× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d254a85d4a90cdcbb86454149c10154ae2795326e20baae2e3ccac1af6dc2aa2
File name: B2CAppSetup.exe
Detection ratio: 0 / 69
Analysis date: 2018-10-02 20:58:35 UTC ( 2 weeks, 6 days ago )
Antivirus Result Update
Ad-Aware 20181002
AegisLab 20181002
AhnLab-V3 20181002
Alibaba 20180921
ALYac 20181002
Antiy-AVL 20181002
Arcabit 20181002
Avast 20181002
Avast-Mobile 20181002
AVG 20181002
Avira (no cloud) 20181002
AVware 20180925
Babable 20180918
Baidu 20180930
BitDefender 20181002
Bkav 20181002
CAT-QuickHeal 20181001
ClamAV 20181002
CMC 20181002
Comodo 20181002
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20181002
Cyren 20181002
DrWeb 20181002
eGambit 20181002
Emsisoft 20181002
Endgame 20180730
ESET-NOD32 20181002
F-Prot 20181002
F-Secure 20181002
Fortinet 20181002
GData 20181002
Ikarus 20181002
Sophos ML 20180717
Jiangmin 20181002
K7AntiVirus 20181002
K7GW 20181001
Kaspersky 20181002
Kingsoft 20181002
Malwarebytes 20181002
MAX 20181002
McAfee 20181002
McAfee-GW-Edition 20181002
Microsoft 20181002
eScan 20181002
NANO-Antivirus 20181002
Palo Alto Networks (Known Signatures) 20181002
Panda 20181002
Qihoo-360 20181002
Rising 20181002
SentinelOne (Static ML) 20180926
Sophos AV 20181002
SUPERAntiSpyware 20180907
Symantec 20181002
Symantec Mobile Insight 20181001
TACHYON 20181002
Tencent 20181002
TheHacker 20181001
TotalDefense 20181002
TrendMicro 20181002
TrendMicro-HouseCall 20181002
Trustlook 20181002
VBA32 20181002
VIPRE 20181002
ViRobot 20181002
Webroot 20181002
Yandex 20180927
Zillya 20181002
ZoneAlarm by Check Point 20180925
Zoner 20180927
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2007. LG Electronics

Product B2CAppSetup 응용 프로그램
Original name B2CAppSetup.EXE
Internal name B2CAppSetup
File version 1, 0, 1, 7
Description B2CAppSetup MFC 응용 프로그램
Signature verification Signed file, verified signature
Signing date 1:45 AM 1/19/2010
Signers
[+] LG Electronics, ltd.
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2009-2 CA
Valid from 1:00 AM 6/5/2009
Valid to 12:59 AM 6/6/2010
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint DD882432D000FCA20ACE6B0BD2186318B7D7C67A
Serial number 11 43 BC CA 77 CE 8D E8 FA D2 69 7B A6 D3 52 35
[+] VeriSign Class 3 Code Signing 2009-2 CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 5/21/2009
Valid to 12:59 AM 5/21/2019
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 12D4872BC3EF019E7E0B6F132480AE29DB5B1CA3
Serial number 65 52 26 E1 B2 2E 18 E1 59 0F 29 85 AC 22 E7 5C
[+] VeriSign Class 3 Public Primary CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 1/29/1996
Valid to 12:59 AM 8/2/2028
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm md2RSA
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 1:00 AM 6/15/2007
Valid to 12:59 AM 6/15/2012
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-01-19 00:44:25
Entry Point 0x0000D826
Number of sections 4
PE sections
Overlays
MD5 82ce60eb650fbb276a614f1369d0e036
File type data
Offset 245760
Size 6080
Entropy 7.24
PE imports
RegFlushKey
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
GetWindowExtEx
SetMapMode
SetBkMode
PatBlt
SaveDC
TextOutA
LPtoDP
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
GetMapMode
SelectObject
DeleteObject
IntersectClipRect
BitBlt
SetTextColor
GetObjectA
CreateBitmap
RectVisible
GetStockObject
CreateDIBitmap
SetViewportOrgEx
ScaleWindowExtEx
SetBkColor
ExtTextOutA
PtVisible
GetTextExtentPointA
CreateCompatibleDC
ScaleViewportExtEx
SetViewportExtEx
SetWindowExtEx
GetTextColor
CreateSolidBrush
DPtoLP
Escape
GetViewportExtEx
GetBkColor
GetStdHandle
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
HeapDestroy
IsBadCodePtr
GetExitCodeProcess
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetFileTime
GetCPInfo
GetStringTypeA
WriteFile
HeapReAlloc
GetStringTypeW
SetFileAttributesA
SetEvent
LocalFree
ResumeThread
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
TlsGetValue
FormatMessageA
SetLastError
CopyFileA
ExitProcess
FlushFileBuffers
GetModuleFileNameA
FreeLibrary
GetPriorityClass
SetThreadPriority
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
CreateThread
GlobalAddAtomA
SetUnhandledExceptionFilter
MulDiv
GetSystemDirectoryA
SetEnvironmentVariableA
TerminateProcess
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
SetCurrentDirectoryA
CreateToolhelp32Snapshot
HeapFree
EnterCriticalSection
SetHandleCount
lstrcpynA
lstrcmpiA
GetOEMCP
GetTickCount
IsBadWritePtr
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
ExitThread
Process32Next
GetStartupInfoA
UnlockFile
GetFileSize
GlobalDeleteAtom
OpenProcess
CreateDirectoryA
DeleteFileA
GetFullPathNameA
GlobalLock
CompareStringW
GlobalReAlloc
lstrcmpA
FindFirstFileA
lstrcpyA
GetProfileStringA
CompareStringA
FindNextFileA
DuplicateHandle
GetProcAddress
GetTimeZoneInformation
CreateEventA
GlobalFindAtomA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
lstrlenA
GlobalFree
LCMapStringA
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
LockFile
FileTimeToLocalFileTime
GetEnvironmentStrings
WritePrivateProfileStringA
LockResource
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetCurrentThread
SuspendThread
RaiseException
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
Process32First
GetVolumeInformationA
GetACP
GetVersion
SizeofResource
WideCharToMultiByte
HeapCreate
VirtualFree
IsBadReadPtr
GetProcessVersion
FindResourceA
VirtualAlloc
VariantChangeType
VariantTimeToSystemTime
SysStringLen
SysAllocStringLen
VariantClear
SysAllocString
VariantCopy
SysFreeString
SysAllocStringByteLen
Ord(253)
SetupIterateCabinetA
ShellExecuteA
SHGetSpecialFolderPathA
SetFocus
GetMessagePos
SetMenuItemBitmaps
DestroyMenu
PostQuitMessage
GetForegroundWindow
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
GetWindowLongA
GrayStringA
GetMessageTime
SetActiveWindow
GetMenuItemID
GetCursorPos
MapDialogRect
GetDlgCtrlID
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
GetNextDlgTabItem
CallNextHookEx
GetWindowTextLengthA
CopyAcceleratorTableA
ClientToScreen
GetTopWindow
ExcludeUpdateRgn
GetActiveWindow
GetWindowTextA
DestroyWindow
GetMessageA
GetParent
UpdateWindow
SetPropA
ShowWindow
GetPropA
GetNextDlgGroupItem
GetMenuState
EnableWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
LoadStringA
GetWindowPlacement
EnableMenuItem
RegisterClassA
TabbedTextOutA
DrawFocusRect
CreateWindowExA
SetWindowContextHelpId
GetSysColorBrush
IsWindowUnicode
ReleaseDC
PtInRect
IsChild
IsDialogMessageA
MapWindowPoints
BeginPaint
OffsetRect
KillTimer
CharNextA
RegisterWindowMessageA
DefWindowProcA
SendDlgItemMessageA
GetSystemMetrics
IsIconic
GetWindowRect
InflateRect
PostMessageA
DrawIcon
SetWindowLongA
RemovePropA
SetWindowTextA
ShowCaret
GetSubMenu
GetLastActivePopup
SetTimer
GetDlgItem
GetMenuCheckMarkDimensions
ScreenToClient
GetClassLongA
CreateDialogIndirectParamA
LoadCursorA
LoadIconA
SetWindowsHookExA
GetMenuItemCount
GetDesktopWindow
GetSystemMenu
GetDC
SetForegroundWindow
PostThreadMessageA
DrawTextA
IntersectRect
EndDialog
HideCaret
CopyRect
GetCapture
MessageBeep
CheckMenuItem
AppendMenuA
UnhookWindowsHookEx
RegisterClipboardFormatA
MoveWindow
MessageBoxA
GetWindowDC
AdjustWindowRectEx
GetSysColor
GetKeyState
SystemParametersInfoA
IsWindowVisible
WinHelpA
SetRect
InvalidateRect
wsprintfA
DefDlgProcA
ValidateRect
CallWindowProcA
GetClassNameA
GetFocus
ModifyMenuA
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
InternetSetStatusCallback
InternetQueryDataAvailable
InternetWriteFile
InternetReadFile
InternetCloseHandle
InternetGetLastResponseInfoA
InternetOpenA
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetSetFilePointer
InternetCrackUrlA
InternetOpenUrlA
OpenPrinterA
DocumentPropertiesA
ClosePrinter
WSAStartup
gethostbyname
gethostname
inet_addr
GetFileTitleA
OleUninitialize
CoUninitialize
CoInitialize
CoTaskMemAlloc
StgCreateDocfileOnILockBytes
OleFlushClipboard
CoCreateInstance
CoRevokeClassObject
CoFreeUnusedLibraries
CLSIDFromProgID
CoRegisterMessageFilter
StgOpenStorageOnILockBytes
OleIsCurrentClipboard
CoTaskMemFree
OleInitialize
CLSIDFromString
CreateILockBytesOnHGlobal
CoGetClassObject
URLDownloadToFileA
Number of PE resources by type
RT_STRING 12
RT_BITMAP 4
RT_DIALOG 3
RT_ICON 2
RT_CURSOR 2
RT_GROUP_CURSOR 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
KOREAN 27
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.1.7

LanguageCode
Korean

FileFlagsMask
0x003f

FileDescription
B2CAppSetup MFC

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
86016

EntryPoint
0xd826

OriginalFileName
B2CAppSetup.EXE

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2007. LG Electronics

FileVersion
1, 0, 1, 7

TimeStamp
2010:01:19 01:44:25+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
B2CAppSetup

ProductVersion
1, 0, 1, 7

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
LG Electronics

CodeSize
172032

ProductName
B2CAppSetup

ProductVersionNumber
1.0.1.7

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
Compressed bundles
File identification
MD5 67ca36b29656f214920b05b1ea8c6f9f
SHA1 0cecaedbe7ec865fa381a97a2c26dbd0c3bda423
SHA256 d254a85d4a90cdcbb86454149c10154ae2795326e20baae2e3ccac1af6dc2aa2
ssdeep
3072:7OjvyfEY+CoHUJBW3dsQnqhDCpJAt44dh72XeE082LFO/m6lxFMJWlA6hr1QW:KOfTMUJBQsCpStXtJQ5hCW

authentihash b5f1d176701686943cb18ca80d5d36e3a5a53416ae8d37c4908066e6c4373cc8
imphash 49a5e622e48e901be1960bff8f3d9e89
File size 245.9 KB ( 251840 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.0%)
Win64 Executable (generic) (31.0%)
Windows screen saver (14.7%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Tags
peexe software-collection armadillo signed overlay

VirusTotal metadata
First submission 2010-01-19 10:02:00 UTC ( 8 years, 9 months ago )
Last submission 2018-08-27 06:08:32 UTC ( 1 month, 3 weeks ago )
File names 0cecaedbe7ec865fa381a97a2c26dbd0c3bda423.exe
$RDSW963.exe
B2CAppSetup.exe
file-4774714_exe
B2C188AppSetup.exe
B2CAppSetup_1.6.7.1.exe
B2CAppSetup.exe
LG Support Tool.exe
B2CAppSetup_1_7_1_0.exe
1360586885-B2CAppSetup.exe
filename
LG-UPDATE.exe
b2cappsetup.exe
LG .exe
d254a85d4a90cdcbb86454149c10154ae2795326e20baae2e3ccac1af6dc2aa2
B2CAppSetup (2).exe
B2CAppSetup.exe
B2CAppSetup.exe
B2CAppSetup (1).exe
67ca36b29656f214920b05b1ea8c6f9f.exe
67ca36b29656f214920b05b1ea8c6f9f
B2C1870AppSetup.exe
B2CAppSetup.EXE
B2CAppSetup(2).exe
B2CAppSetup[1].exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!