlook 20180314
VBA32 20180313
VIPRE 20180313
ViRobot 20180313
Webroot 20180314
WhiteArmor 20180223
Yandex 20180313
Zillya 20180313
ZoneAlarm by Check Point 20180314
Zoner 20180313
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 10:10 AM 10/5/2015
Signers
[+] A. & M. Neuber Software
Status Valid
Issuer Symantec Class 3 SHA256 Code Signing CA
Valid from 1:00 AM 4/23/2015
Valid to 12:59 AM 6/22/2018
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 5A36630E6B7A686E9EAF4B766FF1313A7CC80CDE
Serial number 3D 42 E4 06 CF 5E 4F 4C 9C 8C 05 85 4C 07 29 7F
[+] Symantec Class 3 SHA256 Code Signing CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 12/10/2013
Valid to 12:59 AM 12/10/2023
Valid usage Client Auth, Code Signing
Algorithm sha256RSA
Thumbprint 007790F6561DAD89B0BCD85585762495E358F8A5
Serial number 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT eval, Unicode, appended, Aspack, ZIP
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-02-24 15:50:34
Entry Point 0x0000AF1E
Number of sections 5
PE sections
Overlays
MD5 6d3fde9ea5c329b6151c805b57a713c4
File type data
Offset 1880064
Size 6152
Entropy 7.33
PE imports
GetDeviceCaps
CreateDCA
DeleteDC
SelectObject
GetTextExtentPoint32A
CreateFontIndirectA
ExtTextOutA
DeleteObject
SetTextAlign
SetBkColor
GetBkColor
SetTextColor
GetStdHandle
GetConsoleOutputCP
WaitForSingleObject
GetDriveTypeA
HeapDestroy
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
SetErrorMode
_llseek
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
WriteFile
_lopen
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
LocalFree
GetEnvironmentVariableA
GlobalHandle
FindClose
TlsGetValue
FormatMessageA
SetLastError
GetSystemTime
InitializeCriticalSection
IsDebuggerPresent
ExitProcess
FlushFileBuffers
GetModuleFileNameA
GetVolumeInformationA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointer
_lclose
SetUnhandledExceptionFilter
MoveFileExA
GlobalMemoryStatus
WriteConsoleA
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetVersion
InterlockedIncrement
SetCurrentDirectoryA
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GlobalLock
_lread
GetProcessHeap
FindFirstFileA
CreateFileMappingA
FindNextFileA
TerminateProcess
GetProcAddress
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
DosDateTimeToFileTime
LCMapStringW
HeapCreate
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
RemoveDirectoryA
GetEnvironmentStrings
GetCurrentProcessId
SetFileTime
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetCurrentThreadId
CreateProcessA
IsValidCodePage
UnmapViewOfFile
VirtualFree
Sleep
VirtualAlloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc
ShellExecuteExA
GetMessageA
GetParent
UpdateWindow
EndDialog
BeginPaint
KillTimer
PostQuitMessage
DefWindowProcA
ShowWindow
SetWindowPos
SetWindowWord
GetSystemMetrics
GetWindowRect
DispatchMessageA
EndPaint
SetDlgItemTextA
PostMessageA
CharUpperBuffA
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
TranslateMessage
DialogBoxParamA
GetSysColor
SetActiveWindow
LoadStringA
SetWindowTextA
SendDlgItemMessageA
GetLastActivePopup
SendMessageA
GetClientRect
GetDlgItem
RegisterClassA
SetRect
InvalidateRect
GetWindowLongA
SetTimer
LoadCursorA
LoadIconA
GetTopWindow
CharNextA
GetWindowWord
EnableWindow
SetForegroundWindow
SetCursor
Number of PE resources by type
RT_ICON 9
RT_STRING 7
RT_DIALOG 2
RT_MANIFEST 1
WZ_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 21
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2009:02:24 16:50:34+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
77824

LinkerVersion
8.0

FileTypeExtension
exe

InitializedDataSize
65536

SubsystemVersion
4.0

EntryPoint
0xaf1e

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 7b6d5841814c919f3cf1a537f39d039c
SHA1 734d0fd3dbbbf58e7a2fd9b7a7511462925fc54a
SHA256 b44a501fd08b286d967842b83fe0890098427e5effab7713751e30a8f168c3c3
ssdeep
49152:D265bOJYjotA5AJPVpmj2l8QgPI1dIz8lZhzy8kUt:D2bnpVtlBlL7YW

authentihash 201376daba1d0eb7fad9bf659141b62a974c15d28443c7e3162e3d51745cf23c
imphash 60f2858f8c859062bd16000a4cb2a2ed
File size 1.8 MB ( 1886216 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (31.5%)
Win64 Executable (generic) (27.9%)
Winzip Win32 self-extracting archive (generic) (23.2%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
Tags
peexe aspack signed overlay

VirusTotal metadata
First submission 2015-10-05 19:50:10 UTC ( 2 years, 7 months ago )
Last submission 2017-01-13 21:43:36 UTC ( 1 year, 4 months ago )
File names b44a501fd08b286d967842b83fe0890098427e5effab7713751e30a8f168c3c3.exe.000
7a19401e53b2de5286eb1c18b077468d5f3dfff4
1447373643-Typograph_Setup.exe
742907
Typograph_Setup.exe
Typograph_Setup.exe
B44A501FD08B286D967842B83FE0890098427E5EFFAB7713751E30A8F168C3C3
Typograph_Setup.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs