× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c784a59cb2761d240ad0e6ca10a8bfe46ffd7539f8b04d70d71320e72d0e496e
File name: disk-defrag-setup.exe
Detection ratio: 3 / 69
Analysis date: 2019-03-21 10:38:05 UTC ( 1 month ago ) View latest
Antivirus Result Update
DrWeb Program.Unwanted.2486 20190321
eGambit Unsafe.AI_Score_89% 20190321
GData Win32.Application.Auslogics.C 20190321
Acronis 20190321
Ad-Aware 20190321
AegisLab 20190321
AhnLab-V3 20190321
Alibaba 20190306
ALYac 20190321
Antiy-AVL 20190321
Arcabit 20190321
Avast 20190321
Avast-Mobile 20190320
AVG 20190321
Avira (no cloud) 20190321
Babable 20180918
Baidu 20190318
BitDefender 20190321
Bkav 20190320
CAT-QuickHeal 20190320
ClamAV 20190321
CMC 20190321
Comodo 20190321
CrowdStrike Falcon (ML) 20190212
Cybereason 20190109
Cylance 20190321
Cyren 20190321
Emsisoft 20190321
Endgame 20190321
ESET-NOD32 20190321
F-Prot 20190321
F-Secure 20190321
Fortinet 20190321
Ikarus 20190321
Sophos ML 20190313
Jiangmin 20190321
K7AntiVirus 20190321
K7GW 20190321
Kaspersky 20190321
Kingsoft 20190321
Malwarebytes 20190321
MAX 20190321
McAfee 20190321
McAfee-GW-Edition 20190321
Microsoft 20190321
eScan 20190321
NANO-Antivirus 20190321
Palo Alto Networks (Known Signatures) 20190321
Panda 20190320
Qihoo-360 20190321
Rising 20190321
SentinelOne (Static ML) 20190317
Sophos AV 20190321
SUPERAntiSpyware 20190321
Symantec Mobile Insight 20190220
TACHYON 20190321
Tencent 20190321
TheHacker 20190320
TotalDefense 20190318
Trapmine 20190301
TrendMicro 20190321
TrendMicro-HouseCall 20190321
Trustlook 20190321
VBA32 20190321
VIPRE 20190320
ViRobot 20190321
Yandex 20190321
Zillya 20190320
ZoneAlarm by Check Point 20190321
Zoner 20190321
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2008-2019 Auslo˜gics Labs Pty Ltd

Product Ausl˜ogics Disk˜ Defrag
Original name disk-defrag-setupwt-ciniwin.exe
Internal name disk-defrag-setupwt-ciniwin
File version 8.x
Description Ausl˜ogics Disk˜ Defrag Installation File
Comments This installation was built with Inno Setup.
Signature verification Signed file, verified signature
Signing date 3:59 AM 2/21/2019
Signers
[+] Auslogics Labs Pty Ltd
Status Valid
Issuer DigiCert EV Code Signing CA (SHA2)
Valid from 12:00 AM 12/26/2017
Valid to 12:00 PM 02/25/2021
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 2D73486C9074B4E9CB477B3D34ACCA0C9C8C5029
Serial number 0C E3 39 3B 65 6B 06 DD 15 D5 8A 60 C4 C0 5D D7
[+] DigiCert EV Code Signing CA (SHA2)
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 12:00 PM 04/18/2012
Valid to 12:00 PM 04/18/2027
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 60EE3FC53D4BDFD1697AE5BEAE1CAB1C0F3AD4E3
Serial number 03 F1 B4 E1 5F 3A 82 F1 14 96 78 B3 D7 D8 47 5C
[+] DigiCert
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 12:00 AM 11/10/2006
Valid to 12:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
Serial number 02 AC 5C 26 6A 0B 40 9B 8F 0B 79 F2 AE 46 25 77
Counter signers
[+] Entrust Time Stamping Authority
Status Valid
Issuer Entrust Code Signing Certification Authority - L1D
Valid from 04:27 PM 11/09/2017
Valid to 04:57 PM 11/09/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 49033348E7B9EFD51AEDB7B9D2472B06C9D16E92
Serial number 00 D3 7A A6 DD B5 CC 32 DA 00 00 00 00 4C 18 16 3E
[+] Entrust Code Signing Certification Authority - L1D
Status Valid
Issuer Entrust.net Certification Authority (2048)
Valid from 03:41 PM 11/11/2011
Valid to 08:51 AM 11/12/2021
Valid usage All
Algorithm sha1RSA
Thumbrint D0D7578B7317228E31D42EDF356A7C64F1050473
Serial number 4C 0E 8C 3A
[+] Entrust (2048)
Status Valid
Issuer Entrust.net Certification Authority (2048)
Valid from 05:50 PM 12/24/1999
Valid to 02:15 PM 07/24/2029
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbrint 503006091D97D4F5AE39F7CBE7927D7D652D3431
Serial number 38 63 DE F8
Packers identified
F-PROT INNO, appended
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-04-06 14:39:04
Entry Point 0x000117DC
Number of sections 8
PE sections
Overlays
MD5 a5c046e7af837ac59aadcb70782eb8f4
File type data
Offset 151040
Size 12194256
Entropy 8.00
PE imports
RegCloseKey
OpenProcessToken
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
InitCommonControls
GetLastError
GetStdHandle
GetUserDefaultLangID
GetSystemInfo
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetThreadLocale
VirtualProtect
GetFileAttributesW
RtlUnwind
lstrlenW
GetExitCodeProcess
CreateProcessW
GetStartupInfoA
SizeofResource
GetWindowsDirectoryW
LocalAlloc
LockResource
GetDiskFreeSpaceW
GetCommandLineW
SetErrorMode
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
EnumCalendarInfoW
GetCPInfo
DeleteFileW
GetProcAddress
InterlockedCompareExchange
GetLocaleInfoW
lstrcpynW
RaiseException
WideCharToMultiByte
RemoveDirectoryW
SetFilePointer
GetSystemDirectoryW
GetFullPathNameW
ReadFile
GetEnvironmentVariableW
InterlockedExchange
CreateDirectoryW
WriteFile
GetCurrentProcess
CloseHandle
FindFirstFileW
GetACP
GetModuleHandleW
SignalObjectAndWait
SetEvent
FormatMessageW
LoadLibraryW
CreateEventW
GetVersion
LoadResource
FindResourceW
CreateFileW
VirtualQuery
VirtualFree
FindClose
TlsGetValue
Sleep
SetEndOfFile
TlsSetValue
ExitProcess
GetCurrentThreadId
VirtualAlloc
GetFileSize
SetLastError
ResetEvent
SysReAllocStringLen
SysFreeString
SysAllocStringLen
GetSystemMetrics
SetWindowLongW
MessageBoxW
PeekMessageW
LoadStringW
MessageBoxA
CreateWindowExW
MsgWaitForMultipleObjects
TranslateMessage
CharUpperBuffW
CallWindowProcW
CharNextW
GetKeyboardType
ExitWindowsEx
DispatchMessageW
DestroyWindow
Number of PE resources by type
RT_ICON 8
RT_STRING 6
RT_RCDATA 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 12
NEUTRAL 9
PE resources
ExifTool file metadata
SubsystemVersion
5.0

