× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cb73a65f9b59f6164df0e0fe49ae84416f5cfe81f8e32bda714439e73b3361e9
File name: 814824
Detection ratio: 0 / 56
Analysis date: 2016-03-11 05:01:18 UTC ( 2 years, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware 20160311
AegisLab 20160311
Yandex 20160310
AhnLab-V3 20160310
Alibaba 20160310
ALYac 20160311
Antiy-AVL 20160311
Arcabit 20160311
Avast 20160311
AVG 20160311
AVware 20160311
Baidu 20160310
Baidu-International 20160310
BitDefender 20160311
Bkav 20160310
ByteHero 20160311
CAT-QuickHeal 20160311
ClamAV 20160310
CMC 20160307
Comodo 20160311
Cyren 20160311
DrWeb 20160311
Emsisoft 20160311
ESET-NOD32 20160311
F-Prot 20160311
F-Secure 20160311
Fortinet 20160311
GData 20160311
Ikarus 20160310
Jiangmin 20160311
K7AntiVirus 20160310
K7GW 20160310
Kaspersky 20160311
Malwarebytes 20160311
McAfee 20160311
McAfee-GW-Edition 20160311
Microsoft 20160311
eScan 20160311
NANO-Antivirus 20160311
nProtect 20160310
Panda 20160310
Qihoo-360 20160311
Rising 20160311
Sophos AV 20160311
SUPERAntiSpyware 20160310
Symantec 20160310
Tencent 20160311
TheHacker 20160310
TotalDefense 20160311
TrendMicro 20160311
TrendMicro-HouseCall 20160311
VBA32 20160310
VIPRE 20160311
ViRobot 20160311
Zillya 20160310
Zoner 20160311
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (c) 2012 Flexera Software LLC. All Rights Reserved.

