× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c2e3e3efd3cb55d04df1084991f2bf7b136ed4594b9804c73e2bfcd4808e771c
File name: 39ff150e086eb6759f1724f9b664e32afcffebd1
Detection ratio: 11 / 49
Analysis date: 2014-03-27 18:33:47 UTC ( 3 years, 2 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.38707 20140327
AhnLab-V3 Trojan/Win32.Llac 20140327
AntiVir TR/Dropper.VB.Gen2 20140327
BitDefender Gen:Variant.Symmi.38707 20140327
Emsisoft Gen:Variant.Symmi.38707 (B) 20140327
ESET-NOD32 Win32/Spy.Zbot.AAO 20140327
GData Gen:Variant.Symmi.38707 20140327
Kaspersky HEUR:Trojan.Win32.Generic 20140327
McAfee-GW-Edition Heuristic.LooksLike.Win32.SuspiciousPE.N 20140327
eScan Gen:Variant.Symmi.38707 20140327
Panda Trj/Genetic.gen 20140327
AegisLab 20140327
Yandex 20140327
Antiy-AVL 20140327
Avast 20140327
AVG 20140327
Baidu-International 20140327
Bkav 20140327
ByteHero 20140327
CAT-QuickHeal 20140327
ClamAV 20140327
CMC 20140326
Commtouch 20140327
Comodo 20140327
DrWeb 20140327
F-Prot 20140327
F-Secure 20140327
Fortinet 20140327
Ikarus 20140327
Jiangmin 20140327
K7AntiVirus 20140327
K7GW 20140326
Kingsoft 20140327
Malwarebytes 20140327
McAfee 20140327
Microsoft 20140327
NANO-Antivirus 20140327
Norman 20140327
nProtect 20140327
Qihoo-360 20140324
Rising 20140327
Sophos 20140327
SUPERAntiSpyware 20140327
Symantec 20140327
TheHacker 20140327
TotalDefense 20140327
TrendMicro 20140327
TrendMicro-HouseCall 20140327
VBA32 20140327
VIPRE 20140327
ViRobot 20140327
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Publisher Microsoft Corporation
Product Windows® Internet Explorer
Original name ieinstal.exe
Internal name ieinstal.exe
File version 10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)
Description Internet Explorer Add-on Installer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-04-25 08:01:16
Entry Point 0x000A20BE
Number of sections 7
PE sections
PE imports
GetOpenFileNameA
GetSaveFileNameA
CreateDCA
DeleteDC
SelectObject
CreatePalette
CreateDIBitmap
SelectPalette
BitBlt
CreateCompatibleDC
DeleteObject
RealizePalette
FreeConsole
ReleaseMutex
WaitForSingleObject
HeapDestroy
SetFileTime
GetFileAttributesW
GetLocalTime
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
SetErrorMode
FreeEnvironmentStringsW
GetThreadContext
GetLocaleInfoW
SetStdHandle
GetFileTime
GetTempPathA
WideCharToMultiByte
WaitForDebugEvent
InterlockedExchange
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
MoveFileA
ResumeThread
GetExitCodeProcess
GetEnvironmentVariableA
OutputDebugStringW
FindClose
TlsGetValue
FormatMessageA
GetFullPathNameW
OutputDebugStringA
SetLastError
DeviceIoControl
InitializeCriticalSection
CopyFileW
WriteProcessMemory
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
FlushFileBuffers
GetModuleFileNameA
EnumSystemLocalesA
GetPrivateProfileStringA
SetConsoleCtrlHandler
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FatalAppExitA
SetFilePointerEx
CreateMutexA
GetModuleHandleA
GlobalAddAtomW
CreateDirectoryExW
CreateThread
MoveFileExW
GlobalAddAtomA
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
SetEnvironmentVariableA
SetThreadContext
TerminateProcess
SetCurrentDirectoryW
GlobalAlloc
DebugActiveProcess
SearchPathA
VirtualQueryEx
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GlobalGetAtomNameW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
GetFileSize
LCMapStringW
DeleteFileA
GetWindowsDirectoryA
GetStartupInfoW
ReadProcessMemory
SetEvent
DeleteFileW
GetUserDefaultLCID
VirtualProtectEx
GetProcessHeap
GetTempFileNameW
CompareStringW
RemoveDirectoryW
GetFileInformationByHandle
FindNextFileW
CreateDirectoryW
GetTimeFormatA
GetTempFileNameA
CreateFileMappingA
FindFirstFileW
IsValidLocale
DuplicateHandle
GetProcAddress
GetTimeZoneInformation
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
GlobalDeleteAtom
GetShortPathNameW
HeapCreate
GlobalFree
GetConsoleCP
GlobalGetAtomNameA
GetEnvironmentStringsW
GlobalUnlock
GetShortPathNameA
GetCurrentDirectoryW
WritePrivateProfileStringA
GetCurrentProcessId
GetDiskFreeSpaceExW
ContinueDebugEvent
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
InterlockedCompareExchange
GetCurrentThread
OpenMutexA
SuspendThread
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GlobalLock
GetModuleHandleW
GetFileAttributesExW
CreateProcessA
IsValidCodePage
UnmapViewOfFile
WriteFile
Sleep
IsBadReadPtr
SetThreadPriority
VirtualAlloc
SHGetSpecialFolderPathA
GetMessageA
PackDDElParam
UpdateWindow
SetPropA
BeginPaint
EnumWindows
DefWindowProcW
CreateDialogIndirectParamA
KillTimer
FindWindowA
DefWindowProcA
ShowWindow
GetPropA
GetWindowThreadProcessId
FreeDDElParam
GetSystemMetrics
IsWindow
DispatchMessageA
EndPaint
PostMessageA
MoveWindow
MessageBoxA
PeekMessageA
TranslateMessage
DialogBoxParamA
PostMessageW
RegisterClassExA
GetAsyncKeyState
DrawTextA
SetWindowTextA
SendMessageW
LoadStringA
RegisterClassW
SendMessageA
LoadStringW
SetTimer
GetDlgItem
CreateDialogParamA
RegisterClassA
InSendMessage
GetWindowTextLengthA
CreateWindowExA
LoadCursorA
DefDlgProcA
EnumThreadWindows
WaitForInputIdle
GetDesktopWindow
IsWindowUnicode
UnpackDDElParam
CreateWindowExW
GetWindowTextA
DestroyWindow
Number of PE resources by type
RT_ICON 3
OJGICTM 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 6
ENGLISH US 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
1323008

