× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b495f851c6b10c652c52740ff1e87deb4243ccc625862a7277fbb28e88b8492b
File name: zvipsetup32.exe
Detection ratio: 0 / 67
Analysis date: 2017-12-22 22:23:42 UTC ( 3 weeks, 3 days ago )
Antivirus Result Update
Ad-Aware 20171222
AegisLab 20171222
AhnLab-V3 20171222
Alibaba 20171222
ALYac 20171222
Arcabit 20171222
Avast 20171222
Avast-Mobile 20171222
AVG 20171222
Avira (no cloud) 20171222
AVware 20171222
Baidu 20171222
BitDefender 20171222
Bkav 20171222
CAT-QuickHeal 20171222
ClamAV 20171222
CMC 20171222
Comodo 20171222
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20171222
Cyren 20171222
DrWeb 20171222
eGambit 20171222
Emsisoft 20171222
Endgame 20171130
ESET-NOD32 20171222
F-Prot 20171222
F-Secure 20171222
Fortinet 20171222
GData 20171222
Ikarus 20171222
Sophos ML 20170914
Jiangmin 20171221
K7AntiVirus 20171222
K7GW 20171222
Kaspersky 20171222
Kingsoft 20171222
Malwarebytes 20171222
MAX 20171222
McAfee 20171222
McAfee-GW-Edition 20171222
Microsoft 20171222
eScan 20171222
NANO-Antivirus 20171222
nProtect 20171222
Palo Alto Networks (Known Signatures) 20171222
Panda 20171222
Qihoo-360 20171222
Rising 20171222
SentinelOne (Static ML) 20171207
Sophos AV 20171222
SUPERAntiSpyware 20171222
Symantec 20171222
Symantec Mobile Insight 20171222
Tencent 20171222
TheHacker 20171219
TotalDefense 20171222
TrendMicro 20171222
TrendMicro-HouseCall 20171222
Trustlook 20171222
VBA32 20171222
VIPRE 20171222
ViRobot 20171222
Webroot 20171222
WhiteArmor 20171204
Yandex 20171222
Zillya 20171222
ZoneAlarm by Check Point 20171222
Zoner 20171222
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2010-2017

Product Z-ViPrinter
Original name Setup.exe
Internal name AKInstaller
File version 1. 9. 0. 5
Description PDF-Printer 32-Bit Install
Signature verification Signed file, verified signature
Signing date 10:31 PM 11/26/2016
Signers
[+] Andreas Baumann
Status Valid
Issuer thawte SHA256 Code Signing CA
Valid from 1:00 AM 1/26/2016
Valid to 12:59 AM 1/26/2018
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 1E7825C976BB58E46160DE6ED4C9253D00E2F1EB
Serial number 5B 62 3E B5 66 1D A2 25 AC C9 DB C3 1D F9 18 0A
[+] thawte SHA256 Code Signing CA
Status Valid
Issuer thawte Primary Root CA
Valid from 1:00 AM 12/10/2013
Valid to 12:59 AM 12/10/2023
Valid usage Client Auth, Code Signing
Algorithm sha256RSA
Thumbprint D00CFDBF46C98A838BC10DC4E097AE0152C461BC
Serial number 71 A0 B7 36 95 DD B1 AF C2 3B 2B 9A 18 EE 54 CB
[+] thawte
Status Valid
Issuer thawte Primary Root CA
Valid from 1:00 AM 11/17/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 91C6D6EE3E8AC86384E548C299295C756C817B81
Serial number 34 4E D5 57 20 D5 ED EC 49 F4 2F CE 37 DB 2B 6D
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT ZIP
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-17 14:19:23
Entry Point 0x00002870
Number of sections 4
PE sections
Overlays
MD5 e5785060bcabf65d189364fe443e1dc2
File type application/x-ms-dos-executable
Offset 89600
Size 19934152
Entropy 8.00
PE imports
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
GetLastError
lstrlenA
WaitForSingleObject
FreeLibrary
CopyFileA
SetProcessShutdownParameters
GetVersionExA
GetModuleFileNameA
LoadLibraryA
GetCurrentProcess
WritePrivateProfileStringA
CreateDirectoryA
DeleteFileA
GetProcAddress
GetTempPathA
GetModuleHandleA
lstrcpyA
GetStartupInfoA
CloseHandle
RemoveDirectoryA
MoveFileExA
SetFileAttributesA
GetExitCodeProcess
LocalFree
CreateProcessA
Sleep
FormatMessageA
GetVersion
SetCurrentDirectoryA
Ord(535)
Ord(3147)
Ord(4080)
Ord(6375)
Ord(537)
Ord(3830)
Ord(2554)
Ord(4202)
Ord(354)
Ord(3738)
Ord(939)
Ord(3136)
Ord(2982)
Ord(617)
Ord(3079)
Ord(2512)
Ord(3262)
Ord(665)
Ord(1576)
Ord(825)
Ord(3081)
Ord(5199)
Ord(5710)
Ord(6385)
Ord(5442)
Ord(4129)
Ord(2621)
Ord(3259)
Ord(4424)
Ord(540)
Ord(5714)
Ord(5289)
Ord(5214)
Ord(5773)
Ord(2763)
Ord(858)
Ord(3346)
Ord(4622)
Ord(561)
Ord(3831)
Ord(536)
Ord(2915)
Ord(5731)
Ord(3825)
Ord(823)
Ord(2985)
Ord(4203)
Ord(924)
Ord(815)
Ord(5186)
Ord(1089)
Ord(4486)
Ord(1168)
Ord(2396)
Ord(2725)
Ord(4698)
Ord(3922)
Ord(2976)
Ord(2764)
Ord(800)
Ord(296)
Ord(5300)
Ord(4079)
Ord(5307)
Ord(2818)
Ord(4274)
Ord(941)
Ord(5302)
Ord(4465)
Ord(1979)
Ord(860)
Ord(5572)
Ord(1147)
strncmp
__p__fmode
malloc
_acmdln
??1type_info@@UAE@XZ
memset
__dllonexit
_controlfp
_access
strncpy
_except_handler3
strtok
_mbscmp
_onexit
exit
_XcptFilter
__setusermatherr
_adjust_fdiv
__CxxFrameHandler
__p__commode
free
__getmainargs
_initterm
_setmbcp
_exit
__set_app_type
SHFileOperationA
DispatchMessageA
MessageBoxA
PeekMessageA
ExitWindowsEx
TranslateMessage
Number of PE resources by type
RT_ICON 5
RT_GROUP_ICON 2
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 6
GERMAN 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.9.0.5

UninitializedDataSize
0

LanguageCode
German

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
80896

EntryPoint
0x2870

OriginalFileName
Setup.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2010-2017

FileVersion
1. 9. 0. 5

TimeStamp
2016:11:17 15:19:23+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
AKInstaller

ProductVersion
1. 9. 0. 5

FileDescription
PDF-Printer 32-Bit Install

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
IMU Andreas Baumann

CodeSize
7680

ProductName
Z-ViPrinter

ProductVersionNumber
1.9.0.5

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 71d16a2af0997c532ff65cb3ce2434b2
SHA1 361fba79679e4be2f7d90379150892666d2baad8
SHA256 b495f851c6b10c652c52740ff1e87deb4243ccc625862a7277fbb28e88b8492b
ssdeep
393216:wuMj/m6lp6SHfnNC6OhfJSx4DqiMqKWkbHSYLe7W0ayBBlt9L4ln5pPnK0vo:JMjMSHfNIix3dDbHSYLe7l59LCvBg

authentihash bdcc9a4a2d0699c4c296f1720eedb88a6059767689384b23b70bd6d6747c20ad
imphash 671c2c3f9c8b6c9a11bdbd77d5fdfa27
File size 19.1 MB ( 20023752 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (76.4%)
Win32 Executable (generic) (12.4%)
Generic Win/DOS Executable (5.5%)
DOS Executable Generic (5.5%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2017-01-01 20:33:13 UTC ( 1 year ago )
Last submission 2017-01-01 20:33:13 UTC ( 1 year ago )
File names zvipsetup32.exe
Setup.exe
AKInstaller
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications