× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c23e8174619bb97bcb7d639a4387cb033787dea7f5f1068b0c2d364dce3af0d6
File name: scrabble-575-jetelecharge.exe
Detection ratio: 0 / 56
Analysis date: 2016-12-19 03:24:42 UTC ( 6 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware 20161219
AegisLab 20161217
AhnLab-V3 20161218
Alibaba 20161216
ALYac 20161219
Antiy-AVL 20161219
Arcabit 20161219
Avast 20161219
AVG 20161218
Avira (no cloud) 20161218
AVware 20161219
Baidu 20161207
BitDefender 20161219
Bkav 20161217
CAT-QuickHeal 20161217
ClamAV 20161219
CMC 20161218
Comodo 20161219
CrowdStrike Falcon (ML) 20161024
Cyren 20161219
DrWeb 20161219
Emsisoft 20161219
ESET-NOD32 20161218
F-Prot 20161219
F-Secure 20161219
Fortinet 20161219
GData 20161219
Ikarus 20161218
Invincea 20161216
Jiangmin 20161219
K7AntiVirus 20161218
K7GW 20161219
Kaspersky 20161219
Kingsoft 20161219
Malwarebytes 20161219
McAfee 20161219
McAfee-GW-Edition 20161219
Microsoft 20161219
eScan 20161219
NANO-Antivirus 20161219
nProtect 20161219
Panda 20161218
Qihoo-360 20161219
Rising 20161219
Sophos 20161219
SUPERAntiSpyware 20161218
Symantec 20161219
Tencent 20161219
TheHacker 20161214
TotalDefense 20161218
TrendMicro 20161219
TrendMicro-HouseCall 20161219
Trustlook 20161219
VBA32 20161216
VIPRE 20161219
ViRobot 20161219
WhiteArmor 20161212
Yandex 20161217
Zillya 20161216
Zoner 20161218
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 1990-2002 InstallShield Software Corporation

Product InstallShield (R)
Original name Setup.exe
Internal name ISPNickel
File version 7, 01, 100, 1248
Description InstallShield (R) Setup Launcher
Packers identified
PEiD InstallShield Custom
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-12-02 18:31:43
Entry Point 0x0000B1CC
Number of sections 4
PE sections
Overlays
MD5 1fc8dea65bb5ff0bbfd332ab440fbb41
File type data
Offset 102912
Size 25737510
Entropy 7.98
PE imports
GetTokenInformation
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
OpenProcessToken
RegQueryValueA
FreeSid
RegQueryValueExA
AllocateAndInitializeSid
OpenThreadToken
RegSetValueExA
EqualSid
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExA
GetObjectA
CreateFontIndirectA
GetTextExtentPoint32A
DeleteObject
LPtoDP
ReleaseMutex
GetFileAttributesA
WaitForSingleObject
HeapDestroy
DebugBreak
DeleteCriticalSection
GetCurrentProcess
lstrcatA
SetErrorMode
FindResourceExA
WideCharToMultiByte
WriteFile
HeapReAlloc
SetEvent
MoveFileA
InitializeCriticalSection
LoadResource
FindClose
InterlockedDecrement
SetLastError
ExitProcess
RemoveDirectoryA
GetPrivateProfileStringA
MultiByteToWideChar
CreateMutexA
GetModuleHandleA
CreateThread
VirtualQuery
SearchPathA
GetVersion
LeaveCriticalSection
HeapFree
EnterCriticalSection
lstrcmpiA
FreeLibrary
QueryPerformanceCounter
GetTickCount
VirtualProtect
GetVersionExA
LoadLibraryA
GetStartupInfoA
GetFileSize
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GlobalLock
CompareStringW
lstrcmpA
FindFirstFileA
lstrcpyA
CompareStringA
GetTempFileNameA
CreateFileMappingA
GetProcAddress
GetModuleFileNameA
CreateEventA
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
SystemTimeToFileTime
UnmapViewOfFile
GetSystemInfo
lstrlenA
GlobalFree
GlobalUnlock
GlobalAlloc
lstrlenW
GetShortPathNameA
SizeofResource
WritePrivateProfileStringA
LockResource
GetCommandLineA
GetCurrentThread
GetTempPathA
GetSystemDefaultLangID
QueryPerformanceFrequency
MapViewOfFile
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetCurrentThreadId
FindResourceA
CreateProcessA
HeapCreate
Sleep
IsBadReadPtr
OpenEventA
ResetEvent
LZCopy
LZClose
LZOpenFileA
LoadRegTypeLib
SysStringLen
SysAllocStringLen
RegisterTypeLib
VariantClear
SysAllocString
VariantCopy
LoadTypeLib
SysFreeString
GetMessageA
SetWindowRgn
ReleaseDC
EndDialog
CreateDialogIndirectParamA
KillTimer
ShowWindow
SetWindowPos
CharLowerA
IsDialogMessageA
GetWindowRect
DispatchMessageA
SetDlgItemTextA
MoveWindow
PeekMessageA
TranslateMessage
CharUpperA
SetActiveWindow
GetDC
SystemParametersInfoA
SetWindowTextA
LoadStringA
SendMessageA
GetDlgItem
CharLowerBuffA
ScreenToClient
wsprintfA
SetTimer
LoadIconA
CharNextA
GetDesktopWindow
PostThreadMessageA
MsgWaitForMultipleObjects
GetWindowTextA
DialogBoxIndirectParamA
DestroyWindow
VerInstallFileA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
CoGetInterfaceAndReleaseStream
CoInitialize
CoTaskMemAlloc
CoRevokeClassObject
GetRunningObjectTable
CoCreateInstance
CoMarshalInterThreadInterfaceInStream
StringFromCLSID
CoUninitialize
CoCreateGuid
CoReleaseMarshalData
CoTaskMemFree
CoRegisterClassObject
StringFromGUID2
Number of PE resources by type
RT_STRING 33
RT_ICON 4
RT_DIALOG 2
RT_MANIFEST 1
TYPELIB 1
PUBLICKEY 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
ENGLISH US 4
TURKISH DEFAULT 4
SWEDISH 1
PORTUGUESE 1
CZECH DEFAULT 1
FRENCH 1
CHINESE SIMPLIFIED 1
SLOVENIAN DEFAULT 1
INDONESIAN DEFAULT 1
DUTCH 1
ITALIAN 1
CATALAN DEFAULT 1
FINNISH DEFAULT 1
SERBIAN CYRILLIC 1
PORTUGUESE BRAZILIAN 1
SPANISH 1
FRENCH CANADIAN 1
KOREAN 1
BASQUE DEFAULT 1
HUNGARIAN DEFAULT 1
GERMAN 1
BULGARIAN DEFAULT 1
POLISH DEFAULT 1
JAPANESE DEFAULT 1
DANISH DEFAULT 1
SLOVAK DEFAULT 1
GREEK DEFAULT 1
NORWEGIAN BOKMAL 1
CHINESE TRADITIONAL 1
THAI DEFAULT 1
SERBIAN DEFAULT 1
ROMANIAN 1
RUSSIAN 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.1.100.1248

