× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: be4283edf1d9be7d7ab4e6e57e7c7e8737585be85a62d427f4965e417af3dd14
File name: Setup.exe
Detection ratio: 13 / 48
Analysis date: 2013-10-16 13:10:38 UTC ( 6 months ago ) View latest
Antivirus Result Update
AntiVir APPL/InstallCore.AH.31 20131016
Baidu-International Adware.Win32.Agent.45 20131016
ESET-NOD32 Win32/InstallCore 20131016
F-Prot W32/InstallCore.G4.gen!Eldorado 20131016
K7AntiVirus Trojan 20131015
K7GW Trojan 20131015
Malwarebytes PUP.Optional.Funmoods 20131016
McAfee Artemis!592F35F9954A 20131016
McAfee-GW-Edition Artemis!592F35F9954A 20131016
Rising AdWare.Win32.InstallCore.i 20131016
Sophos Funmoods Toolbar 20131016
Symantec WS.Reputation.1 20131016
TrendMicro-HouseCall TROJ_GEN.F47V0331 20131016
AVG 20131016
Agnitum 20131015
AhnLab-V3 20131016
Antiy-AVL 20131016
Avast 20131016
BitDefender 20131012
Bkav 20131016
ByteHero 20130924
CAT-QuickHeal 20131016
ClamAV 20131016
Commtouch 20131016
Comodo 20131016
DrWeb 20131016
Emsisoft 20131016
F-Secure 20131016
Fortinet 20131016
GData 20131016
Ikarus 20131016
Jiangmin 20131014
Kaspersky 20131016
Kingsoft 20130829
MicroWorld-eScan 20131016
Microsoft 20131016
NANO-Antivirus 20131016
Norman 20131016
PCTools 20131002
Panda 20131016
SUPERAntiSpyware 20131016
TheHacker 20131015
TotalDefense 20131015
TrendMicro 20131016
VBA32 20131016
VIPRE 20131016
ViRobot 20131016
nProtect 20131016
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Link date 11:22 PM 6/19/1992
Entry Point 0x0012FCA0
Number of sections 3
PE sections
PE imports
MenuHelp
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
RegCloseKey
Number of PE resources by type
RT_STRING 14
RT_BITMAP 11
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_RCDATA 6
RT_ICON 4
RT_DIALOG 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 42
ENGLISH US 10
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
581632

LinkerVersion
2.25

FileAccessDate
2014:04:14 04:37:54+01:00

EntryPoint
0x12fca0

InitializedDataSize
32768

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:04:14 04:37:54+01:00

UninitializedDataSize
659456

File identification
MD5 592f35f9954a7ec4c0b4985857f81ad8
SHA1 a116d71bcf723f12f3824165b9ee1e2d8031e47c
SHA256 be4283edf1d9be7d7ab4e6e57e7c7e8737585be85a62d427f4965e417af3dd14
ssdeep
12288:DrubYPDPR5rjC0g6Qk41+zxpRej4HqkHsdfX4p0NM/5fJd0ZTpPUTUG/aBhH:fub4XfCXSpkNljImZTpPVG/0d

imphash eb39ec77c6339b9807f6e3d4f44acf11
File size 603.8 KB ( 618328 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (41.1%)
Win32 EXE Yoda's Crypter (35.7%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Win16/32 Executable Delphi generic (2.7%)
Tags
peexe upx signed

VirusTotal metadata
First submission 2013-03-31 22:37:39 UTC ( 1 year ago )
Last submission 2014-04-14 03:42:13 UTC ( 6 days, 9 hours ago )
File names 21423664
o%3Ap%3E%3C
Setup.exe
file-5407300_exe
output.21423664.txt
be4283edf1d9be7d7ab4e6e57e7c7e8737585be85a62d427f4965e417af3dd14
o
setup.exe
Setup.exe
caf8955181c62c82f2088c61453fafd733e0eb0a
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections