× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bc410187656da18d4a515a8034e2a45c3f5856bc61824224c94cf579da7067ab
File name: PSTViewer.Setup.exe
Detection ratio: 0 / 56
Analysis date: 2015-02-06 16:39:19 UTC ( 4 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware 20150206
AegisLab 20150206
Yandex 20150206
AhnLab-V3 20150206
Alibaba 20150206
ALYac 20150206
Antiy-AVL 20150206
Avast 20150206
AVG 20150206
Avira (no cloud) 20150206
AVware 20150206
Baidu-International 20150206
BitDefender 20150206
Bkav 20150206
ByteHero 20150206
CAT-QuickHeal 20150205
ClamAV 20150206
CMC 20150205
Comodo 20150206
Cyren 20150206
DrWeb 20150206
Emsisoft 20150206
ESET-NOD32 20150206
F-Prot 20150206
F-Secure 20150206
Fortinet 20150206
GData 20150206
Ikarus 20150206
K7AntiVirus 20150206
K7GW 20150206
Kaspersky 20150206
Kingsoft 20150206
Malwarebytes 20150206
McAfee 20150206
McAfee-GW-Edition 20150205
Microsoft 20150206
eScan 20150206
NANO-Antivirus 20150206
Norman 20150206
nProtect 20150206
Panda 20150206
Qihoo-360 20150206
Rising 20150206
Sophos AV 20150206
SUPERAntiSpyware 20150206
Symantec 20150206
Tencent 20150206
TheHacker 20150206
TotalDefense 20150206
TrendMicro 20150206
TrendMicro-HouseCall 20150206
VBA32 20150206
VIPRE 20150206
ViRobot 20150206
Zillya 20150206
Zoner 20150206
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2015 Encryptomatic, LLC

Publisher Encryptomatic LLC
Product PSTViewer Pro 7
Original name PSTViewer.Setup.exe
Internal name PSTViewer.Setup
File version 7.0.420.0
Description PSTViewer Pro 7 version 7.0.420.0 by Encryptomatic, LLC
Signature verification Signed file, verified signature
Signing date 2:15 PM 2/6/2015
Signers
[+] Encryptomatic LLC
Status Valid
Issuer None
Valid from 1:00 AM 7/16/2013
Valid to 12:59 AM 7/16/2016
Valid usage Code Signing
Algorithm SHA1
Thumbprint 366B4AA6F28C2D32055D74631AEEC2B03F00B3BC
Serial number 00 9A CA 4E ED 3B 3D 33 FC C9 FA E8 42 7D 79 F1 4B
[+] COMODO Code Signing CA 2
Status Valid
Issuer None
Valid from 1:00 AM 8/24/2011
Valid to 11:48 AM 5/30/2020
Valid usage Code Signing
Algorithm SHA1
Thumbprint B64771392538D1EB7A9281998791C14AFD0C5035
Serial number 10 70 9D 4F F5 54 08 D7 30 60 01 D8 EA 91 75 BB
[+] UTN-USERFirst-Object
Status Valid
Issuer None
Valid from 9:09 AM 6/7/2005
Valid to 11:48 AM 5/30/2020
Valid usage All
Algorithm SHA1
Thumbprint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] USERTrust
Status Valid
Issuer None
Valid from 11:48 AM 5/30/2000
Valid to 11:48 AM 5/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm SHA1
Thumbprint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
Counter signers
[+] COMODO Time Stamping Signer
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 5/10/2010
Valid to 12:59 AM 5/11/2015
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 3DBB6DB5085C6DD5A1CA7F9CF84ECB1A3910CAC8
Serial number 47 8A 8E FB 59 E1 D8 3F 0C E1 42 D2 A2 87 07 BE
[+] UTN-USERFirst-Object
Status Valid
Issuer None
Valid from 9:09 AM 6/7/2005
Valid to 11:48 AM 5/30/2020
Valid usage All
Algorithm SHA1
Thumbrint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] USERTrust
Status Valid
Issuer None
Valid from 11:48 AM 5/30/2000
Valid to 11:48 AM 5/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm SHA1
Thumbrint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-10-23 11:50:37
Entry Point 0x000C8DAC
Number of sections 5
PE sections
Overlays
MD5 800741504f9471ca65526e908d46c118
File type application/x-ms-dos-executable
Offset 2066432
Size 55071272
Entropy 7.74
PE imports
RegCreateKeyExW
RegDeleteKeyA
RegCloseKey
LookupAccountSidW
RegQueryValueExA
RegCreateKeyW
OpenServiceW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteKeyW
RegCreateKeyA
UnlockServiceDatabase
RegQueryValueExW
SetSecurityDescriptorDacl
CloseServiceHandle
RegOpenKeyA
EqualSid
OpenProcessToken
QueryServiceStatus
RegOpenKeyExW
RegOpenKeyW
RegOpenKeyExA
RegEnumValueA
GetTokenInformation
GetUserNameW
RegQueryInfoKeyW
GetSecurityDescriptorDacl
RegDeleteValueW
LockServiceDatabase
RegEnumKeyExW
SetEntriesInAclW
StartServiceW
RegSetValueExW
FreeSid
OpenSCManagerW
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegSetValueExA
RegDeleteValueA
InitCommonControlsEx
ImageList_Destroy
_TrackMouseEvent
ImageList_AddMasked
ImageList_SetBkColor
ImageList_ReplaceIcon
DestroyPropertySheetPage
CreatePropertySheetPageW
ImageList_Create
PropertySheetW
ImageList_GetIcon
ImageList_LoadImageW
ImageList_Add
GetSaveFileNameW
GetOpenFileNameW
CreatePolygonRgn
CreateFontIndirectW
CreatePen
GetRgnBox
CreateRectRgnIndirect
CombineRgn
GetBitmapBits
Rectangle
GetLayout
GetBrushOrgEx
ExcludeClipRect
CreateCompatibleDC
DeleteDC
SetBkMode
GetObjectW
BitBlt
CreateDIBSection
CreateBitmapIndirect
SetTextColor
CreatePatternBrush
GetDeviceCaps
FillRgn
ExtTextOutW
EqualRgn
GetStockObject
SelectClipRgn
SetViewportOrgEx
CreateFontW
SetBrushOrgEx
CreateRectRgn
SelectObject
CreateSolidBrush
SetBkColor
DeleteObject
CreateCompatibleBitmap
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
WaitForSingleObject
HeapDestroy
GetFileAttributesW
DuplicateHandle
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
LoadLibraryExW
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetTempPathA
GetCPInfo
GetProcAddress
GetStringTypeA
InterlockedExchange
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
FormatMessageW
ConnectNamedPipe
GetExitCodeProcess
InitializeCriticalSection
OutputDebugStringW
GetLogicalDriveStringsW
FindClose
TlsGetValue
MoveFileW
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
PeekNamedPipe
CopyFileW
GetUserDefaultLangID
LoadResource
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
lstrcmpiW
EnumSystemLocalesA
EnumResourceLanguagesW
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FlushInstructionCache
SetFilePointer
GetFullPathNameW
CreateThread
GetSystemDirectoryW
GetExitCodeThread
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
GlobalMemoryStatus
SearchPathW
WriteConsoleA
SetCurrentDirectoryW
GlobalAlloc
GetDiskFreeSpaceExW
SetEndOfFile
GetVersion
LeaveCriticalSection
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
GetSystemTime
SetHandleCount
TerminateThread
LoadLibraryW
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
SetConsoleTextAttribute
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoA
UnlockFile
GetWindowsDirectoryW
GetFileSize
DeleteFileA
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GlobalLock
GetConsoleScreenBufferInfo
GetSystemInfo
GetProcessHeap
GetTempFileNameW
CompareStringW
WriteFile
RemoveDirectoryW
FindNextFileW
ResetEvent
GetTempFileNameA
FindFirstFileW
IsValidLocale
lstrcmpW
WaitForMultipleObjects
GetUserDefaultLCID
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
GetShortPathNameW
CreateNamedPipeW
GlobalFree
GetConsoleCP
FindResourceW
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
LockFile
lstrlenW
Process32NextW
CreateProcessW
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
WideCharToMultiByte
HeapSize
InterlockedCompareExchange
Process32FirstW
GetCurrentThread
lstrcpynW
GetSystemDefaultLangID
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetCurrentThreadId
FindResourceExW
CreateProcessA
IsValidCodePage
HeapCreate
OpenEventW
VirtualFree
Sleep
TerminateProcess
VirtualAlloc
TransparentBlt
AlphaBlend
NetUserGetLocalGroups
NetLocalGroupGetMembers
NetApiBufferFree
VarUI4FromStr
OleCreateFontIndirect
SysStringLen
SysAllocStringLen
VariantClear
SysStringByteLen
LoadRegTypeLib
SysAllocString
VariantCopy
VariantInit
VarDateFromStr
LoadTypeLib
SysFreeString
SysAllocStringByteLen
OleLoadPicture
SHGetFolderPathW
SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
SHGetMalloc
PathAddBackslashW
PathIsUNCW
PathIsDirectoryW
PathFileExistsW
GetUserNameExW
RedrawWindow
GetMessagePos
SetWindowRgn
LoadBitmapW
SetRectEmpty
DestroyMenu
PostQuitMessage
GetForegroundWindow
DrawStateW
SetWindowPos
GetNextDlgTabItem
IsWindow
EndPaint
IntersectRect
CopyRect
DispatchMessageW
GetAsyncKeyState
ReleaseDC
GetDlgCtrlID
SendMessageW
UnregisterClassA
SendMessageA
GetClientRect
DrawTextW
SetScrollPos
LoadImageW
ClientToScreen
GetActiveWindow
GetWindowTextW
GetWindowTextLengthW
MsgWaitForMultipleObjects
InvalidateRgn
DestroyWindow
DrawEdge
GetParent
UpdateWindow
GetPropW
EqualRect
EnumWindows
GetMessageW
ShowWindow
DrawFrameControl
SetPropW
GetDesktopWindow
PeekMessageW
EnableWindow
GetSystemMenu
TranslateMessage
IsWindowEnabled
GetWindow
CreateIconFromResourceEx
GetIconInfo
SetClipboardData
IsZoomed
LoadStringW
EnableMenuItem
DrawFocusRect
SetTimer
IsDialogMessageW
FillRect
CreateAcceleratorTableW
GetSysColorBrush
CreateWindowExW
GetWindowLongW
CharNextW
IsChild
MapWindowPoints
RegisterWindowMessageW
GetMonitorInfoW
EmptyClipboard
BeginPaint
OffsetRect
DefWindowProcW
GetScrollPos
KillTimer
TrackMouseEvent
GetComboBoxInfo
GetClassInfoExW
GetSystemMetrics
SetWindowLongW
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
GetScrollRange
PostMessageW
EndDialog
CreateDialogParamW
CreatePopupMenu
GetSubMenu
PtInRect
DrawIconEx
SetWindowTextW
GetDlgItem
RemovePropW
ScreenToClient
TrackPopupMenu
DialogBoxIndirectParamW
DestroyAcceleratorTable
ValidateRect
LoadCursorW
LoadIconW
GetDC
SetForegroundWindow
ExitWindowsEx
OpenClipboard
GetCursorPos
DrawTextExW
GetScrollInfo
FindWindowW
GetCapture
MessageBeep
LoadMenuW
SetFocus
GetWindowThreadProcessId
MessageBoxW
RegisterClassExW
MoveWindow
DialogBoxParamW
AppendMenuW
GetWindowDC
DestroyCursor
LookupIconIdFromDirectoryEx
SendMessageTimeoutW
GetSysColor
SetScrollInfo
GetKeyState
GetWindowRgn
DestroyIcon
IsWindowVisible
SetCursorPos
SystemParametersInfoW
UnionRect
MonitorFromWindow
SetRect
InvalidateRect
CallWindowProcW
GetClassNameW
ModifyMenuW
IsRectEmpty
GetFocus
CloseClipboard
SetCursor
TranslateAcceleratorW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
SymGetLineFromAddr
StackWalk
SymSetOptions
SymCleanup
SymInitialize
SymFunctionTableAccess
SymGetModuleBase
SymSetSearchPath
CreateStreamOnHGlobal
OleLockRunning
CoTaskMemFree
CoInitialize
OleInitialize
StgCreateDocfileOnILockBytes
CoCreateInstance
CoCreateGuid
CoTaskMemRealloc
CLSIDFromProgID
OleUninitialize
CoUninitialize
CoInitializeEx
CoTaskMemAlloc
CLSIDFromString
StringFromGUID2
CreateILockBytesOnHGlobal
CoGetClassObject
Number of PE resources by type
RT_DIALOG 13
RT_STRING 13
RT_ICON 12
RT_BITMAP 6
RTF_FILE 2
RT_MENU 2
IMAGE_FILE 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 53
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.0.420.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
1017344

EntryPoint
0xc8dac

OriginalFileName
PSTViewer.Setup.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2015 Encryptomatic, LLC

FileVersion
7.0.420.0

TimeStamp
2014:10:23 12:50:37+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
PSTViewer.Setup

ProductVersion
7.0.420.0

FileDescription
PSTViewer Pro 7 version 7.0.420.0 by Encryptomatic, LLC

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Encryptomatic, LLC

CodeSize
1048064

ProductName
PSTViewer Pro 7

ProductVersionNumber
7.0.420.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Compressed bundles
File identification
MD5 5dada9e8d4611f9e247b81107fd76949
SHA1 ddf2d1e2df6105930e3f0a3527fe59e26b969078
SHA256 bc410187656da18d4a515a8034e2a45c3f5856bc61824224c94cf579da7067ab
ssdeep
1572864:F7vE+ErNamSPGc7CO6hCBr50mbLNe0ejt:sNaOk9rWcZe0ejt

authentihash de18b9140916edaa0e4ddfccd6eda408c0b6ae915a1a3712437e6065aaa60b1f
imphash 9eff7a1b294d31fdb90f8bb40cef7a47
File size 54.5 MB ( 57137704 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (83.4%)
Win32 Executable (generic) (8.7%)
Generic Win/DOS Executable (3.8%)
DOS Executable Generic (3.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2015-02-06 16:39:19 UTC ( 4 years, 1 month ago )
Last submission 2015-08-24 14:36:23 UTC ( 3 years, 6 months ago )
File names EmlViewerPro.Setup.exe
PSTViewer.Setup
pstviewer.setup.exe
PSTViewer.Setup.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!