× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bd3b15ab62ec6b0c7a00f46022d441af03277be893326f6fea8e212dc2d77743
Detection ratio: 10 / 65
Analysis date: 2018-01-30 23:03:33 UTC ( 1 year, 1 month ago ) View latest
Antivirus Result Update
Avast Win32:Evo-gen [Susp] 20180130
AVG Win32:Evo-gen [Susp] 20180130
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9979 20180130
Bkav HW32.Packed.4493 20180130
eGambit Unsafe.AI_Score_96% 20180131
Ikarus Trojan.Crypt 20180130
McAfee Artemis!1DC9E39FEEE9 20180130
McAfee-GW-Edition BehavesLike.Win32.ObfusRansom.tc 20180130
Palo Alto Networks (Known Signatures) generic.ml 20180131
TrendMicro-HouseCall Suspicious_GEN.F47V0130 20180130
Ad-Aware 20180130
AegisLab 20180130
AhnLab-V3 20180130
Alibaba 20180130
ALYac 20180130
Antiy-AVL 20180130
Arcabit 20180130
Avast-Mobile 20180130
Avira (no cloud) 20180130
AVware 20180130
BitDefender 20180130
CAT-QuickHeal 20180130
ClamAV 20180130
CMC 20180130
Comodo 20180130
CrowdStrike Falcon (ML) 20170201
Cybereason 20171103
Cylance 20180131
Cyren 20180130
DrWeb 20180130
Emsisoft 20180130
Endgame 20171130
ESET-NOD32 20180130
F-Prot 20180130
Fortinet 20180130
GData 20180130
Sophos ML 20180121
Jiangmin 20180130
K7AntiVirus 20180130
K7GW 20180130
Kaspersky 20180130
Kingsoft 20180131
Malwarebytes 20180130
MAX 20180131
Microsoft 20180130
eScan 20180130
NANO-Antivirus 20180130
nProtect 20180130
Panda 20180130
Qihoo-360 20180131
Rising 20180130
SentinelOne (Static ML) 20180115
Sophos AV 20180130
SUPERAntiSpyware 20180130
Symantec 20180130
Symantec Mobile Insight 20180126
Tencent 20180131
TheHacker 20180130
TrendMicro 20180130
Trustlook 20180131
VBA32 20180130
VIPRE 20180130
ViRobot 20180130
Webroot 20180131
Yandex 20180130
Zillya 20180130
ZoneAlarm by Check Point 20180130
Zoner 20180130
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
http://nsis.sf.net/License

