× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c0c3de41e3975e900a56c370d7f2b735729b6f1100fd59d2241900c45b4652be
File name: reaper596-install.exe
Detection ratio: 0 / 69
Analysis date: 2018-12-12 09:21:15 UTC ( 1 month ago ) View latest
Antivirus Result Update
Ad-Aware 20181212
AegisLab 20181212
AhnLab-V3 20181212
Alibaba 20180921
ALYac 20181212
Antiy-AVL 20181212
Arcabit 20181212
Avast 20181212
Avast-Mobile 20181211
AVG 20181212
Avira (no cloud) 20181211
Babable 20180918
Baidu 20181207
BitDefender 20181212
Bkav 20181211
CAT-QuickHeal 20181211
ClamAV 20181212
CMC 20181212
Comodo 20181212
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181212
Cyren 20181212
DrWeb 20181212
eGambit 20181212
Emsisoft 20181212
Endgame 20181108
ESET-NOD32 20181212
F-Prot 20181212
F-Secure 20181212
Fortinet 20181212
GData 20181212
Sophos ML 20181128
Jiangmin 20181212
K7AntiVirus 20181212
K7GW 20181212
Kaspersky 20181212
Kingsoft 20181212
Malwarebytes 20181212
MAX 20181212
McAfee 20181212
McAfee-GW-Edition 20181212
Microsoft 20181212
eScan 20181212
NANO-Antivirus 20181212
Palo Alto Networks (Known Signatures) 20181212
Panda 20181211
Qihoo-360 20181212
Rising 20181212
SentinelOne (Static ML) 20181011
Sophos AV 20181211
SUPERAntiSpyware 20181205
Symantec 20181212
Symantec Mobile Insight 20181207
TACHYON 20181212
Tencent 20181212
TheHacker 20181210
TotalDefense 20181211
Trapmine 20181205
TrendMicro 20181212
TrendMicro-HouseCall 20181212
Trustlook 20181212
VBA32 20181211
VIPRE 20181211
ViRobot 20181212
Webroot 20181212
Yandex 20181211
Zillya 20181211
ZoneAlarm by Check Point 20181212
Zoner 20181212
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 9:12 PM 10/8/2018
Signers
[+] Cockos Incorporated
Status Valid
Issuer COMODO RSA Code Signing CA
Valid from 1:00 AM 1/15/2016
Valid to 12:59 AM 1/15/2021
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 32F396806BC2113319A7BF12C87C2A0E061139C0
Serial number 77 19 73 6A 3F 6A A5 4C A8 55 55 CF CC C6 46 43
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 5/9/2013
Valid to 12:59 AM 5/9/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 1/19/2010
Valid to 12:59 AM 1/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT NSIS
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-04-02 03:20:09
Entry Point 0x0000326C
Number of sections 5
PE sections
Overlays
MD5 4fafde10c09efc9edbf36d7370766c0f
File type data
Offset 325120
Size 9759464
Entropy 8.00
PE imports
RegDeleteKeyA
RegCloseKey
RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SelectObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetBkColor
DeleteObject
SetTextColor
GetLastError
ReadFile
lstrlenA
lstrcmpiA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
GetTickCount
SetFileTime
GlobalUnlock
GetModuleFileNameA
RemoveDirectoryA
GetShortPathNameA
GetCurrentProcess
LoadLibraryExA
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GlobalLock
SetFileAttributesA
GetModuleHandleA
GetTempPathA
CreateThread
GetFileAttributesA
SetFilePointer
lstrcmpA
FindFirstFileA
WriteFile
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
GetSystemDirectoryA
GetDiskFreeSpaceA
ExpandEnvironmentStringsA
GetFullPathNameA
FreeLibrary
MoveFileA
CreateProcessA
GlobalAlloc
SearchPathA
FindClose
Sleep
CreateFileA
ExitProcess
GetVersion
GetProcAddress
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
SHFileOperationA
CharPrevA
GetMessagePos
EndPaint
SystemParametersInfoA
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
GetClassInfoA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
ScreenToClient
SetDlgItemTextA
MessageBoxIndirectA
LoadImageA
GetDlgItemTextA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
FindWindowExA
DrawTextA
CreatePopupMenu
wsprintfA
DialogBoxParamA
SetClipboardData
IsWindowVisible
SendMessageA
CloseClipboard
GetClientRect
SetTimer
GetDlgItem
CreateDialogParamA
SetWindowTextA
EnableMenuItem
RegisterClassA
InvalidateRect
GetWindowLongA
SendMessageTimeoutA
CreateWindowExA
LoadCursorA
TrackPopupMenu
DestroyWindow
FillRect
ShowWindow
CharNextA
CallWindowProcA
GetSystemMenu
EmptyClipboard
EnableWindow
SetForegroundWindow
OpenClipboard
ExitWindowsEx
SetCursor
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_DIALOG 7
RT_ICON 7
RT_BITMAP 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 17
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:04:02 04:20:09+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
24064

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
120320

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x326c

OSVersion
4.0

ImageVersion
6.0

UninitializedDataSize
1024

File identification
MD5 fe3e32a1f33555c2edb3b1f126c35358
SHA1 693d6a3212f60282a24ddd78b7401383e2e9861f
SHA256 c0c3de41e3975e900a56c370d7f2b735729b6f1100fd59d2241900c45b4652be
ssdeep
196608:kqvARh7k3cuNj9N1nYEbcF2y0C3bDSAk48yl2pPt/G81pQ0u:nIRh7Sj9UpF2Pmnj8ZkEju

authentihash 0f447263c43e58caf5a80271a28d4582486519b37e3bc16e8bc634360fbb7df9
imphash b1a57b635b23ffd553b3fd1e0960b2bd
File size 9.6 MB ( 10084584 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
nsis peexe signed overlay

VirusTotal metadata
First submission 2018-10-09 04:12:30 UTC ( 3 months, 1 week ago )
Last submission 2019-01-08 09:57:51 UTC ( 1 week, 1 day ago )
File names reaper596-install.exe
reaper596-install.exe
reaper596-install.exe
reaper596-install.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created mutexes
Runtime DLLs