× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b88ecf43b2cc29bc3f2f245913d45d84b336d3caf68e4144019e6bd2b027bc25
File name: ETSetup.exe
Detection ratio: 0 / 66
Analysis date: 2018-02-25 16:47:08 UTC ( 11 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware 20180225
AegisLab 20180225
AhnLab-V3 20180225
Alibaba 20180224
ALYac 20180225
Antiy-AVL 20180225
Arcabit 20180225
Avast 20180225
Avast-Mobile 20180225
AVG 20180225
Avira (no cloud) 20180225
AVware 20180225
Baidu 20180208
BitDefender 20180225
Bkav 20180224
CAT-QuickHeal 20180225
ClamAV 20180225
CMC 20180225
Comodo 20180225
CrowdStrike Falcon (ML) 20170201
Cybereason 20180205
Cylance 20180225
Cyren 20180225
DrWeb 20180225
eGambit 20180225
Emsisoft 20180225
Endgame 20180223
ESET-NOD32 20180225
F-Prot 20180225
F-Secure 20180225
Fortinet 20180225
GData 20180225
Ikarus 20180225
Sophos ML 20180121
Jiangmin 20180225
K7AntiVirus 20180225
K7GW 20180225
Kaspersky 20180225
Kingsoft 20180225
Malwarebytes 20180225
MAX 20180225
McAfee 20180225
McAfee-GW-Edition 20180225
Microsoft 20180225
eScan 20180225
NANO-Antivirus 20180225
nProtect 20180225
Palo Alto Networks (Known Signatures) 20180225
Panda 20180225
Qihoo-360 20180225
Rising 20180225
SentinelOne (Static ML) 20180225
Sophos AV 20180225
SUPERAntiSpyware 20180224
Symantec 20180224
Symantec Mobile Insight 20180220
Tencent 20180225
TheHacker 20180225
TrendMicro 20180225
Trustlook 20180225
VBA32 20180223
VIPRE 20180225
ViRobot 20180225
Webroot 20180225
WhiteArmor 20180223
Yandex 20180222
Zillya 20180223
ZoneAlarm by Check Point 20180225
Zoner 20180225
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 4:36 PM 2/25/2018
Signers
[+] DeskSoft
Status Valid
Issuer COMODO RSA Code Signing CA
Valid from 1:00 AM 9/15/2015
Valid to 12:59 AM 9/15/2020
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint D1AEA1B2BC9F08EFA7AD6555BF95D299C136DD92
Serial number 29 92 97 75 23 47 28 15 26 AE 1B 14 3A 14 3A 3B
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 5/9/2013
Valid to 12:59 AM 5/9/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 1/19/2010
Valid to 12:59 AM 1/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] COMODO SHA-1 Time Stamping Signer
Status Valid
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 12/31/2015
Valid to 7:40 PM 7/9/2019
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 03A5B14663EB12023091B84A6D6A68BC871DE66B
Serial number 16 88 F0 39 25 5E 63 8E 69 14 39 07 E6 33 0B
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
Packers identified
F-PROT 7Z, UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-04-28 11:38:20
Entry Point 0x0001FFB0
Number of sections 3
PE sections
Overlays
MD5 e0715f0773ba3c6c955588ae9d0d7341
File type data
Offset 61952
Size 4093344
Entropy 8.00
PE imports
DeleteDC
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
OleLoadPicture
SHGetMalloc
CoInitialize
Number of PE resources by type
RT_ICON 3
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2011:04:28 12:38:20+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
49152

LinkerVersion
8.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x1ffb0

InitializedDataSize
16384

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
81920

File identification
MD5 132cef6a0b1e04e15d65b2c6516b4466
SHA1 16aa5e0b4259a327cbc9203d6a3c1c7b3fd4303a
SHA256 b88ecf43b2cc29bc3f2f245913d45d84b336d3caf68e4144019e6bd2b027bc25
ssdeep
98304:4Ko36qr1NJz7ln6xdmwHWMtAIj5KNcIasgWeY+ci9wbQU6:Z2prVln6xdmaWMikQNcSgWr+cica

authentihash 4096a80fc2b3dc3822c5f79de9ea116324fe799855dac4fe6a06f45445c5b083
imphash a286c0355023fedae1f655dff7dc3897
File size 4.0 MB ( 4155296 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe signed upx overlay

VirusTotal metadata
First submission 2018-02-25 16:47:08 UTC ( 11 months, 3 weeks ago )
Last submission 2018-02-25 16:47:08 UTC ( 11 months, 3 weeks ago )
File names B88ECF43B2CC29BC3F2F245913D45D84B336D3CAF68E4144019E6BD2B027BC25.exe
ETSetup.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Shell commands
Opened mutexes
Runtime DLLs