× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c4106e49d2075269d1ac332547bfe52fcd8a9612af10cc9ce316759ceaeb5e77
File name: CPUGuardianSetup.exe
Detection ratio: 39 / 68
Analysis date: 2018-06-16 08:48:45 UTC ( 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.6414025 20180616
AhnLab-V3 Malware/Gen.Generic.C1862706 20180615
ALYac Trojan.GenericKD.6414025 20180616
Antiy-AVL Trojan/Win32.BTSGeneric 20180616
Arcabit Trojan.Generic.D61DEC9 20180616
Avast Win32:Malware-gen 20180616
AVG Win32:Malware-gen 20180616
Avira (no cloud) PUA/CPUGuardian.B 20180615
AVware Trojan.Win32.Generic!BT 20180616
BitDefender Trojan.GenericKD.6414025 20180616
CAT-QuickHeal Downloader.Snojan 20180615
Cybereason malicious.15c02e 20180225
Cyren W32/Trojan.SKSI-5420 20180616
DrWeb Program.Unwanted.1939 20180616
Emsisoft Trojan.GenericKD.6414025 (B) 20180616
Endgame malicious (high confidence) 20180612
ESET-NOD32 a variant of MSIL/UwS.PCCleaningUtility.A 20180616
F-Secure Trojan.GenericKD.6414025 20180616
Fortinet W32/Snojan.GGJ!tr 20180616
GData Win32.Trojan.Agent.JLYZKU 20180616
K7AntiVirus Trojan ( 0051daf51 ) 20180616
K7GW Trojan ( 0051daf51 ) 20180616
Malwarebytes PUP.Optional.CPUGuardian 20180616
McAfee CPUGuardian 20180616
McAfee-GW-Edition CPUGuardian 20180616
Microsoft PUA:Win32/LittleRegClean 20180616
eScan Trojan.GenericKD.6414025 20180616
NANO-Antivirus Trojan.Win32.UwS.expqyg 20180616
Panda PUP/PCCleaner 20180616
Qihoo-360 Win32/Virus.842 20180616
Sophos AV Generic PUA EG (PUA) 20180616
Symantec Trojan.Gen.2 20180615
Tencent Msil.Risk.Uws.Amwb 20180616
TrendMicro TROJ_GEN.R002C0OCA18 20180616
TrendMicro-HouseCall TROJ_GEN.R002C0OCA18 20180616
VBA32 Downloader.Snojan 20180615
VIPRE Trojan.Win32.Generic!BT 20180616
Webroot Pua.Cpu.Guardian 20180616
Zillya Downloader.Snojan.Win32.344 20180615
AegisLab 20180616
Alibaba 20180615
Avast-Mobile 20180616
Babable 20180406
Baidu 20180615
Bkav 20180616
ClamAV 20180615
CMC 20180615
Comodo 20180616
CrowdStrike Falcon (ML) 20180530
Cylance 20180616
eGambit 20180616
F-Prot 20180616
Ikarus 20180615
Sophos ML 20180601
Jiangmin 20180616
Kaspersky 20180616
Kingsoft 20180616
MAX 20180616
Palo Alto Networks (Known Signatures) 20180616
Rising 20180616
SentinelOne (Static ML) 20180225
SUPERAntiSpyware 20180616
Symantec Mobile Insight 20180614
TACHYON 20180616
TheHacker 20180613
TotalDefense 20180616
Trustlook 20180616
ViRobot 20180616
Yandex 20180615
ZoneAlarm by Check Point 20180616
Zoner 20180615
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© 2017 CPU Guardian All Rights Reserved.

