× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c02fdd1bf6367339d21cecba017168e1856463e25660ddb414ca404ca861d0d3
File name: fb-download.php
Detection ratio: 1 / 54
Analysis date: 2016-04-02 00:02:06 UTC ( 2 years, 11 months ago ) View latest
Antivirus Result Update
Baidu HEUR.Win32.Virus.Lamer.g 20160402
Ad-Aware 20160401
AegisLab 20160401
AhnLab-V3 20160401
Alibaba 20160401
Antiy-AVL 20160401
Arcabit 20160401
Avast 20160401
AVG 20160402
Avira (no cloud) 20160402
Baidu-International 20160401
BitDefender 20160402
Bkav 20160401
CAT-QuickHeal 20160401
ClamAV 20160402
CMC 20160401
Comodo 20160401
Cyren 20160402
DrWeb 20160402
Emsisoft 20160402
ESET-NOD32 20160401
F-Prot 20160402
Fortinet 20160401
GData 20160401
Ikarus 20160401
Jiangmin 20160401
K7AntiVirus 20160401
K7GW 20160401
Kaspersky 20160401
Kingsoft 20160402
Malwarebytes 20160401
McAfee 20160401
McAfee-GW-Edition 20160401
Microsoft 20160401
eScan 20160401
NANO-Antivirus 20160401
nProtect 20160401
Panda 20160401
Qihoo-360 20160402
Rising 20160401
Sophos AV 20160401
SUPERAntiSpyware 20160401
Symantec 20160331
Tencent 20160402
TheHacker 20160330
TotalDefense 20160330
TrendMicro 20160401
TrendMicro-HouseCall 20160401
VBA32 20160401
VIPRE 20160401
ViRobot 20160401
Yandex 20160316
Zillya 20160401
Zoner 20160401
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Original name setup.exe
Internal name setup.exe
File version 11.0.60315.1 built by: Q11REL
Description Setup
Signature verification Signed file, verified signature
Signing date 1:11 AM 8/6/2015
Signers
[+] BreezeTree Software, LLC
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer COMODO Code Signing CA 2
Valid from 11:00 PM 03/14/2013
Valid to 10:59 PM 03/14/2016
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint FE6E02AD2ACC2E9FF34A408DF53B2796C9EAFB9F
Serial number 12 E9 58 D5 67 4A 1A 52 AF 2F BF EE C8 E8 AD 9F
[+] COMODO Code Signing CA 2
Status Valid
Issuer UTN-USERFirst-Object
Valid from 11:00 PM 08/23/2011
Valid to 09:48 AM 05/30/2020
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint B64771392538D1EB7A9281998791C14AFD0C5035
Serial number 10 70 9D 4F F5 54 08 D7 30 60 01 D8 EA 91 75 BB
[+] UTN-USERFirst-Object
Status Valid
Issuer AddTrust External CA Root
Valid from 07:09 AM 06/07/2005
Valid to 09:48 AM 05/30/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] The USERTrust Network™
Status Valid
Issuer AddTrust External CA Root
Valid from 09:48 AM 05/30/2000
Valid to 09:48 AM 05/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbprint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
Counter signers
[+] COMODO Time Stamping Signer
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer UTN-USERFirst-Object
Valid from 11:00 PM 05/04/2015
Valid to 11:59 PM 12/31/2015
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint DF946A5E503015777FD22F46B5624ECD27BEE376
Serial number 00 9F EA C8 11 B0 F1 62 47 A5 FC 20 D8 05 23 AC E6
[+] UTN-USERFirst-Object
Status Valid
Issuer AddTrust External CA Root
Valid from 07:09 AM 06/07/2005
Valid to 09:48 AM 05/30/2020
Valid usage All
Algorithm sha1RSA
Thumbrint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] The USERTrust Network™
Status Valid
Issuer AddTrust External CA Root
Valid from 09:48 AM 05/30/2000
Valid to 09:48 AM 05/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbrint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-15 03:35:20
Entry Point 0x0002FAA8
Number of sections 5
PE sections
Overlays
MD5 4a308d87b70e1ffb56093220c2df2eff
File type data
Offset 413696
Size 6240
Entropy 7.40
PE imports
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
GetDeviceCaps
GetTextMetricsW
DeleteDC
CreateFontIndirectW
SelectObject
GetTextExtentPoint32W
GetStockObject
EnumFontFamiliesExW
GetObjectW
CreateCompatibleDC
DeleteObject
GetStdHandle
WaitForSingleObject
GetFileAttributesW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
UnhandledExceptionFilter
ExitProcess
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
InterlockedExchange
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
LocalFree
FormatMessageW
BeginUpdateResourceW
LoadResource
OutputDebugStringW
FindClose
TlsGetValue
BeginUpdateResourceA
SetLastError
GetEnvironmentVariableA
CopyFileW
UpdateResourceW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
UpdateResourceA
HeapSetInformation
LoadLibraryExA
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
CreateThread
GetSystemDirectoryW
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
TerminateProcess
InterlockedDecrement
GetModuleHandleExW
GlobalAlloc
GetDiskFreeSpaceExW
ReadConsoleW
GetVersion
InterlockedIncrement
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
EndUpdateResourceW
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
RtlUnwind
FreeLibrary
GetWindowsDirectoryW
OpenProcess
DeleteFileA
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
GetTempFileNameW
CompareStringW
WriteFile
ExpandEnvironmentStringsW
FindNextFileW
GetEnvironmentVariableW
FindFirstFileW
IsValidLocale
GetProcAddress
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
GetCurrentThreadId
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
InitializeCriticalSection
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
GetTimeFormatW
GetEnvironmentStringsW
lstrlenW
Process32NextW
SwitchToThread
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
RaiseException
InterlockedCompareExchange
Process32FirstW
SetEndOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
FindResourceW
Sleep
FindResourceA
GetOEMCP
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetMalloc
ShellExecuteA
GetComputerObjectNameW
SetFocus
CreateDialogIndirectParamW
DrawTextW
SetClassLongW
ShowWindow
ShowScrollBar
MessageBoxW
PeekMessageW
GetWindowRect
EnableWindow
MoveWindow
MessageBoxA
SendDlgItemMessageW
SetDlgItemTextW
DispatchMessageW
CreateDialogParamW
ReleaseDC
SendMessageW
TranslateMessage
GetSystemMetrics
SendMessageA
SetWindowTextW
GetDlgItem
SystemParametersInfoW
ScreenToClient
LoadImageW
IsDialogMessageW
GetClientRect
GetDialogBaseUnits
LoadCursorW
LoadIconW
GetFocus
GetDC
MsgWaitForMultipleObjects
SetForegroundWindow
DestroyWindow
ExitWindowsEx
SetCursor
InternetCrackUrlW
InternetCombineUrlW
Ord(78)
Ord(150)
Ord(8)
Ord(92)
CoUninitialize
CoInitialize
PE exports
Number of PE resources by type
Struct(43) 92
RT_ICON 12
RT_DIALOG 3
Struct(45) 2
Struct(40) 2
RT_GROUP_ICON 2
Struct(44) 1
RT_MANIFEST 1
Struct(41) 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 98
ENGLISH US 19
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

