× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c3bbf90e0fc944be057e7dac0ff2525ff984f99d0035d9d96fce402bba9fcabe
File name: 8212b1171cb30affd7fe968c5068af069e39d65a
Detection ratio: 33 / 57
Analysis date: 2016-03-25 08:35:18 UTC ( 2 years, 12 months ago ) View latest
Antivirus Result Update
AegisLab Pua.Installcore.Diur!c 20160325
Yandex PUA.InstallCore! 20160316
Antiy-AVL GrayWare[Adware]/Win32.installcore.acp.gen 20160325
AVG InstallCore.ATA 20160325
Avira (no cloud) PUA/InstallCore.diur 20160325
Baidu-International Adware.Win32.InstallCore.ACZ 20160324
Bkav W32.HfsAdware.D8CB 20160324
CAT-QuickHeal Adware.InstallCore.A8 20160325
Comodo Application.Win32.InstallCore.ASD 20160325
Cyren W32/InstallCore.BD.gen!Eldorado 20160325
DrWeb Trojan.InstallCore.593 20160325
ESET-NOD32 a variant of Win32/InstallCore.ACZ potentially unwanted 20160325
F-Prot W32/InstallCore.BD.gen!Eldorado 20160325
Fortinet Riskware/InstallCore 20160325
GData Win32.Adware.InstallCore.GF 20160325
Ikarus PUA.InstallCore 20160325
Jiangmin Downloader.Agent.lt 20160325
K7AntiVirus Adware ( 004d2ae11 ) 20160325
K7GW Adware ( 004d2ae11 ) 20160323
Malwarebytes PUP.Optional.InstallCore 20160325
McAfee Artemis!DE5F04783E17 20160325
McAfee-GW-Edition Artemis 20160325
NANO-Antivirus Trojan.Win32.InstallCore.dzmpvl 20160324
Panda PUP/Multitoolbar 20160324
Qihoo-360 QVM06.1.Malware.Gen 20160325
Rising PE:Adware.InstallCore!1.A30C [F] 20160325
Sophos AV Install Core Click run software (PUA) 20160325
SUPERAntiSpyware PUP.InstallCore/Variant 20160325
Symantec SAPE.Heur.9B410 20160325
VBA32 Malware-Cryptor.InstallCore.gen 20160324
VIPRE InstallCore (fs) 20160325
ViRobot Adware.Installcore.811456.B[h] 20160325
Zillya Adware.OutBrowse.Win32.63040 20160324
Ad-Aware 20160325
AhnLab-V3 20160325
Alibaba 20160323
ALYac 20160325
Arcabit 20160325
Avast 20160325
Baidu 20160324
BitDefender 20160325
ByteHero 20160325
ClamAV 20160325
CMC 20160322
Emsisoft 20160325
F-Secure 20160325
Kaspersky 20160325
Kingsoft 20160325
Microsoft 20160325
eScan 20160325
nProtect 20160324
Tencent 20160325
TheHacker 20160325
TotalDefense 20160325
TrendMicro 20160325
TrendMicro-HouseCall 20160325
Zoner 20160325
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright

Product Prog
File version 2.3.1.4
Description Prog Setup
Comments This installation was built with Inno Setup.
Signature verification Certificate out of its validity period
Signers
[+] BeamPlatform (Fried Cookie Ltd.)
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer GlobalSign CodeSigning CA - G2
Valid from 6:23 PM 3/9/2015
Valid to 6:23 PM 3/9/2016
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint DCBAFE21C294BE0C83212428E20D00CD05A1430E
Serial number 11 21 3D 8E DB FF A7 EB 9B 72 DF 87 8D 24 15 D5 69 9E
[+] GlobalSign CodeSigning CA - G2
Status Valid
Issuer GlobalSign Root CA
Valid from 11:00 AM 4/13/2011
Valid to 11:00 AM 4/13/2019
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 9000401777DD2B43393D7B594D2FF4CBA4516B38
Serial number 04 00 00 00 00 01 2F 4E E1 35 5C
[+] GlobalSign
Status Valid
Issuer GlobalSign Root CA
Valid from 1:00 PM 9/1/1998
Valid to 1:00 PM 1/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbprint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
Packers identified
F-PROT INNO, appended
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0000A5F8
Number of sections 8
PE sections
Overlays
MD5 9e179366929cc82602506812c250ce81
File type data
Offset 56832
Size 754624
Entropy 7.94
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
CreateDirectoryA
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetLocaleInfoA
LocalAlloc
LockResource
IsDBCSLeadByte
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
CloseHandle
GetACP
GetFullPathNameA
LocalFree
CreateProcessA
GetModuleFileNameA
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
FindResourceA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 4
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
DUTCH 4
ENGLISH US 3
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
This installation was built with Inno Setup.

LinkerVersion
2.25

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
17920

EntryPoint
0xa5f8

MIMEType
application/octet-stream

FileVersion
2.3.1.4

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

ProductVersion
1.4

FileDescription
Prog Setup

OSVersion
1.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Web Installer

CodeSize
40448

ProductName
Prog

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 de5f04783e170e866fd619ef7ca647cc
SHA1 3646e4357c6cc54358e6606f83d17efcdbd7e60e
SHA256 c3bbf90e0fc944be057e7dac0ff2525ff984f99d0035d9d96fce402bba9fcabe
ssdeep
24576:2vf+AtpB8/DYamGgAVg/364bCAejeYUedAOud8NT:2Xttv8LY2VVg/Pbx+/dAW

authentihash e453dee853d648a002e94a1aebd6cd449ff66c9773afa420b2397f3a18148461
imphash 884310b1928934402ea6fec1dbd3cf5e
File size 792.4 KB ( 811456 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Delphi generic (57.2%)
Win32 Executable (generic) (18.2%)
Win16/32 Executable Delphi generic (8.3%)
Generic Win/DOS Executable (8.0%)
DOS Executable Generic (8.0%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2015-11-03 21:37:45 UTC ( 3 years, 4 months ago )
Last submission 2016-02-01 01:22:18 UTC ( 3 years, 1 month ago )
File names NICWatcherSetup.exe
8212b1171cb30affd7fe968c5068af069e39d65a
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests
UDP communications