ImageVersion
1.0

ProductName
Windows Internet Explorer

FileVersionNumber
10.0.9200.16521

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
83.82

OriginalFilename
ieinstal.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)

TimeStamp
2013:04:25 09:01:16+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ieinstal.exe

FileAccessDate
2014:03:27 19:30:28+01:00

ProductVersion
10.00.9200.16521

FileDescription
Internet Explorer Add-on Installer

OSVersion
4.0

FileCreateDate
2014:03:27 19:30:28+01:00

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
819200

FileSubtype
0

ProductVersionNumber
10.0.9200.16521

Warning
Possibly corrupt Version resource

EntryPoint
0xa20be

ObjectFileType
Executable application

File identification
MD5 6f06c5ed6962fc7d958e9f23864492ba
SHA1 39ff150e086eb6759f1724f9b664e32afcffebd1
SHA256 c2e3e3efd3cb55d04df1084991f2bf7b136ed4594b9804c73e2bfcd4808e771c
ssdeep
49152:iWxlLOOT6QxjfiQSWgedk+PhO+gejlXszMQ:iWZ1fiLQk+Q+ZszMQ

imphash a9dfa3363d8e044cb38536d273bb593d
File size 2.0 MB ( 2147383 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-03-27 18:33:47 UTC ( 3 years, 2 months ago )
Last submission 2014-03-27 18:33:47 UTC ( 3 years, 2 months ago )
File names 39ff150e086eb6759f1724f9b664e32afcffebd1
ieinstal.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.