InitializedDataSize
82432

ImageVersion
10.0

FileVersionNumber
11.0.60315.1

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, Large address aware, 32-bit

CharacterSet
Unicode

LinkerVersion
11.0

FileTypeExtension
exe

OriginalFileName
setup.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
11.0.60315.1 built by: Q11REL

TimeStamp
2013:03:14 20:35:20-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
setup.exe

ProductVersion
11.0.60315.1

FileDescription
Setup

OSVersion
5.1

FileOS
Win32

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CodeSize
330240

FileSubtype
0

ProductVersionNumber
11.0.60315.1

EntryPoint
0x2faa8

ObjectFileType
Executable application

File identification
MD5 1d67ea50621bb3ddc2073486c2b666ae
SHA1 5209bf100c8cb4734c735c8c70d2f7c003093560
SHA256 c02fdd1bf6367339d21cecba017168e1856463e25660ddb414ca404ca861d0d3
ssdeep
6144:yDYWR5J+Wnp8JZt1u3s+++yPmhbyonmqZ2TLdwMpvXVQF4WaofLuR:yDtPJKQ7v5yamCmwj9LU

authentihash 309b1484ee706080fd06516983ab75d9f073f6a672eae0f3cb3a1a3d18f3c392
imphash faa0bc220f53587aedab9242f4908d7f
File size 410.1 KB ( 419936 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (36.1%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win64 Executable (generic) (23.2%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.7%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2015-08-07 00:25:32 UTC ( 3 years, 7 months ago )
Last submission 2019-02-22 20:52:02 UTC ( 3 weeks, 6 days ago )
File names fb-download.php
FlowBreeze3Setup.exe
FlowBreeze3Setup.exe
FlowBreeze3Setup.exe
FlowBreeze3Setup.exe
C02FDD1BF6367339D21CECBA017168E1856463E25660DDB414CA404CA861D0D3
setup.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections