× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c23e8174619bb97bcb7d639a4387cb033787dea7f5f1068b0c2d364dce3af0d6
File name: scrabble-575-jetelecharge.exe
Detection ratio: 1 / 66
Analysis date: 2017-12-23 03:45:32 UTC ( 11 months ago ) View latest
Antivirus Result Update
eGambit Unsafe.AI_Score_69% 20171223
Ad-Aware 20171223
AegisLab 20171223
AhnLab-V3 20171222
Alibaba 20171222
ALYac 20171223
Antiy-AVL 20171223
Arcabit 20171223
Avast 20171223
Avast-Mobile 20171222
AVG 20171223
Avira (no cloud) 20171223
AVware 20171223
Baidu 20171222
BitDefender 20171223
Bkav 20171222
CAT-QuickHeal 20171222
ClamAV 20171222
CMC 20171222
Comodo 20171222
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20171223
Cyren 20171223
DrWeb 20171223
Emsisoft 20171223
Endgame 20171130
ESET-NOD32 20171223
F-Prot 20171223
F-Secure 20171223
Fortinet 20171223
Ikarus 20171222
Sophos ML 20170914
Jiangmin 20171221
K7AntiVirus 20171222
K7GW 20171222
Kaspersky 20171223
Kingsoft 20171223
Malwarebytes 20171223
MAX 20171223
McAfee 20171223
McAfee-GW-Edition 20171223
Microsoft 20171223
eScan 20171223
NANO-Antivirus 20171223
nProtect 20171223
Palo Alto Networks (Known Signatures) 20171223
Panda 20171222
Qihoo-360 20171223
Rising 20171223
SentinelOne (Static ML) 20171207
Sophos AV 20171223
Symantec 20171222
Symantec Mobile Insight 20171222
Tencent 20171223
TheHacker 20171219
TotalDefense 20171222
TrendMicro 20171223
TrendMicro-HouseCall 20171223
Trustlook 20171223
VBA32 20171222
VIPRE 20171223
ViRobot 20171222
Webroot 20171223
WhiteArmor 20171204
Yandex 20171222
Zillya 20171222
ZoneAlarm by Check Point 20171223
Zoner 20171223
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 1990-2002 InstallShield Software Corporation

Product InstallShield (R)
Original name Setup.exe
Internal name ISPNickel
File version 7, 01, 100, 1248
Description InstallShield (R) Setup Launcher
Packers identified
PEiD InstallShield Custom
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-12-02 18:31:43
Entry Point 0x0000B1CC
Number of sections 4
PE sections
Overlays
MD5 1fc8dea65bb5ff0bbfd332ab440fbb41
File type data
Offset 102912
Size 25737510
Entropy 7.98
PE imports
GetTokenInformation
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
OpenProcessToken
RegQueryValueA
FreeSid
RegQueryValueExA
AllocateAndInitializeSid
OpenThreadToken
RegSetValueExA
EqualSid
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExA
GetObjectA
CreateFontIndirectA
GetTextExtentPoint32A
DeleteObject
LPtoDP
ReleaseMutex
GetFileAttributesA
WaitForSingleObject
HeapDestroy
DebugBreak
DeleteCriticalSection
GetCurrentProcess
lstrcatA
SetErrorMode
FindResourceExA
WideCharToMultiByte
WriteFile
HeapReAlloc
SetEvent
MoveFileA
InitializeCriticalSection
LoadResource
FindClose
InterlockedDecrement
SetLastError
ExitProcess
RemoveDirectoryA
GetPrivateProfileStringA
MultiByteToWideChar
CreateMutexA
GetModuleHandleA
CreateThread
VirtualQuery
SearchPathA
GetVersion
LeaveCriticalSection
HeapFree
EnterCriticalSection
lstrcmpiA
FreeLibrary
QueryPerformanceCounter
GetTickCount
VirtualProtect
GetVersionExA
LoadLibraryA
GetStartupInfoA
GetFileSize
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GlobalLock
CompareStringW
lstrcmpA
FindFirstFileA
lstrcpyA
CompareStringA
GetTempFileNameA
CreateFileMappingA
GetProcAddress
GetModuleFileNameA
CreateEventA
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
SystemTimeToFileTime
UnmapViewOfFile
GetSystemInfo
lstrlenA
GlobalFree
GlobalUnlock
GlobalAlloc
lstrlenW
GetShortPathNameA
SizeofResource
WritePrivateProfileStringA
LockResource
GetCommandLineA
GetCurrentThread
GetTempPathA
GetSystemDefaultLangID
QueryPerformanceFrequency
MapViewOfFile
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetCurrentThreadId
FindResourceA
CreateProcessA
HeapCreate
Sleep
IsBadReadPtr
OpenEventA
ResetEvent
LZCopy
LZClose
LZOpenFileA
LoadRegTypeLib
SysStringLen
SysAllocStringLen
RegisterTypeLib
VariantClear
SysAllocString
VariantCopy
LoadTypeLib
SysFreeString
GetMessageA
SetWindowRgn
ReleaseDC
EndDialog
CreateDialogIndirectParamA
KillTimer
ShowWindow
SetWindowPos
CharLowerA
IsDialogMessageA
GetWindowRect
DispatchMessageA
SetDlgItemTextA
MoveWindow
PeekMessageA
TranslateMessage
CharUpperA
SetActiveWindow
GetDC
SystemParametersInfoA
SetWindowTextA
LoadStringA
SendMessageA
GetDlgItem
CharLowerBuffA
ScreenToClient
wsprintfA
SetTimer
LoadIconA
CharNextA
GetDesktopWindow
PostThreadMessageA
MsgWaitForMultipleObjects
GetWindowTextA
DialogBoxIndirectParamA
DestroyWindow
VerInstallFileA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
CoGetInterfaceAndReleaseStream
CoInitialize
CoTaskMemAlloc
CoRevokeClassObject
GetRunningObjectTable
CoCreateInstance
CoMarshalInterThreadInterfaceInStream
StringFromCLSID
CoUninitialize
CoCreateGuid
CoReleaseMarshalData
CoTaskMemFree
CoRegisterClassObject
StringFromGUID2
Number of PE resources by type
RT_STRING 33
RT_ICON 4
RT_DIALOG 2
RT_MANIFEST 1
TYPELIB 1
PUBLICKEY 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
ENGLISH US 4
TURKISH DEFAULT 4
SWEDISH 1
HUNGARIAN DEFAULT 1
CZECH DEFAULT 1
FRENCH 1
CHINESE SIMPLIFIED 1
SLOVENIAN DEFAULT 1
INDONESIAN DEFAULT 1
DUTCH 1
ITALIAN 1
CATALAN DEFAULT 1
FINNISH DEFAULT 1
SERBIAN CYRILLIC 1
PORTUGUESE BRAZILIAN 1
SPANISH 1
FRENCH CANADIAN 1
KOREAN 1
BASQUE DEFAULT 1
PORTUGUESE 1
GERMAN 1
BULGARIAN DEFAULT 1
POLISH DEFAULT 1
JAPANESE DEFAULT 1
DANISH DEFAULT 1
SLOVAK DEFAULT 1
GREEK DEFAULT 1
NORWEGIAN BOKMAL 1
CHINESE TRADITIONAL 1
THAI DEFAULT 1
SERBIAN DEFAULT 1
ROMANIAN 1
RUSSIAN 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.1.100.1248

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
InstallShield (R) Setup Launcher

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
43008

EntryPoint
0xb1cc

OriginalFileName
Setup.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 1990-2002 InstallShield Software Corporation

FileVersion
7, 01, 100, 1248

TimeStamp
2002:12:02 19:31:43+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ISPNickel

ProductVersion
7, 01

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
InstallShield Software Corporation

CodeSize
58880

ProductName
InstallShield (R)

ProductVersionNumber
7.1.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 7d2a060737f078f770041b65d852129b
SHA1 aeaf6f78ff3b003e8e5462be708fd79fb734d2e9
SHA256 c23e8174619bb97bcb7d639a4387cb033787dea7f5f1068b0c2d364dce3af0d6
ssdeep
786432:MkiJcviFMbaDsj7mpu6RykqRSD0AukhXCEx0mzY7rxdAhYdez:MkhjbKsmpuWsQRCE6mzYHxGhYdS

authentihash 70f997296bff4c3bc759694b962891bbb4b60c496a0d504a3c2d0158d98581f7
imphash 052531e33b73e689b62443a5a3b4e9d1
File size 24.6 MB ( 25840422 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.0%)
Win64 Executable (generic) (31.0%)
Windows screen saver (14.7%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Tags
peexe installshield overlay

VirusTotal metadata
First submission 2013-06-14 19:13:03 UTC ( 5 years, 5 months ago )
Last submission 2018-09-26 14:56:28 UTC ( 1 month, 3 weeks ago )
File names scrabble-575-jetelecharge.exe
ISPNickel
scrabble-575-jetelecharge.exe
scrabble-575-jetelecharge.exe
scrabble.exe
SCRABBLE_2005_demo_fr.exe
scrabble-575-jetelecharge.exe
scrabble-575-jetelecharge.exe
scrabble-575-jetelecharge.exe
Setup.exe
c23e8174619bb97bcb7d639a4387cb033787dea7f5f1068b0c2d364dce3af0d6
scrabble-575-jetelecharge.exe
scrabble-575-jetelecharge.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!