File version 3.03
Description NSIS Setup
Packers identified
F-PROT NSIS, appended, UTF-8, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-01-30 03:57:41
Entry Point 0x000034A5
Number of sections 5
PE sections
Overlays
MD5 b6452074348d6027d39a93cfbea39d62
File type data
Offset 52736
Size 1670780
Entropy 8.00
PE imports
RegCreateKeyExW
RegEnumValueW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueExW
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
CreateFontIndirectW
SelectObject
CreateBrushIndirect
SetBkMode
SetBkColor
DeleteObject
SetTextColor
SetFilePointer
GetLastError
CopyFileW
GetShortPathNameW
lstrlenA
GetModuleFileNameW
GlobalFree
WaitForSingleObject
GetExitCodeProcess
ExitProcess
GlobalUnlock
GetFileAttributesW
lstrlenW
GetCurrentProcess
CompareFileTime
GetWindowsDirectoryW
GetFileSize
SetFileTime
GetCommandLineW
WideCharToMultiByte
SetErrorMode
MultiByteToWideChar
CreateDirectoryW
DeleteFileW
GlobalLock
ReadFile
lstrcpyA
GetPrivateProfileStringW
WritePrivateProfileStringW
GetTempFileNameW
lstrcpynW
RemoveDirectoryW
ExpandEnvironmentStringsW
GetFullPathNameW
lstrcmpiA
CreateThread
SetEnvironmentVariableW
MoveFileExW
GetModuleHandleA
GetSystemDirectoryW
GetDiskFreeSpaceW
FindNextFileW
GetTempPathW
CloseHandle
FindFirstFileW
lstrcmpW
GetModuleHandleW
lstrcatW
FreeLibrary
SearchPathW
lstrcmpiW
SetCurrentDirectoryW
WriteFile
CreateFileW
GlobalAlloc
CreateProcessW
FindClose
Sleep
MoveFileW
SetFileAttributesW
GetTickCount
GetVersion
GetProcAddress
LoadLibraryExW
MulDiv
SHBrowseForFolderW
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
EmptyClipboard
GetMessagePos
EndPaint
EndDialog
LoadBitmapW
SetClassLongW
DefWindowProcW
CharPrevW
PostQuitMessage
ShowWindow
SetWindowPos
SendMessageTimeoutW
GetSystemMetrics
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
EnableWindow
GetDC
DialogBoxParamW
AppendMenuW
IsWindowEnabled
GetDlgItemTextW
MessageBoxIndirectW
GetSysColor
CheckDlgButton
DispatchMessageW
CreateDialogParamW
ReleaseDC
BeginPaint
CreatePopupMenu
SendMessageW
SetWindowTextW
SetClipboardData
wsprintfW
FindWindowExW
IsWindowVisible
DestroyWindow
GetClientRect
SetTimer
GetDlgItem
SetForegroundWindow
SystemParametersInfoW
DrawTextW
LoadImageW
EnableMenuItem
ScreenToClient
InvalidateRect
wsprintfA
CharNextW
CallWindowProcW
TrackPopupMenu
RegisterClassW
FillRect
CharNextA
SetDlgItemTextW
LoadCursorW
GetSystemMenu
GetClassInfoW
CreateWindowExW
GetWindowLongW
CloseClipboard
SetCursor
ExitWindowsEx
OpenClipboard
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_DIALOG 7
RT_ICON 6
RT_MANIFEST 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 17
PE resources
ExifTool file metadata
UninitializedDataSize
2048

LinkerVersion
6.0

ImageVersion
6.0

FileVersionNumber
3.3.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
NSIS Setup

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
141824

EntryPoint
0x34a5

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
3.03

TimeStamp
2018:01:30 04:57:41+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

LegalCopyright
http://nsis.sf.net/License

MachineType
Intel 386 or later, and compatibles

CodeSize
26112

FileSubtype
0

ProductVersionNumber
3.3.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
File identification
MD5 1dc9e39feee971335ad76175d023c363
SHA1 14c8f24fa16058885da83a63d958e74cd62dfb6e
SHA256 bd3b15ab62ec6b0c7a00f46022d441af03277be893326f6fea8e212dc2d77743
ssdeep
24576:9to/SdFXSt1xc8E+poxPmS/lrHX4K/IZOpF60q75rEsS1FYVfctplCMv6Nr3txEx:yCFObE+po1bRF+r9UO0Ptv6NrDEx

authentihash 19f4dcfdabafdcfc4dff14dffb3954dea6077ce9d5c67010e6512970311590ea
imphash 1f23f452093b5c1ff091a2f9fb4fa3e9
File size 1.6 MB ( 1723516 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
nsis peexe overlay

VirusTotal metadata
First submission 2018-01-30 07:33:00 UTC ( 1 year, 1 month ago )
Last submission 2019-02-17 13:00:34 UTC ( 1 month ago )
File names nsis-3.03-setup.exe
nsis-3.03-setup.exe
Sourcerforge-NSIS-3.03-setup.exe
nsis-3.03-setup.exe
BD3B15AB62EC6B0C7A00F46022D441AF03277BE893326F6FEA8E212DC2D77743.exe
nsis-3.03-setup.exe
nsis-3.03-setup.exe
559ec7acc10da4334d5918e953e6b6c4969c3b13
bd3b15ab62ec6b0c7a00f46022d441af03277be893326f6fea8e212dc2d77743.bin
nsis-3.03-setup.exe
nsis-3.03-setup (2).exe
nsis-3.03-setup.exe
nsis-3.03-setup Nullsoft Scriptable Install System(NSIS).exe
nsis-3.03-setup.exe
nsis-3.03-setup.exe
NSIS Chip.exe
nsis-3.03-setup.exe
nsis-3.03-setup.exe
nsis-3.03-setup.exe
nsis-3.03-setup.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created mutexes
Runtime DLLs