× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d2eb30ec923c085d3855634289cebca9e43bea0aec135bf5a1e35953bbb8147a
File name: GoogleDesktopSetup.exe
Detection ratio: 1 / 67
Analysis date: 2018-01-09 07:09:06 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
Tencent Suspicious.Heuristic.Gen.b.0 20180109
Ad-Aware 20180109
AegisLab 20180109
AhnLab-V3 20180109
Alibaba 20180109
ALYac 20180109
Antiy-AVL 20180109
Arcabit 20180109
Avast 20180109
Avast-Mobile 20180108
AVG 20180109
Avira (no cloud) 20180109
AVware 20180103
Baidu 20180109
BitDefender 20180109
Bkav 20180106
CAT-QuickHeal 20180109
ClamAV 20180109
CMC 20180108
Comodo 20180109
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20180109
Cyren 20180109
DrWeb 20180109
eGambit 20180109
Emsisoft 20180109
Endgame 20171130
ESET-NOD32 20180109
F-Prot 20180109
F-Secure 20180109
Fortinet 20180109
GData 20180109
Ikarus 20180108
Sophos ML 20170914
Jiangmin 20180109
K7AntiVirus 20180109
K7GW 20180109
Kaspersky 20180109
Kingsoft 20180109
Malwarebytes 20180109
MAX 20180109
McAfee 20180109
McAfee-GW-Edition 20180109
Microsoft 20180109
eScan 20180109
NANO-Antivirus 20180109
nProtect 20180109
Palo Alto Networks (Known Signatures) 20180109
Panda 20180108
Rising 20180106
SentinelOne (Static ML) 20171224
Sophos AV 20180109
SUPERAntiSpyware 20180109
Symantec 20180109
Symantec Mobile Insight 20180109
TheHacker 20180108
TotalDefense 20180108
TrendMicro 20180109
TrendMicro-HouseCall 20180109
Trustlook 20180109
VBA32 20180108
VIPRE 20180109
ViRobot 20180109
Webroot 20180109
WhiteArmor 20171226
Yandex 20171229
Zillya 20180108
ZoneAlarm by Check Point 20180109
Zoner 20180109
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (c) 2003-10 Google. All Rights Reserved.

Product Google Desktop
Internal name Google Desktop
File version 5.9.1005.12335
Description Google Desktop
Signature verification Signed file, verified signature
Signing date 9:01 PM 5/12/2010
Signers
[+] Google Inc
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2004 CA
Valid from 12:00 AM 06/19/2007
Valid to 11:59 PM 06/18/2010
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint FE5008FE0DA7A2033816752D6EAFE95214F5A7E1
Serial number 31 44 C0 6A 6C FB 50 76 C1 5D 39 95 72 C6 94 21
[+] VeriSign Class 3 Code Signing 2004 CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Class 3 Public Primary Certification Authority
Valid from 12:00 AM 07/16/2004
Valid to 11:59 PM 07/15/2014
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 197A4AEBDB25F0170079BB8C73CB2D655E0018A4
Serial number 41 91 A1 5A 39 78 DF CF 49 65 66 38 1D 4C 75 C2
[+] VeriSign Class 3 Public Primary CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 12:00 AM 01/29/1996
Valid to 11:59 PM 08/01/2028
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm md2RSA
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 12:00 AM 06/15/2007
Valid to 11:59 PM 06/14/2012
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 12:00 AM 12/04/2003
Valid to 11:59 PM 12/03/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 01/01/1997
Valid to 11:59 PM 12/31/2020
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT PECompact, PecBundle
PEiD PECompact 2.xx --> BitSum Technologies
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-05-12 18:59:25
Entry Point 0x00038820
Number of sections 3
PE sections
Overlays
MD5 fc4cfc0e2c9ecc087ae1d871cc285901
File type data
Offset 2009088
Size 5616
Entropy 7.27
PE imports
InitCommonControlsEx
DeleteDC
SysAllocStringLen
RasEnumEntriesW
SetupIterateCabinetW
PathAddBackslashW
IsWindow
LoadUserProfileW
InternetGetCookieW
VirtualFree
LoadLibraryA
VirtualAlloc
GetProcAddress
Ord(70)
CoTaskMemFree
Number of PE resources by type
DLL 26
RT_ICON 7
RT_STRING 6
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 36
NEUTRAL 6
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
5633536

ImageVersion
0.0

ProductName
Google Desktop

FileVersionNumber
5.9.1005.12335

UninitializedDataSize
0

LanguageCode
Turkish

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
5.9.1005.12335

TimeStamp
2010:05:12 19:59:25+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Google Desktop

ProductVersion
5.9.1005.12335

FileDescription
Google Desktop

OSVersion
4.0

FileOS
Unknown (0)

LegalCopyright
Copyright (c) 2003-10 Google. All Rights Reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Google

CodeSize
243200

FileSubtype
0

ProductVersionNumber
5.9.1005.12335

EntryPoint
0x38820

ObjectFileType
Unknown

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
File identification
MD5 ec6ff7b753e8fcb6e3b0b2a9aba5be16
SHA1 dae5150a3008f016a696de310501446a9b5b6aee
SHA256 d2eb30ec923c085d3855634289cebca9e43bea0aec135bf5a1e35953bbb8147a
ssdeep
49152:mfSMWPlfYyW+YUf1/P1PZ6pVYSxJuy4zj5F4/x14q:DM4lgHwLPZ6rZJuywj5y/jJ

authentihash 84ef687bd98077d37e8a971720874765367af4f4c0a0a16d3bdd499ad0850f2b
imphash f17b31a9435389a17da6e39417136f52
File size 1.9 MB ( 2014704 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (v2.x) (50.1%)
Win32 EXE PECompact compressed (generic) (35.3%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.8%)
OS/2 Executable (generic) (1.7%)
Tags
pecompact peexe signed overlay

VirusTotal metadata
First submission 2010-05-26 15:31:07 UTC ( 8 years, 12 months ago )
Last submission 2019-03-25 06:06:15 UTC ( 1 month, 4 weeks ago )
File names GoogleDesktopSetup.exe
ec6ff7b753e8fcb6e3b0b2a9aba5be16
GoogleDesktopSetup.exe
Google Desktop
14334-GoogleDesktopSetup-5.9.1005.12335.exe
GoogleDesktopSetup.exe
03B682E2F06F560EBDB11ECD4FBF03000EA3A074.exe
14334-GoogleDesktopSetup-5.9.1005.12335 (1).exe
GoogleDesktopSetup.exe
octet-stream
smona132563161678832979653
14334-GoogleDesktopSetup-5.9.1005.12335.exe
tmpbpdzi7.drivedownload
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!