× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d53eafa1d66f8181e5eeb9e31457c14baa3a5a0e323727222265c52e65a71080
File name: 760800
Detection ratio: 32 / 55
Analysis date: 2016-02-01 09:06:07 UTC ( 3 years ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Application.Bundler.DownloadAdmin.4 20160201
AegisLab Variant.Application.Bundler!c 20160201
Yandex Riskware.Agent! 20160201
Antiy-AVL GrayWare[AdWare]/Win32.DownloadAdmin.p 20160201
Arcabit Trojan.Application.Bundler.DownloadAdmin.4 20160201
AVG Generic.B8A 20160201
Baidu-International PUA.Win32.DownloadAdmin.P 20160129
BitDefender Gen:Variant.Application.Bundler.DownloadAdmin.4 20160130
ClamAV Win.Trojan.Downloadadmin-233 20160130
Comodo Application.Win32.DownloadAdmin.P 20160130
Cyren W32/Application.OMIR-8691 20160201
DrWeb Trojan.Vittalia.823 20160201
ESET-NOD32 a variant of Win32/DownloadAdmin.P potentially unwanted 20160201
F-Secure Gen:Variant.Application.Bundler 20160129
Fortinet Riskware/DownloadAdmin 20160201
GData Gen:Variant.Application.Bundler.DownloadAdmin.4 20160201
Ikarus PUA.DownloadAdmin 20160201
K7AntiVirus Adware ( 004d4a2c1 ) 20160201
K7GW Adware ( 004d4a2c1 ) 20160201
Malwarebytes PUP.Optional.DownLoadAdmin 20160201
McAfee RDN/Generic Downloader.x 20160201
McAfee-GW-Edition RDN/Generic Downloader.x 20160201
Microsoft SoftwareBundler:Win32/Dowadmin 20160201
eScan Gen:Variant.Application.Bundler.DownloadAdmin.4 20160201
NANO-Antivirus Trojan.Win32.Vittalia.dyuzls 20160201
Rising PE:Malware.Generic(Thunder)!1.A1C4 [F] 20160201
Sophos AV Generic PUA NK (PUA) 20160201
SUPERAntiSpyware PUP.DownloadAdmin/Variant 20160201
Symantec Trojan.Gen.2 20160201
VBA32 Downloader.DownloAdmin 20160201
VIPRE Trojan.Win32.Generic!BT 20160201
ViRobot Adware.Downloadadmin.903224.AX[h] 20160201
AhnLab-V3 20160201
Alibaba 20160201
ALYac 20160130
Avast 20160201
Avira (no cloud) 20160130
Bkav 20160129
ByteHero 20160201
CAT-QuickHeal 20160201
CMC 20160130
Emsisoft 20160201
F-Prot 20160129
Jiangmin 20160201
Kaspersky 20160201
nProtect 20160201
Panda 20160201
Qihoo-360 20160201
Tencent 20160201
TheHacker 20160130
TotalDefense 20160201
TrendMicro 20160201
TrendMicro-HouseCall 20160201
Zillya 20160201
Zoner 20160201
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2015

Product Sundex
Original name setup.exe
Internal name setup.exe
File version 12.3.2.8858
Description Sundex
Signature verification A certificate was explicitly revoked by its issuer.
Signing date 2:31 AM 2/10/2019
Signers
[+] Sundex
Status This certificate or one of the certificates in the certificate chain is not time valid., Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer Go Daddy Secure Certification Authority
Valid from 08:44 PM 10/30/2015
Valid to 07:47 PM 09/05/2016
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint B8A94CA03022D62121E466DE504129CD078A69C9
Serial number 35 55 D8 2B AF 04 77 E9
[+] Go Daddy Secure Certification Authority
Status Valid
Issuer Go Daddy Class 2 Certification Authority
Valid from 01:54 AM 11/16/2006
Valid to 01:54 AM 11/16/2026
Valid usage All
Algorithm sha1RSA
Thumbprint 7C4656C3061F7F4C0D67B319A855F60EBC11FC44
Serial number 03 01
[+] Go Daddy Class 2 Certification Authority
Status Valid
Issuer Go Daddy Class 2 Certification Authority
Valid from 04:06 PM 06/29/2004
Valid to 04:06 PM 06/29/2034
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 2796BAE63F1801E277261BA0D77770028F20EEE4
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-11-17 16:43:25
Entry Point 0x00003C4C
Number of sections 5
PE sections
Overlays
MD5 1614978cba37b6b01356a61ca477b6b5
File type data
Offset 898560
Size 4664
Entropy 7.37
PE imports
SetMetaRgn
FlattenPath
SelectObject
EnumObjects
CreateFontA
CreateFontIndirectA
PtVisible
Polyline
WidenPath
FillPath
CreateBitmap
SelectClipRgn
DeleteObject
EndPath
GetLastError
InitializeCriticalSectionAndSpinCount
GetStdHandle
lstrcpynA
GetFileAttributesA
WaitForSingleObject
GetExitCodeProcess
QueryPerformanceCounter
GetProcessTimes
OutputDebugStringA
GetVersionExA
CreateTimerQueue
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
GetStartupInfoA
GetCurrentProcessId
CreateDirectoryA
DeleteFileA
HeapQueryInformation
GetCurrentDirectoryA
UnhandledExceptionFilter
SetErrorMode
MultiByteToWideChar
IsProcessInJob
GetCommandLineA
GetProcAddress
InterlockedCompareExchange
HeapWalk
TerminateJobObject
GetFullPathNameA
lstrcmpiA
MapViewOfFile
TlsFree
GetModuleHandleA
InterlockedExchange
WaitNamedPipeA
WriteFile
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
CreateFileMappingA
DuplicateHandle
GetLogicalProcessorInformation
ExpandEnvironmentStringsA
SetEnvironmentVariableA
ReadConsoleA
FreeLibrary
LocalFree
TerminateProcess
ResumeThread
CreateProcessA
SetUnhandledExceptionFilter
WriteConsoleA
GetVersion
GetEnvironmentVariableA
ChangeTimerQueueTimer
Sleep
FormatMessageA
CreateFileA
GetTickCount
GetCurrentThreadId
ExitProcess
SetCurrentDirectoryA
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteExA
SHFileOperationA
DrawTextA
BeginPaint
SendMessageW
GetWindowLongA
DispatchMessageA
EndPaint
TranslateMessage
PostMessageA
SendMessageA
CreateWindowExA
DrawTextW
GetMessageA
ShowWindow
RegisterClassA
GetDC
GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError
rand
malloc
__p__fmode
realloc
memset
_time64
_cexit
?terminate@@YAXXZ
_amsg_exit
_snprintf
_XcptFilter
exit
__setusermatherr
_controlfp
_acmdln
srand
_ismbblead
__p__commode
free
atoi
__getmainargs
memcpy
_pgmptr
__argv
memmove
__argc
_initterm
_exit
__set_app_type
CoTaskMemFree
CoCreateInstance
OleInitialize
CoInitializeEx
Number of PE resources by type
RT_ICON 4
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 7
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
12.3.2.8858

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Sundex

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
846848

EntryPoint
0x3c4c

OriginalFileName
setup.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2015

FileVersion
12.3.2.8858

TimeStamp
2014:11:17 17:43:25+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
setup.exe

ProductVersion
12.3.2.8858

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Sundex

CodeSize
54784

ProductName
Sundex

ProductVersionNumber
12.3.2.8858

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 1dd936bb1cfe9e4bfea9ca88caf98f67
SHA1 dae6d411538427213d010de9f903b3063389b5d0
SHA256 d53eafa1d66f8181e5eeb9e31457c14baa3a5a0e323727222265c52e65a71080
ssdeep
24576:TpBcj0M9rmX5ccNmPvA+raCe0/PhXvs6Bj:0IFX5PmPvbjhfsE

authentihash dbdb54c63656de74868c4c2c7d945fa13728e71cd791ba6ed16430312312266e
imphash 7e116925f78e2e7645e671c758d1333a
File size 882.1 KB ( 903224 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (45.0%)
Microsoft Visual C++ compiled executable (generic) (26.9%)
Win32 Dynamic Link Library (generic) (10.7%)
Win32 Executable (generic) (7.3%)
OS/2 Executable (generic) (3.3%)
Tags
revoked-cert peexe signed overlay

VirusTotal metadata
First submission 2015-11-06 00:57:33 UTC ( 3 years, 3 months ago )
Last submission 2018-05-27 01:46:23 UTC ( 8 months, 4 weeks ago )
File names setup.exe
thehat.exe
760800
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Opened mutexes
Runtime DLLs