Product CPU Guardian
Original name CPUGuardianSetup.exe
Internal name CPU Guardian
File version 3.1.4.0
Description CPU Guardian
Comments CPU Guardian
Signature verification Signed file, verified signature
Signing date 2:03 PM 1/26/2017
Signers
[+] Secure Software Center
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer COMODO RSA Code Signing CA
Valid from 12:00 AM 09/04/2016
Valid to 11:59 PM 09/03/2017
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 252747FA9528A4F9D0E0ACBEBC3801CE9CAB90F0
Serial number 00 8D 27 C3 43 8C F7 30 E3 16 8E 8F 35 DF 89 7E 77
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 05/09/2013
Valid to 11:59 PM 05/08/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 01/19/2010
Valid to 11:59 PM 01/18/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] COMODO SHA-1 Time Stamping Signer
Status Valid
Issuer UTN-USERFirst-Object
Valid from 12:00 AM 12/31/2015
Valid to 06:40 PM 07/09/2019
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 03A5B14663EB12023091B84A6D6A68BC871DE66B
Serial number 16 88 F0 39 25 5E 63 8E 69 14 39 07 E6 33 0B
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 06:31 PM 07/09/1999
Valid to 06:40 PM 07/09/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
Packers identified
F-PROT NSIS, UTF-8
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-12-11 21:50:45
Entry Point 0x000032BF
Number of sections 5
PE sections
Overlays
MD5 9fb8c47266b32e4cfec908915d2d379c
File type data
Offset 184832
Size 2786832
Entropy 8.00
PE imports
RegDeleteKeyA
LookupPrivilegeValueA
RegCloseKey
RegDeleteValueA
OpenProcessToken
RegSetValueExA
RegQueryValueExA
AdjustTokenPrivileges
RegEnumKeyA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SelectObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetBkColor
DeleteObject
SetTextColor
GetLastError
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
FreeLibrary
CopyFileA
ExitProcess
SetFileTime
GlobalUnlock
GetModuleFileNameA
DeleteFileA
RemoveDirectoryA
GetShortPathNameA
GetCurrentProcess
LoadLibraryExA
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
ExpandEnvironmentStringsA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GlobalLock
GetFullPathNameA
GetModuleHandleA
GetTempPathA
CreateThread
lstrcmpiA
SetFilePointer
lstrcmpA
ReadFile
WriteFile
FindFirstFileA
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
GetSystemDirectoryA
GetDiskFreeSpaceA
MoveFileExA
GetProcAddress
SetEnvironmentVariableA
SetFileAttributesA
GetExitCodeProcess
MoveFileA
CreateProcessA
lstrcpyA
GlobalAlloc
SearchPathA
FindClose
Sleep
CreateFileA
GetTickCount
GetVersion
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
SHFileOperationA
EmptyClipboard
GetMessagePos
CharPrevA
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
GetClassInfoA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
MessageBoxIndirectA
LoadImageA
GetDlgItemTextA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
FindWindowExA
ReleaseDC
SystemParametersInfoA
CreatePopupMenu
wsprintfA
ShowWindow
SetClipboardData
IsWindowVisible
SendMessageA
DialogBoxParamA
GetClientRect
SetTimer
GetDlgItem
SetForegroundWindow
CreateDialogParamA
SetWindowTextA
EnableMenuItem
ScreenToClient
InvalidateRect
GetWindowLongA
SendMessageTimeoutA
CreateWindowExA
LoadCursorA
TrackPopupMenu
DrawTextA
DestroyWindow
FillRect
RegisterClassA
CharNextA
CallWindowProcA
GetSystemMenu
EndPaint
CloseClipboard
OpenClipboard
ExitWindowsEx
SetCursor
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_ICON 9
RT_DIALOG 3
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 15
PE resources
ExifTool file metadata
CodeSize
24576

SubsystemVersion
4.0

Comments
CPU Guardian

LinkerVersion
6.0

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
3.1.4.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
CPU Guardian

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
ASCII

InitializedDataSize
118784

EntryPoint
0x32bf

OriginalFileName
CPUGuardianSetup.exe

MIMEType
application/octet-stream

LegalCopyright
2017 CPU Guardian All Rights Reserved.

FileVersion
3.1.4.0

TimeStamp
2016:12:11 22:50:45+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
CPU Guardian

ProductVersion
3.1.4

UninitializedDataSize
1024

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
CPU Guardian

LegalTrademarks
Copyright 2017 CPU Guardian

ProductName
CPU Guardian

ProductVersionNumber
3.1.4.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 e7dd2b415c02ebaa99af2e80e80d569a
SHA1 296db2d9acc315190558d58e13ae6b5efb327827
SHA256 c4106e49d2075269d1ac332547bfe52fcd8a9612af10cc9ce316759ceaeb5e77
ssdeep
49152:RSJG7ETezB4ILlVR+JLcQi5Pse7roI9vR3+BgVCTpBKayV5ngi0qEKobj3n5Qi2U:RSJG7sezB4qlVRar0Pf7rpZR3+B9TpBL

authentihash f9df1d624b0e5c1316bb7911f638a418d24254890c744d12de224fb9825af33d
imphash 4f67aeda01a0484282e8c59006b0b352
File size 2.8 MB ( 2971664 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
nsis peexe signed overlay

VirusTotal metadata
First submission 2017-03-14 18:43:27 UTC ( 2 years, 1 month ago )
Last submission 2019-01-24 14:28:12 UTC ( 2 months, 3 weeks ago )
File names VirusShare_e7dd2b415c02ebaa99af2e80e80d569a
cpuguardiansetup.exe
CPU Guardian
6GeI1.tar
CPUGuardianSetup.exe
296db2d9acc315190558d58e13ae6b5efb327827
CPUGuardianSetup.exe
CPUGuardianSetup.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created mutexes
Runtime DLLs
UDP communications