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
43008

EntryPoint
0xb1cc

OriginalFileName
Setup.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 1990-2002 InstallShield Software Corporation

FileVersion
7, 01, 100, 1248

TimeStamp
2002:12:02 19:31:43+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ISPNickel

ProductVersion
7, 01

FileDescription
InstallShield (R) Setup Launcher

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
InstallShield Software Corporation

CodeSize
58880

ProductName
InstallShield (R)

ProductVersionNumber
7.1.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 7d2a060737f078f770041b65d852129b
SHA1 aeaf6f78ff3b003e8e5462be708fd79fb734d2e9
SHA256 c23e8174619bb97bcb7d639a4387cb033787dea7f5f1068b0c2d364dce3af0d6
ssdeep
786432:MkiJcviFMbaDsj7mpu6RykqRSD0AukhXCEx0mzY7rxdAhYdez:MkhjbKsmpuWsQRCE6mzYHxGhYdS

authentihash 70f997296bff4c3bc759694b962891bbb4b60c496a0d504a3c2d0158d98581f7
imphash 052531e33b73e689b62443a5a3b4e9d1
File size 24.6 MB ( 25840422 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.8%)
Win64 Executable (generic) (31.7%)
Windows screen saver (15.0%)
Win32 Dynamic Link Library (generic) (7.5%)
Win32 Executable (generic) (5.1%)
Tags
peexe installshield overlay

VirusTotal metadata
First submission 2013-06-14 19:13:03 UTC ( 4 years ago )
Last submission 2016-12-19 03:24:42 UTC ( 6 months, 1 week ago )
File names scrabble-575-jetelecharge.exe
ISPNickel
scrabble-575-jetelecharge.exe
scrabble.exe
SCRABBLE_2005_demo_fr.exe
scrabble-575-jetelecharge.exe
scrabble-575-jetelecharge.exe
Setup.exe
c23e8174619bb97bcb7d639a4387cb033787dea7f5f1068b0c2d364dce3af0d6
scrabble-575-jetelecharge.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!