× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b62b0ae68f885c4486a6339bcee64cfbe84982a4f112c72b4eaba70a52972c38
File name: EMLSetup.exe
Detection ratio: 1 / 46
Analysis date: 2013-03-03 05:36:45 UTC ( 1 year, 1 month ago ) View latest
Probably harmless! There are strong indicators suggesting that this file is safe to use.
Antivirus Result Update
DrWeb Trojan.MulDrop4.17823 20130303
AVG 20130302
Agnitum 20130302
AhnLab-V3 20130302
AntiVir 20130302
Antiy-AVL 20130302
Avast 20130303
BitDefender 20130303
ByteHero 20130221
CAT-QuickHeal 20130302
ClamAV 20130303
Commtouch 20130302
Comodo 20130303
ESET-NOD32 20130302
Emsisoft 20130303
F-Prot 20130302
F-Secure 20130303
Fortinet 20130303
GData 20130303
Ikarus 20130226
Jiangmin 20130303
K7AntiVirus 20130301
Kaspersky 20130303
Kingsoft 20130225
Malwarebytes 20130303
McAfee 20130303
McAfee-GW-Edition 20130303
MicroWorld-eScan 20130303
Microsoft 20130303
NANO-Antivirus 20130303
Norman 20130302
PCTools 20130303
Panda 20130302
Rising 20130228
SUPERAntiSpyware 20130302
Sophos 20130303
Symantec 20130303
TheHacker 20130302
TotalDefense 20130301
TrendMicro 20130303
TrendMicro-HouseCall 20130303
VBA32 20130301
VIPRE 20130303
ViRobot 20130303
eSafe 20130211
nProtect 20130302
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
Eusing Software

Publisher Eusing Software
File version 2.1
Description Eusing Maze Lock
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2001-10-25 19:47:11
Link date 8:47 PM 10/25/2001
Entry Point 0x000021AF
Number of sections 4
PE sections
PE imports
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
GetDeviceCaps
SelectPalette
SelectObject
PatBlt
CreateFontA
CreatePalette
GetStockObject
TextOutA
CreateSolidBrush
SetBkMode
DeleteObject
RealizePalette
SetTextColor
StretchDIBits
GetLastError
lstrlenA
GlobalFree
FreeLibrary
ExitProcess
GetVersionExA
GlobalUnlock
GetModuleFileNameA
LoadLibraryA
WinExec
OpenFile
GetCurrentProcess
_lwrite
lstrcatA
GetWindowsDirectoryA
SetErrorMode
_llseek
GetCommandLineA
GetProcAddress
_lread
GetTempPathA
_lcreat
_lclose
GetModuleHandleA
lstrcpyA
_lopen
MulDiv
GetTempFileNameA
GlobalLock
LocalFree
GlobalAlloc
FormatMessageA
DrawTextA
CreateWindowExA
RegisterClassA
LoadIconA
LoadCursorA
ReleaseDC
EndPaint
BeginPaint
MessageBoxA
ExitWindowsEx
SendMessageA
GetClientRect
SetTimer
SetWindowPos
PostQuitMessage
DefWindowProcA
ShowWindow
UpdateWindow
wsprintfA
GetDC
InvalidateRect
PE exports
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
4.0

FileVersionNumber
2.1.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
5632

EntryPoint
0x21af

MIMEType
application/octet-stream

ingMazeLock
XXXXXXXXXXXXXXXXXXXXXXXXX

FileVersion
2.1

XXXXXXXX
|,LegalCopyright

TimeStamp
2001:10:25 20:47:11+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2014:03:27 13:14:54+01:00

SubsystemVersion
4.0

XXXXXXXXXXXXXXXXXXXXXXXX
,FileDescription

OSVersion
4.0

FileCreateDate
2014:03:27 13:14:54+01:00

FileOS
Windows 16-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Eusing Software

CodeSize
8704

FileSubtype
0

ProductVersionNumber
2.1.0.0

ingSoftware
XXXXXXXXXXXXXXXXXXXXXXXXXXX

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 c2a69526639b6e3941af53bae477561c
SHA1 53123f9e7e641017d165f32c2dad2b424caa2a63
SHA256 b62b0ae68f885c4486a6339bcee64cfbe84982a4f112c72b4eaba70a52972c38
ssdeep
24576:TnW01iV8mAeZV9LbaaEy/3y7Tif5GyuQ5Fdwr7:TWkiaGy2frdFGr7

imphash e41c25ab7824b3df73334188c40518ae
File size 809.3 KB ( 828758 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Wise Installer executable (98.1%)
Win32 Dynamic Link Library (generic) (0.8%)
Win32 Executable (generic) (0.5%)
Generic Win/DOS Executable (0.2%)
DOS Executable Generic (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2012-12-14 18:09:12 UTC ( 1 year, 4 months ago )
Last submission 2013-03-25 14:48:22 UTC ( 1 year ago )
File names EMLSetup.exe
Eusing Maze Lock 2.1 Setup.exe
53123f9e7e641017d165f32c2dad2b424caa2a63
8887213
file-4896004_exe
EMLSetup.exe
EMLSetup.exe
emlsetup.exe
EMazeLockSetup.exe
output.8887213.txt
b62b0ae68f885c4486a6339bcee64cfbe84982a4f112c72b4eaba70a52972c38
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!