Product ADManager Plus
Original name InstallShield Setup.exe
Internal name Setup
File version 6.3
Description InstallScript Setup Launcher
Signature verification Signed file, verified signature
Signing date 3:25 PM 3/9/2016
Signers
[+] ZOHO Corporation
Status This certificate or one of the certificates in the certificate chain is not time valid., Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer COMODO RSA Code Signing CA
Valid from 12:00 AM 12/21/2014
Valid to 11:59 PM 12/20/2017
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 10EEAED7ED307812847DB1B4DDDB048E741E8481
Serial number 00 E1 D8 BF 8B 0B AE 09 43 4B A1 52 B6 44 03 5A 49
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 11:00 PM 05/08/2013
Valid to 10:59 PM 05/08/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 01/19/2010
Valid to 11:59 PM 01/18/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] COMODO SHA-1 Time Stamping Signer
Status Valid
Issuer UTN-USERFirst-Object
Valid from 12:00 AM 12/31/2015
Valid to 05:40 PM 07/09/2019
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 03A5B14663EB12023091B84A6D6A68BC871DE66B
Serial number 16 88 F0 39 25 5E 63 8E 69 14 39 07 E6 33 0B
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 05:31 PM 07/09/1999
Valid to 05:40 PM 07/09/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-09-09 23:28:54
Entry Point 0x0003DF7D
Number of sections 4
PE sections
Overlays
MD5 2bbb2e6e09a56d5e2e8a246dfd0e1e6a
File type data
Offset 807424
Size 74309808
Entropy 7.99
PE imports
RegCreateKeyExW
SetSecurityDescriptorOwner
RegCloseKey
RegQueryValueExA
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW
SetSecurityDescriptorDacl
OpenProcessToken
RegEnumKeyW
RegOpenKeyW
RegOpenKeyExA
GetTokenInformation
RegOpenKeyExW
RegEnumKeyExW
OpenThreadToken
RegEnumValueW
RegSetValueExW
FreeSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
EqualSid
SetSecurityDescriptorGroup
GetDIBColorTable
SetMapMode
TextOutW
GetSystemPaletteEntries
CreateHalftonePalette
PlayMetaFile
SaveDC
SetStretchBltMode
GetDeviceCaps
TranslateCharsetInfo
DeleteDC
RestoreDC
SetBkMode
CreateFontIndirectW
CreateBitmap
SetMetaFileBitsEx
SetPixel
SetWindowOrgEx
GetObjectW
BitBlt
RealizePalette
SetTextColor
CreatePatternBrush
GetTextExtentPoint32W
CreateDCW
CreatePalette
GetStockObject
CreateDIBitmap
SetViewportOrgEx
SelectPalette
UnrealizeObject
SelectClipRgn
CreateCompatibleDC
StretchBlt
CreateRectRgn
SelectObject
PatBlt
SetWindowExtEx
CreateSolidBrush
SetViewportExtEx
SetBkColor
DeleteObject
CreateCompatibleBitmap
DeleteMetaFile
GetPrivateProfileSectionNamesA
GetStdHandle
GetDriveTypeW
ReleaseMutex
WaitForSingleObject
HeapDestroy
GetFileAttributesW
lstrcmpW
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
lstrcatW
GetThreadContext
GetLocaleInfoW
SetStdHandle
GetFileTime
WideCharToMultiByte
LoadLibraryW
GetStringTypeA
GetDiskFreeSpaceW
InterlockedExchange
FindResourceExW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
LocalFree
FormatMessageW
ResumeThread
GetEnvironmentVariableA
LoadResource
FindClose
InterlockedDecrement
SetFileAttributesW
SetLastError
InitializeCriticalSection
GetUserDefaultLangID
GetModuleFileNameW
HeapAlloc
VerLanguageNameW
GetModuleFileNameA
GetVersionExA
lstrcmpiW
RaiseException
GetPrivateProfileStringA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
FlushInstructionCache
GetModuleHandleA
CreateThread
MoveFileExW
GetSystemDirectoryW
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
ExitThread
SetThreadContext
TerminateProcess
SearchPathW
GetVersion
SetCurrentDirectoryW
VirtualQuery
GetCurrentThreadId
LeaveCriticalSection
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
GetWindowsDirectoryW
GetFileSize
WriteProcessMemory
OpenProcess
GetPrivateProfileIntA
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetPrivateProfileIntW
VirtualProtectEx
GetProcessHeap
GetTempFileNameW
CreateFileMappingW
CompareStringW
lstrcpyW
RemoveDirectoryW
ExpandEnvironmentStringsW
lstrcmpA
FindNextFileW
lstrcpyA
GetTimeFormatA
ResetEvent
FindFirstFileW
IsValidLocale
DuplicateHandle
GlobalLock
SetEvent
GetTempPathW
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
HeapCreate
GetSystemInfo
lstrlenA
GlobalFree
FindResourceW
LCMapStringA
GetProcessTimes
GetEnvironmentStringsW
GlobalUnlock
GlobalAlloc
lstrlenW
VirtualFree
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
GetCurrentThread
lstrcpynW
GetSystemDefaultLangID
QueryPerformanceFrequency
MapViewOfFile
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
FreeResource
GetEnvironmentStrings
CompareFileTime
UnmapViewOfFile
WriteFile
CreateProcessW
Sleep
IsBadReadPtr
IsBadCodePtr
VirtualAlloc
GetOEMCP
CompareStringA
LZOpenFileW
LZCopy
LZClose
VariantChangeType
SysStringLen
SysAllocStringLen
VariantClear
SysAllocString
SysReAllocStringLen
GetErrorInfo
SysFreeString
UuidCreate
UuidToStringW
RpcStringFreeW
SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetPathFromIDListW
SetFocus
MapWindowPoints
GetParent
CreateDialogIndirectParamW
ReleaseDC
IntersectRect
EndDialog
BeginPaint
DefWindowProcW
MoveWindow
GetWindowTextW
GetPropW
GetMessageW
ShowWindow
EnableWindow
SetPropW
GetSystemMetrics
SetWindowLongW
MessageBoxW
PeekMessageW
GetWindowRect
InflateRect
EndPaint
IsWindow
UpdateWindow
CharUpperW
EnumChildWindows
GetWindowDC
DrawIcon
TranslateMessage
IsWindowEnabled
GetWindow
PostMessageW
GetSysColor
DispatchMessageW
SetActiveWindow
GetDC
GetWindowLongW
CreateDialogParamW
MapDialogRect
SendMessageW
DrawFocusRect
SendDlgItemMessageW
FindWindowExW
IsWindowVisible
LoadStringW
SetWindowTextW
GetDlgItem
RemovePropW
SystemParametersInfoW
CallWindowProcW
SetWindowPos
EnableMenuItem
ScreenToClient
InvalidateRect
wsprintfA
LoadImageW
GetClassNameW
DialogBoxIndirectParamW
FillRect
CopyRect
WaitForInputIdle
SetDlgItemTextW
GetDesktopWindow
IsDialogMessageW
LoadIconW
RegisterClassExW
CreateWindowExW
MsgWaitForMultipleObjects
wsprintfW
SetForegroundWindow
GetDlgItemTextW
DrawTextW
DestroyWindow
ExitWindowsEx
GetClientRect
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
Ord(169)
Ord(137)
Ord(8)
Ord(141)
Ord(88)
CoInitializeEx
CoUninitialize
CoInitializeSecurity
Number of PE resources by type
RT_STRING 25
RT_DIALOG 23
RT_ICON 11
RT_BITMAP 6
RT_GROUP_ICON 3
RT_MANIFEST 1
GIF 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 45
ENGLISH US 26
PE resources
ExifTool file metadata
FileTypeExtension
exe

UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

ProductName
ADManager Plus

FileVersionNumber
6.3.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

LegalCopyright
Copyright (c) 2012 Flexera Software LLC. All Rights Reserved.

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
389120

InternalBuildNumber
120108

OriginalFileName
InstallShield Setup.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.3

TimeStamp
2012:09:10 01:28:54+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
Setup

SubsystemVersion
5.0

ProductVersion
6.3

FileDescription
InstallScript Setup Launcher

ISInternalDescription
InstallScript Setup Launcher

OSVersion
4.0

FileOS
Win32

ISInternalVersion
19.0.185

MachineType
Intel 386 or later, and compatibles

CompanyName
ZOHO Corp

CodeSize
417280

FileSubtype
0

ProductVersionNumber
6.3.0.0

EntryPoint
0x3df7d

ObjectFileType
Dynamic link library

File identification
MD5 cabe4a78c32a6efc558174e6977afef6
SHA1 72973a46e464ce53c90c55ae7c12d93001a99f7f
SHA256 cb73a65f9b59f6164df0e0fe49ae84416f5cfe81f8e32bda714439e73b3361e9
ssdeep
1572864:UtGgJk45NKHhQMdTMtF4bcxC77NGYaxjko/jW6jpCDACY3:UAnSNBMdTMtF4cxYIYYj/9pIAv

authentihash 78d2b93808cdbf0fd2a25c4dc3b643e0b22559de88982ff7423b3f6c0330c81d
imphash bfecaaab94acbf4570f22de5aced082c
File size 71.6 MB ( 75117232 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID DirectShow filter (39.0%)
Windows ActiveX control (22.5%)
Win32 EXE PECompact compressed (v2.x) (11.4%)
InstallShield setup (8.3%)
Win32 EXE PECompact compressed (generic) (8.0%)
Tags
revoked-cert peexe signed overlay

VirusTotal metadata
First submission 2016-03-11 05:01:18 UTC ( 2 years, 11 months ago )
Last submission 2016-03-11 05:01:18 UTC ( 2 years, 11 months ago )
File names InstallShield Setup.exe
Setup
CB73A65F9B59F6164DF0E0FE49AE84416F5CFE81F8E32BDA714439E73B3361E9.exe
814824
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!