× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bdec80d263200644da6793f33e2c3dd1abd07e43c3a5c6c79d134bc1d89fcaf1
File name: GetGoDMWebInstaller.exe
Detection ratio: 0 / 67
Analysis date: 2018-03-10 14:12:40 UTC ( 11 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware 20180310
AegisLab 20180310
AhnLab-V3 20180310
Alibaba 20180310
ALYac 20180310
Antiy-AVL 20180310
Arcabit 20180309
Avast 20180310
Avast-Mobile 20180310
AVG 20180310
Avira (no cloud) 20180310
AVware 20180310
Baidu 20180309
BitDefender 20180310
Bkav 20180310
CAT-QuickHeal 20180310
ClamAV 20180310
CMC 20180310
Comodo 20180310
CrowdStrike Falcon (ML) 20170201
Cybereason 20180225
Cylance 20180310
Cyren 20180310
DrWeb 20180310
eGambit 20180310
Emsisoft 20180310
Endgame 20180308
ESET-NOD32 20180310
F-Prot 20180310
F-Secure 20180310
Fortinet 20180310
GData 20180310
Ikarus 20180310
Sophos ML 20180121
Jiangmin 20180310
K7AntiVirus 20180310
K7GW 20180310
Kaspersky 20180310
Kingsoft 20180310
Malwarebytes 20180310
MAX 20180310
McAfee 20180310
McAfee-GW-Edition 20180310
Microsoft 20180310
eScan 20180310
NANO-Antivirus 20180310
nProtect 20180310
Palo Alto Networks (Known Signatures) 20180310
Panda 20180310
Qihoo-360 20180310
Rising 20180310
SentinelOne (Static ML) 20180225
Sophos AV 20180310
SUPERAntiSpyware 20180310
Symantec 20180309
Symantec Mobile Insight 20180306
Tencent 20180310
TheHacker 20180307
TrendMicro 20180310
TrendMicro-HouseCall 20180310
Trustlook 20180310
VBA32 20180307
VIPRE 20180310
ViRobot 20180310
Webroot 20180310
WhiteArmor 20180223
Yandex 20180308
Zillya 20180309
ZoneAlarm by Check Point 20180310
Zoner 20180310
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (c) 2018 GetGo Software Ltd.

Product GetGo Download Manager
File version 6.1.1.3100
Description GetGo Download Manager Web Installer
Signature verification Signed file, verified signature
Signing date 8:22 AM 1/12/2018
Signers
[+] GetGo Software Ltd.
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer COMODO RSA Code Signing CA
Valid from 12:00 AM 01/23/2015
Valid to 11:59 PM 01/22/2018
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 4A331FBD7C60903D0EA19A78BF3D76DE228C4972
Serial number 5C 0E 4A B0 77 C1 D8 AE 5F 59 81 8A D3 B2 13 E1
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 05/09/2013
Valid to 11:59 PM 05/08/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 01/19/2010
Valid to 11:59 PM 01/18/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 12:00 AM 10/18/2012
Valid to 11:59 PM 12/29/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 12/21/2012
Valid to 11:59 PM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 01/01/1997
Valid to 11:59 PM 12/31/2020
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT NSIS, appended, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-07-25 00:55:41
Entry Point 0x000030D9
Number of sections 5
PE sections
Overlays
MD5 7c767610c4ba1e01fdae9cc7a0b31a25
File type data
Offset 258560
Size 1032688
Entropy 8.00
PE imports
RegDeleteKeyA
LookupPrivilegeValueA
RegCloseKey
RegDeleteValueA
OpenProcessToken
RegSetValueExA
RegQueryValueExA
AdjustTokenPrivileges
RegEnumKeyA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SelectObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetBkColor
DeleteObject
SetTextColor
GetLastError
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
FreeLibrary
CopyFileA
ExitProcess
SetFileTime
GlobalUnlock
GetModuleFileNameA
DeleteFileA
RemoveDirectoryA
GetShortPathNameA
GetCurrentProcess
LoadLibraryExA
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
ExpandEnvironmentStringsA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GlobalLock
GetFullPathNameA
GetModuleHandleA
GetTempPathA
CreateThread
lstrcmpiA
SetFilePointer
lstrcmpA
ReadFile
WriteFile
FindFirstFileA
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
GetSystemDirectoryA
GetDiskFreeSpaceA
MoveFileExA
GetProcAddress
SetEnvironmentVariableA
SetFileAttributesA
GetExitCodeProcess
MoveFileA
CreateProcessA
lstrcpyA
GlobalAlloc
SearchPathA
FindClose
Sleep
CreateFileA
GetTickCount
GetVersion
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
SHFileOperationA
EmptyClipboard
GetMessagePos
CharPrevA
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
GetClassInfoA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
MessageBoxIndirectA
LoadImageA
GetDlgItemTextA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
FindWindowExA
ReleaseDC
SystemParametersInfoA
CreatePopupMenu
wsprintfA
ShowWindow
SetClipboardData
IsWindowVisible
SendMessageA
DialogBoxParamA
GetClientRect
SetTimer
GetDlgItem
SetForegroundWindow
CreateDialogParamA
SetWindowTextA
EnableMenuItem
ScreenToClient
InvalidateRect
GetWindowLongA
SendMessageTimeoutA
CreateWindowExA
LoadCursorA
TrackPopupMenu
DrawTextA
DestroyWindow
FillRect
RegisterClassA
CharNextA
CallWindowProcA
GetSystemMenu
EndPaint
CloseClipboard
OpenClipboard
ExitWindowsEx
SetCursor
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_ICON 9
RT_DIALOG 3
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 15
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
118272

ImageVersion
6.0

ProductName
GetGo Download Manager

FileVersionNumber
6.1.1.3100

UninitializedDataSize
1024

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
ASCII

LinkerVersion
6.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.1.1.3100

TimeStamp
2016:07:25 01:55:41+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
6.1.1.3100

FileDescription
GetGo Download Manager Web Installer

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright (c) 2018 GetGo Software Ltd.

MachineType
Intel 386 or later, and compatibles

CodeSize
24064

FileSubtype
0

ProductVersionNumber
6.1.1.3100

EntryPoint
0x30d9

ObjectFileType
Executable application

File identification
MD5 f622a20d2e560d5fffed52906b2744de
SHA1 aed97e7fc18450632a0cb0dd6caf6e09a42f2ab5
SHA256 bdec80d263200644da6793f33e2c3dd1abd07e43c3a5c6c79d134bc1d89fcaf1
ssdeep
24576:lUUfyV/WQdhu61eJrO4EmuPBvAB01A8NrJ0EfdGnULQC:l8/31wlEhAGNrJxfEnUX

authentihash c9d37e52647f46157162c69cf414c7535e332c9a6a840ea6ac7cd77e27853653
imphash b78ecf47c0a3e24a6f4af114e2d1f5de
File size 1.2 MB ( 1291248 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
nsis peexe signed overlay

VirusTotal metadata
First submission 2018-01-16 18:55:27 UTC ( 1 year, 1 month ago )
Last submission 2018-12-24 10:29:42 UTC ( 1 month, 3 weeks ago )
File names GetGoDMWebInstaller.exe
BDEC80D263200644DA6793F33E2C3DD1ABD07E43C3A5C6C79D134BC1D89FCAF1.exe
GetGoDMWebInstaller.exe
getgo-download-manager_6.1.1.3100.exe
GetGoDMWebInstaller.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Runtime DLLs