× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bd355e5e31aa4bd3d794025991fc5363674a306c1d78b870809700a3f9cfa9e3
File name: WGSetup-en.exe
Detection ratio: 0 / 64
Analysis date: 2018-02-14 08:43:15 UTC ( 7 months ago )
Antivirus Result Update
Ad-Aware 20180214
AegisLab 20180214
AhnLab-V3 20180213
Alibaba 20180209
ALYac 20180213
Antiy-AVL 20180214
Arcabit 20180214
Avast 20180214
Avast-Mobile 20180213
AVG 20180214
Avira (no cloud) 20180214
AVware 20180210
Baidu 20180208
BitDefender 20180214
Bkav 20180212
CAT-QuickHeal 20180214
ClamAV 20180214
CMC 20180214
Comodo 20180214
CrowdStrike Falcon (ML) 20170201
Cybereason 20180205
Cyren 20180214
DrWeb 20180214
eGambit 20180214
Emsisoft 20180214
Endgame 20171130
ESET-NOD32 20180214
F-Prot 20180214
F-Secure 20180214
Fortinet 20180214
GData 20180214
Ikarus 20180213
Sophos ML 20180121
Jiangmin 20180214
K7AntiVirus 20180214
K7GW 20180214
Kaspersky 20180214
Kingsoft 20180214
Malwarebytes 20180214
MAX 20180214
McAfee 20180214
McAfee-GW-Edition 20180214
Microsoft 20180214
eScan 20180214
NANO-Antivirus 20180214
nProtect 20180214
Palo Alto Networks (Known Signatures) 20180214
Panda 20180213
Qihoo-360 20180214
Rising 20180214
SentinelOne (Static ML) 20180115
Sophos AV 20180214
SUPERAntiSpyware 20180214
Symantec 20180214
Tencent 20180214
TheHacker 20180213
Trustlook 20180214
VBA32 20180213
VIPRE 20180214
ViRobot 20180214
Webroot 20180214
WhiteArmor 20180205
Yandex 20180214
Zillya 20180213
ZoneAlarm by Check Point 20180214
Zoner 20180214
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT NSIS, appended, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2003-09-23 20:04:27
Entry Point 0x00003FDD
Number of sections 5
PE sections
Overlays
MD5 938ccd134005f6ca3af200ce778f8db4
File type data
Offset 55808
Size 939613
Entropy 8.00
PE imports
RegDeleteKeyA
RegCloseKey
RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegOpenKeyExA
RegEnumKeyA
RegCreateKeyA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SetBkMode
CreateFontA
CreateBrushIndirect
CreateFontIndirectA
CreateSolidBrush
SelectObject
SetBkColor
DeleteObject
SetTextColor
GetUserDefaultLangID
ReadFile
LoadLibraryA
CreateFileMappingA
GetFileAttributesA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
ExitProcess
SetFileTime
GlobalUnlock
GetModuleFileNameA
RemoveDirectoryA
GetShortPathNameA
GetCurrentProcess
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GlobalLock
SetFileAttributesA
lstrlenA
GetTempPathA
lstrcmpiA
CreateThread
MapViewOfFile
SetFilePointer
FindFirstFileA
lstrcpyA
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
GetSystemDirectoryA
GetDiskFreeSpaceA
ExpandEnvironmentStringsA
GetFullPathNameA
FreeLibrary
MoveFileA
CreateProcessA
GetEnvironmentVariableA
UnmapViewOfFile
WriteFile
GlobalAlloc
SearchPathA
FindClose
Sleep
SetEndOfFile
CreateFileA
GetTickCount
GetVersion
GetProcAddress
SetCurrentDirectoryA
GetModuleHandleA
MulDiv
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetMalloc
ShellExecuteA
SHFileOperationA
SetFocus
MapWindowPoints
GetMessagePos
EndPaint
EmptyClipboard
GetWindowTextA
EndDialog
PostQuitMessage
ShowWindow
DefWindowProcA
CreatePopupMenu
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
RegisterClassA
SetDlgItemTextA
LoadImageA
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
GetDC
SystemParametersInfoA
BeginPaint
GetClassInfoA
wsprintfA
SetClipboardData
CharPrevA
FindWindowExA
SendMessageA
DialogBoxParamA
GetClientRect
SetTimer
GetDlgItem
SetForegroundWindow
CreateDialogParamA
DrawTextA
ScreenToClient
GetWindowLongA
SendMessageTimeoutA
CreateWindowExA
LoadCursorA
TrackPopupMenu
SetWindowTextA
FillRect
OpenClipboard
CharNextA
CallWindowProcA
EnableWindow
CloseClipboard
DestroyWindow
ExitWindowsEx
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
OleUninitialize
CoCreateInstance
OleInitialize
Number of PE resources by type
RT_ICON 6
RT_DIALOG 5
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 13
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2003:09:23 21:04:27+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
23552

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
129024

SubsystemVersion
4.0

EntryPoint
0x3fdd

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
37888

File identification
MD5 fe4ada17335a23a1bc8f290380445034
SHA1 4a96294ade01d54c0ce66cda5e553ccb4aa59ed8
SHA256 bd355e5e31aa4bd3d794025991fc5363674a306c1d78b870809700a3f9cfa9e3
ssdeep
24576:OIAZS1lxhc+G4j2JSgyVgcrnsoSw2YneGLLV5dRhFBx96:OIAafG4jYSFprnBSYLLBPRhFBxM

authentihash 3ecf1ae9e6a0dbe375e9300289be22f576dc7b88f554396177ef3a092da45faf
imphash 606bf61a53b92607efcc1d6a454ee749
File size 972.1 KB ( 995421 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID NSIS - Nullsoft Scriptable Install System (91.9%)
Win32 Executable MS Visual C++ (generic) (3.3%)
Win64 Executable (generic) (3.0%)
Win32 Dynamic Link Library (generic) (0.7%)
Win32 Executable (generic) (0.4%)
Tags
nsis peexe overlay software-collection

VirusTotal metadata
First submission 2006-06-21 22:45:51 UTC ( 12 years, 3 months ago )
Last submission 2018-02-14 08:43:15 UTC ( 7 months ago )
File names 54967273
test.exe
Setup_product_23285.exe
file
Setup_product_20182.exe
fe4ada17335a23a1bc8f290380445034
Setup_product_22971.exe
wgsetup-en.exe
Setup_product_20366.exe
sample_4a96294ade01d54c0ce66cda5e553ccb4aa59ed8
WGSetup-en.exe
wellget.exe
Setup_product_15000.exe
WGSetup-en.exe
filename
bd355e5e31aa4bd3d794025991fc5363674a306c1d78b870809700a3f9cfa9e3
WGSetup-en.exe
vt-upload-4unBx
1360581265-WGSetup-en.exe
file-3207864_exe
Unfiltered-AML - 08-18-2013 - fe4ada17335a23a1bc8f290380445034.exe
1.exe
334cf241f584671cf2b33d48748a87b8cd205df39d53c4eebb8f8e95e5b5362cbff193ba34eacf66be0a902bca45c15cdb1f641681587b681d2f160a6a60f30b
WGSetup-en(1).exe
Setup_product_14561.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!