Comments
This installation was built with Inno Setup.

InitializedDataSize
83456

ImageVersion
6.0

ProductName
Ausl ogics Disk Defrag

FileVersionNumber
8.0.23.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Unicode

LinkerVersion
2.25

FileTypeExtension
exe

OriginalFileName
disk-defrag-setupwt-ciniwin.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
8.x

TimeStamp
2016:04:06 15:39:04+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
disk-defrag-setupwt-ciniwin

ProductVersion
8.0.23.0

FileDescription
Ausl ogics Disk Defrag Installation File

OSVersion
5.0

FileOS
Win32

LegalCopyright
Copyright 2008-2019 Auslo gics Labs Pty Ltd

MachineType
Intel 386 or later, and compatibles

CompanyName
Ausl ogics

CodeSize
66560

FileSubtype
0

ProductVersionNumber
8.0.23.0

EntryPoint
0x117dc

ObjectFileType
Executable application

PE resource-wise parents
File identification
MD5 c3ed6a72f59181bb06caa7e71c51ccc0
SHA1 2c81a6da764e70edbfdcfa44b6298805949148e7
SHA256 c784a59cb2761d240ad0e6ca10a8bfe46ffd7539f8b04d70d71320e72d0e496e
ssdeep
196608:U245xHuOuWH09ASjo1xWaMvi/KJgrJBFh+nGGp0kb02BFh4PAR2NqqV47bnBkv9k:r45xHuOuWH0968qPxhhGp0kJ34PUCqKy

authentihash 9b2dd8233452cb0478600b8b156ab27c77d769f4710a2ed33063787b092b7f74
imphash 20dd26497880c05caed9305b3c8b9109
File size 11.8 MB ( 12345296 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Delphi generic (52.9%)
Win32 Executable (generic) (16.8%)
Win16/32 Executable Delphi generic (7.7%)
OS/2 Executable (generic) (7.5%)
Generic Win/DOS Executable (7.4%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2019-02-21 15:32:45 UTC ( 2 months ago )
Last submission 2019-04-26 03:20:21 UTC ( 9 hours, 17 minutes ago )
File names disk-defrag-setup.exe
disk-defrag-setup du 21 02 2019.exe
disk-defrag-setup.exe
disk-defrag-setup-8.0.23.0.exe
disk-defrag-setup.exe
Auslogics Disk Defrag Free v8.0.23.0.exe
disk-defrag-setup (1).exe
disk-defrag-setup.exe
disk-defrag-setupwt-ciniwin
disk-defrag-setup.exe
auslogics-disk-defrag_8-0-23-0_en_26672.exe
disk-defrag-setup.exe
disk-defrag-setupwt-ciniwin.exe
disk-defrag-setup.exe
Auslogics-disk-defrag-setup.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections