× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ce148294ec4d9ec2d2354b89c84583502ccfad30b036f6e4aede227eee1a4114
File name: Setup
Detection ratio: 0 / 60
Analysis date: 2017-11-08 22:44:05 UTC ( 1 year, 6 months ago )
Antivirus Result Update
Ad-Aware 20171109
AegisLab 20171109
AhnLab-V3 20171109
Alibaba 20170911
ALYac 20171109
Antiy-AVL 20171109
Arcabit 20171109
Avast-Mobile 20171109
Avira (no cloud) 20171109
AVware 20171109
Baidu 20171109
BitDefender 20171109
Bkav 20171109
CAT-QuickHeal 20171109
ClamAV 20171109
CMC 20171109
Comodo 20171109
CrowdStrike Falcon (ML) 20171016
Cybereason 20171030
Cylance 20171109
Cyren 20171109
eGambit 20171109
Emsisoft 20171109
Endgame 20171024
ESET-NOD32 20171109
F-Secure 20171109
Fortinet 20171109
GData 20171109
Ikarus 20171109
Sophos ML 20170914
K7AntiVirus 20171109
K7GW 20171109
Kaspersky 20171109
Kingsoft 20171109
Malwarebytes 20171109
MAX 20171109
McAfee 20171109
Microsoft 20171109
eScan 20171109
NANO-Antivirus 20171109
nProtect 20171109
Palo Alto Networks (Known Signatures) 20171109
Panda 20171109
Qihoo-360 20171109
SentinelOne (Static ML) 20171019
Sophos AV 20171109
SUPERAntiSpyware 20171109
Symantec 20171109
Symantec Mobile Insight 20171109
Tencent 20171109
TheHacker 20171102
TotalDefense 20171109
TrendMicro 20171109
TrendMicro-HouseCall 20171109
Trustlook 20171109
VBA32 20171109
VIPRE 20171109
ViRobot 20171109
Webroot 20171109
WhiteArmor 20171104
Zillya 20171109
ZoneAlarm by Check Point 20171109
Zoner 20171109
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2006 Macrovision Corporation

