× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c23e8174619bb97bcb7d639a4387cb033787dea7f5f1068b0c2d364dce3af0d6
File name: scrabble-575-jetelecharge.exe
Detection ratio: 0 / 69
Analysis date: 2018-09-26 14:56:28 UTC ( 6 months, 4 weeks ago ) View latest
Antivirus Result Update
Ad-Aware 20180926
AegisLab 20180926
AhnLab-V3 20180926
Alibaba 20180921
ALYac 20180926
Antiy-AVL 20180926
Arcabit 20180926
Avast 20180926
Avast-Mobile 20180926
AVG 20180926
Avira (no cloud) 20180926
AVware 20180925
Babable 20180918
Baidu 20180926
BitDefender 20180926
Bkav 20180925
CAT-QuickHeal 20180923
ClamAV 20180926
CMC 20180926
Comodo 20180926
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20180926
Cyren 20180926
DrWeb 20180926
eGambit 20180926
Emsisoft 20180926
Endgame 20180730
ESET-NOD32 20180926
F-Prot 20180926
F-Secure 20180926
Fortinet 20180926
GData 20180926
Ikarus 20180926
Sophos ML 20180717
Jiangmin 20180926
K7AntiVirus 20180926
K7GW 20180926
Kaspersky 20180926
Kingsoft 20180926
Malwarebytes 20180926
MAX 20180926
McAfee 20180926
McAfee-GW-Edition 20180926
Microsoft 20180927
eScan 20180926
NANO-Antivirus 20180926
Palo Alto Networks (Known Signatures) 20180926
Panda 20180926
Qihoo-360 20180926
Rising 20180926
SentinelOne (Static ML) 20180926
Sophos AV 20180926
SUPERAntiSpyware 20180907
Symantec 20180925
Symantec Mobile Insight 20180924
TACHYON 20180926
Tencent 20180926
TheHacker 20180924
TotalDefense 20180925
TrendMicro 20180926
TrendMicro-HouseCall 20180926
Trustlook 20180926
VBA32 20180926
VIPRE 20180926
ViRobot 20180926
Webroot 20180926
Yandex 20180926
Zillya 20180926
ZoneAlarm by Check Point 20180925
Zoner 20180926
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 1990-2002 InstallShield Software Corporation

Product InstallShield (R)
Original name Setup.exe
Internal name ISPNickel
File version 7, 01, 100, 1248
Description InstallShield (R) Setup Launcher
Packers identified
PEiD InstallShield Custom
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-12-02 18:31:43
Entry Point 0x0000B1CC
Number of sections 4
PE sections
Overlays
MD5 1fc8dea65bb5ff0bbfd332ab440fbb41
File type data
Offset 102912
Size 25737510
Entropy 7.98
PE imports
GetTokenInformation
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
OpenProcessToken
RegQueryValueA
FreeSid
RegQueryValueExA
AllocateAndInitializeSid
OpenThreadToken
RegSetValueExA
EqualSid
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExA
GetObjectA
CreateFontIndirectA
GetTextExtentPoint32A
DeleteObject
LPtoDP
ReleaseMutex
GetFileAttributesA
WaitForSingleObject
HeapDestroy
DebugBreak
DeleteCriticalSection
GetCurrentProcess
lstrcatA
SetErrorMode
FindResourceExA
WideCharToMultiByte
WriteFile
HeapReAlloc
SetEvent
MoveFileA
InitializeCriticalSection
LoadResource
FindClose
InterlockedDecrement
SetLastError
ExitProcess
RemoveDirectoryA
GetPrivateProfileStringA
MultiByteToWideChar
CreateMutexA
GetModuleHandleA
CreateThread
VirtualQuery
SearchPathA
GetVersion
LeaveCriticalSection
HeapFree
EnterCriticalSection
lstrcmpiA
FreeLibrary
QueryPerformanceCounter
GetTickCount
VirtualProtect
GetVersionExA
LoadLibraryA
GetStartupInfoA
GetFileSize
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GlobalLock
CompareStringW
lstrcmpA
FindFirstFileA
lstrcpyA
CompareStringA
GetTempFileNameA
CreateFileMappingA
GetProcAddress
GetModuleFileNameA
CreateEventA
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
SystemTimeToFileTime
UnmapViewOfFile
GetSystemInfo
lstrlenA
GlobalFree
GlobalUnlock
GlobalAlloc
lstrlenW
GetShortPathNameA
SizeofResource
WritePrivateProfileStringA
LockResource
GetCommandLineA
GetCurrentThread
GetTempPathA
GetSystemDefaultLangID
QueryPerformanceFrequency
MapViewOfFile
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetCurrentThreadId
FindResourceA
CreateProcessA
HeapCreate
Sleep
IsBadReadPtr
OpenEventA
ResetEvent
LZCopy
LZClose
LZOpenFileA
LoadRegTypeLib
SysStringLen
SysAllocStringLen
RegisterTypeLib
VariantClear
SysAllocString
VariantCopy
LoadTypeLib
SysFreeString
GetMessageA
SetWindowRgn
ReleaseDC
EndDialog
CreateDialogIndirectParamA
KillTimer
ShowWindow
SetWindowPos
CharLowerA
IsDialogMessageA
GetWindowRect
DispatchMessageA
SetDlgItemTextA
MoveWindow
PeekMessageA
TranslateMessage
CharUpperA
SetActiveWindow
GetDC
SystemParametersInfoA
SetWindowTextA
LoadStringA
SendMessageA
GetDlgItem
CharLowerBuffA
ScreenToClient
wsprintfA
SetTimer
LoadIconA
CharNextA
GetDesktopWindow
PostThreadMessageA
MsgWaitForMultipleObjects
GetWindowTextA
DialogBoxIndirectParamA
DestroyWindow
VerInstallFileA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
CoGetInterfaceAndReleaseStream
CoInitialize
CoTaskMemAlloc
CoRevokeClassObject
GetRunningObjectTable
CoCreateInstance
CoMarshalInterThreadInterfaceInStream
StringFromCLSID
CoUninitialize
CoCreateGuid
CoReleaseMarshalData
CoTaskMemFree
CoRegisterClassObject
StringFromGUID2
Number of PE resources by type
RT_STRING 33
RT_ICON 4
RT_DIALOG 2
RT_MANIFEST 1
TYPELIB 1
PUBLICKEY 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
ENGLISH US 4
TURKISH DEFAULT 4
SWEDISH 1
PORTUGUESE 1
CZECH DEFAULT 1
FRENCH 1
CHINESE SIMPLIFIED 1
SLOVENIAN DEFAULT 1
INDONESIAN DEFAULT 1
DUTCH 1
ITALIAN 1
CATALAN DEFAULT 1
FINNISH DEFAULT 1
SERBIAN CYRILLIC 1
PORTUGUESE BRAZILIAN 1
SPANISH 1
FRENCH CANADIAN 1
KOREAN 1
BASQUE DEFAULT 1
HUNGARIAN DEFAULT 1
GERMAN 1
BULGARIAN DEFAULT 1
POLISH DEFAULT 1
JAPANESE DEFAULT 1
DANISH DEFAULT 1
SLOVAK DEFAULT 1
GREEK DEFAULT 1
NORWEGIAN BOKMAL 1
CHINESE TRADITIONAL 1
THAI DEFAULT 1
SERBIAN DEFAULT 1
ROMANIAN 1
RUSSIAN 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
43008

ImageVersion
0.0

ProductName
InstallShield (R)

FileVersionNumber
7.1.100.1248

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
Setup.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
7, 01, 100, 1248

TimeStamp
2002:12:02 19:31:43+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ISPNickel

ProductVersion
7, 01

FileDescription
InstallShield (R) Setup Launcher

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) 1990-2002 InstallShield Software Corporation

MachineType
Intel 386 or later, and compatibles

CompanyName
InstallShield Software Corporation

CodeSize
58880

FileSubtype
0

ProductVersionNumber
7.1.0.0

EntryPoint
0xb1cc

ObjectFileType
Executable application

File identification
MD5 7d2a060737f078f770041b65d852129b
SHA1 aeaf6f78ff3b003e8e5462be708fd79fb734d2e9
SHA256 c23e8174619bb97bcb7d639a4387cb033787dea7f5f1068b0c2d364dce3af0d6
ssdeep
786432:MkiJcviFMbaDsj7mpu6RykqRSD0AukhXCEx0mzY7rxdAhYdez:MkhjbKsmpuWsQRCE6mzYHxGhYdS

authentihash 70f997296bff4c3bc759694b962891bbb4b60c496a0d504a3c2d0158d98581f7
imphash 052531e33b73e689b62443a5a3b4e9d1
File size 24.6 MB ( 25840422 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.0%)
Win64 Executable (generic) (31.0%)
Windows screen saver (14.7%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Tags
peexe installshield overlay

VirusTotal metadata
First submission 2013-06-14 19:13:03 UTC ( 5 years, 10 months ago )
Last submission 2018-09-26 14:56:28 UTC ( 6 months, 4 weeks ago )
File names scrabble-575-jetelecharge.exe
ISPNickel
scrabble-575-jetelecharge.exe
scrabble-575-jetelecharge.exe
scrabble.exe
SCRABBLE_2005_demo_fr.exe
scrabble-575-jetelecharge.exe
scrabble-575-jetelecharge.exe
scrabble-575-jetelecharge.exe
Setup.exe
c23e8174619bb97bcb7d639a4387cb033787dea7f5f1068b0c2d364dce3af0d6
scrabble-575-jetelecharge.exe
scrabble-575-jetelecharge.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!