Product InstallShield
Original name Setup.exe
Internal name Setup
File version 12.0.49974
Description Setup.exe
Signature verification Signed file, verified signature
Signing date 10:41 AM 1/9/2015
Signers
[+] Industrial and Commercial Bank of China Limited
Status Valid
Issuer Symantec Class 3 SHA256 Code Signing CA
Valid from 1:00 AM 12/29/2014
Valid to 12:59 AM 2/27/2018
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 88CA3C14A6C87E43943C04F252DF1976FD33B2F0
Serial number 65 4C 21 D3 C4 50 53 CA FE 8D C9 61 DC D5 CB 2A
[+] Symantec Class 3 SHA256 Code Signing CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 12/10/2013
Valid to 12:59 AM 12/10/2023
Valid usage Client Auth, Code Signing
Algorithm sha256RSA
Thumbprint 007790F6561DAD89B0BCD85585762495E358F8A5
Serial number 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-05-24 16:57:31
Entry Point 0x00022A29
Number of sections 4
PE sections
Overlays
MD5 01fa7085df47e70bce33095a68e6de3d
File type data
Offset 450560
Size 13019144
Entropy 7.92
PE imports
RegDeleteKeyA
GetTokenInformation
RegOpenKeyA
RegCloseKey
OpenProcessToken
RegQueryValueA
FreeSid
RegQueryValueExA
AllocateAndInitializeSid
OpenThreadToken
RegSetValueExA
EqualSid
RegCreateKeyExA
RegOpenKeyExA
RegCreateKeyA
RegEnumKeyExA
GetDIBColorTable
SetMapMode
GetSystemPaletteEntries
PatBlt
SetStretchBltMode
SaveDC
TextOutA
CreateFontIndirectA
PlayMetaFile
GetDeviceCaps
CreateDCA
DeleteDC
RestoreDC
SetBkMode
SetMetaFileBitsEx
SetPixel
CreateSolidBrush
CreateHalftonePalette
RealizePalette
SetTextColor
CreatePatternBrush
GetObjectA
SelectObject
CreateBitmap
BitBlt
CreatePalette
GetStockObject
CreateDIBitmap
SetViewportOrgEx
SelectPalette
UnrealizeObject
SelectClipRgn
CreateCompatibleDC
StretchBlt
CreateRectRgn
DeleteObject
GetTextExtentPoint32A
SetWindowExtEx
SetWindowOrgEx
GetTextExtentPointA
SetBkColor
SetViewportExtEx
CreateCompatibleBitmap
DeleteMetaFile
GetPrivateProfileSectionNamesA
GetStdHandle
ReleaseMutex
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
HeapDestroy
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
HeapReAlloc
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
GetThreadContext
SetStdHandle
GetTempPathA
WideCharToMultiByte
GetStringTypeA
InterlockedExchange
WriteFile
GetDiskFreeSpaceA
GetStringTypeW
SetFileAttributesA
GetExitCodeProcess
LocalFree
ResumeThread
GetEnvironmentVariableA
LoadResource
FindClose
TlsGetValue
FormatMessageA
SetLastError
InitializeCriticalSection
WriteProcessMemory
CopyFileA
HeapAlloc
GetVersionExA
GetModuleFileNameA
QueryPerformanceFrequency
LoadLibraryExA
GetPrivateProfileStringA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FlushInstructionCache
CreateMutexA
GetModuleHandleA
CreateThread
SetUnhandledExceptionFilter
GetCurrentProcess
MulDiv
GetSystemDirectoryA
MoveFileExA
SetThreadContext
TerminateProcess
VirtualQuery
SearchPathA
GetCurrentThreadId
LeaveCriticalSection
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
SetEvent
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
FreeLibrary
GlobalSize
GetStartupInfoA
GetFileSize
AddAtomA
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetProcAddress
VirtualProtectEx
CompareStringW
lstrcmpA
FindFirstFileA
lstrcpyA
ResetEvent
GetTempFileNameA
CreateFileMappingA
FindNextFileA
DuplicateHandle
GlobalLock
CreateEventA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
UnmapViewOfFile
GetSystemInfo
lstrlenA
GlobalFree
LCMapStringA
GlobalUnlock
GetEnvironmentStringsW
FindResourceExA
GlobalAlloc
RemoveDirectoryA
GetShortPathNameA
GetAtomNameA
SizeofResource
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
lstrlenW
GetCPInfo
HeapSize
GetCommandLineA
GetCurrentThread
GetSystemDefaultLangID
RaiseException
MapViewOfFile
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
GetVersion
FreeResource
GetEnvironmentStrings
CreateProcessA
HeapCreate
VirtualFree
Sleep
IsBadReadPtr
IsBadCodePtr
FindResourceA
VirtualAlloc
GetOEMCP
CompareStringA
LZCopy
LZClose
LZOpenFileA
LoadRegTypeLib
VariantChangeType
SafeArrayGetLBound
SafeArrayGetElement
SysAllocStringLen
RegisterTypeLib
VariantClear
SysAllocString
SysReAllocStringLen
SafeArrayGetUBound
VariantCopy
GetErrorInfo
SysFreeString
LoadTypeLib
SysStringLen
UuidToStringA
RpcStringFreeA
UuidCreate
SHGetMalloc
ShellExecuteExA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
SetFocus
MapWindowPoints
GetSysColor
GetParent
MapDialogRect
ReleaseDC
SetPropA
EndDialog
BeginPaint
DrawIcon
CreateDialogIndirectParamA
GetClassInfoExA
DefWindowProcA
ShowWindow
PostThreadMessageA
GetPropA
SetWindowPos
SetWindowRgn
SendDlgItemMessageA
IsWindow
GetWindowRect
DispatchMessageA
EndPaint
PeekMessageA
SetDlgItemTextA
PostMessageA
MoveWindow
EnumChildWindows
GetDlgItemTextA
CallWindowProcA
IntersectRect
MessageBoxA
LoadImageA
GetWindowDC
SetWindowLongA
TranslateMessage
IsWindowEnabled
GetWindow
UpdateWindow
CharUpperA
CheckDlgButton
GetDC
RegisterClassExA
SystemParametersInfoA
RemovePropA
SetWindowTextA
CopyRect
GetWindowLongA
GetWindowPlacement
SendMessageA
SetForegroundWindow
GetClientRect
GetDlgItem
CreateDialogParamA
CharLowerBuffA
EnableMenuItem
ScreenToClient
InvalidateRect
wsprintfA
GetWindowTextLengthA
CreateWindowExA
LoadCursorA
LoadIconA
DrawTextA
GetMessageA
FillRect
LoadStringA
IsDlgButtonChecked
CharNextA
WaitForInputIdle
SetActiveWindow
GetDesktopWindow
InflateRect
GetDialogBaseUnits
GetClassNameA
IsDialogMessageA
MsgWaitForMultipleObjects
EnableWindow
GetWindowTextA
DrawFocusRect
DialogBoxIndirectParamA
DestroyWindow
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
CoMarshalInterThreadInterfaceInStream
CoInitialize
CoTaskMemAlloc
CoRevokeClassObject
CoUninitialize
CoCreateGuid
CoCreateInstance
CoGetInterfaceAndReleaseStream
StringFromCLSID
CoRegisterClassObject
GetRunningObjectTable
CoReleaseMarshalData
CoTaskMemFree
StringFromGUID2
Number of PE resources by type
RT_STRING 132
RT_DIALOG 4
RT_ICON 4
RT_MANIFEST 1
TYPELIB 1
PUBLICKEY 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 8
TURKISH DEFAULT 7
ENGLISH US 6
SWEDISH 4
PORTUGUESE 4
CZECH DEFAULT 4
FRENCH 4
CHINESE SIMPLIFIED 4
SLOVENIAN DEFAULT 4
INDONESIAN DEFAULT 4
DUTCH 4
ITALIAN 4
CATALAN DEFAULT 4
FINNISH DEFAULT 4
SERBIAN CYRILLIC 4
PORTUGUESE BRAZILIAN 4
SPANISH 4
FRENCH CANADIAN 4
KOREAN 4
BASQUE DEFAULT 4
HUNGARIAN DEFAULT 4
GERMAN 4
BULGARIAN DEFAULT 4
POLISH DEFAULT 4
JAPANESE DEFAULT 4
DANISH DEFAULT 4
SLOVAK DEFAULT 4
GREEK DEFAULT 4
NORWEGIAN BOKMAL 4
CHINESE TRADITIONAL 4
THAI DEFAULT 4
SERBIAN DEFAULT 4
ROMANIAN 4
RUSSIAN 4
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
12.0.0.49974

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
172032

EntryPoint
0x22a29

OriginalFileName
Setup.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2006 Macrovision Corporation

FileVersion
12.0.49974

TimeStamp
2006:05:24 17:57:31+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Setup

ProductVersion
12.0

FileDescription
Setup.exe

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Macrovision Corporation

CodeSize
282624

ProductName
InstallShield

ProductVersionNumber
12.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 e4628d75699b865f279aa87e6a3d22ba
SHA1 a82fed38c35f8a2322c1696a082443f062da5708
SHA256 ce148294ec4d9ec2d2354b89c84583502ccfad30b036f6e4aede227eee1a4114
ssdeep
393216:xmHzPf3ngF3hfE7QuxWFTEUEU080CrZS7h:UDgF3ZhucFThDrC

authentihash 58f67b91f7617a2bc31ca6a8a16b1f08217ff54009644d44c6b2fffe6b7cfc51
imphash 3ef36b68401f1772a029a5b517cfa431
File size 12.8 MB ( 13469704 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID DirectShow filter (40.7%)
Windows ActiveX control (23.5%)
InstallShield setup (8.6%)
Win32 Executable MS Visual C++ (generic) (6.3%)
Win64 Executable (generic) (5.5%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2015-01-14 23:27:20 UTC ( 4 years, 4 months ago )
Last submission 2017-11-08 22:44:05 UTC ( 1 year, 6 months ago )
File names Setup.exe
Setup
ce148294ec4d9ec2d2354b89c84583502ccfad30b036f6e4aede227eee1a4114
ce148294ec4d9ec2d2354b89c84583502ccfad30b036f6e4aede227eee1a4114
icbc_netbank_client_controls.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Created mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.