× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d548474c69158ba3325b4f527c9dadc833578e6c0a6778720e34e53d776e9971
File name: picolino.exe
Detection ratio: 0 / 47
Analysis date: 2013-04-16 04:07:40 UTC ( 1 year ago ) View latest
Probably harmless! There are strong indicators suggesting that this file is safe to use.
Antivirus Result Update
AVG 20130416
Agnitum 20130415
AhnLab-V3 20130416
AntiVir 20130416
Antiy-AVL 20130415
Avast 20130416
BitDefender 20130416
ByteHero 20130415
CAT-QuickHeal 20130415
ClamAV 20130416
Commtouch 20130415
Comodo 20130416
DrWeb 20130416
ESET-NOD32 20130415
Emsisoft 20130416
F-Prot 20130415
F-Secure 20130416
Fortinet 20130416
GData 20130416
Ikarus 20130416
Jiangmin 20130415
K7AntiVirus 20130412
K7GW 20130412
Kaspersky 20130416
Kingsoft 20130415
Malwarebytes 20130416
McAfee 20130416
McAfee-GW-Edition 20130416
MicroWorld-eScan 20130416
Microsoft 20130416
NANO-Antivirus 20130416
Norman 20130415
PCTools 20130416
Panda 20130415
Rising 20130412
SUPERAntiSpyware 20130416
Sophos 20130416
Symantec 20130416
TheHacker 20130415
TotalDefense 20130415
TrendMicro 20130416
TrendMicro-HouseCall 20130416
VBA32 20130415
VIPRE 20130416
ViRobot 20130416
eSafe 20130415
nProtect 20130416
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
Copyright by Abelssoft

Publisher Abelssoft - Ascora GmbH
Product Picolino 2013
File version 0.1
Description Abelssoft
Comments This installation was built with Inno Setup.
Signature verification Certificate out of its validity period
Signers
[+] Abelssoft - Ascora GmbH
Status Certificate out of its validity period
Valid from 9:42 AM 9/17/2010
Valid to 9:42 AM 9/17/2013
Valid usage Code Signing
Algorithm SHA1
Thumbrint 4894B37A8157215D534774FB3C566FAD31B3373B
Serial number 01 00 00 00 00 01 2B 1F 10 BD 4C
[+] GlobalSign ObjectSign CA
Status Valid
Valid from 11:00 AM 1/22/2004
Valid to 11:00 AM 1/27/2017
Valid usage Code Signing
Algorithm SHA1
Thumbrint 94BDB3CE4A5BC37A9A0BB45AFADB043932474F32
Serial number 04 00 00 00 00 01 23 9E 0F AF 24
[+] GlobalSign Primary Object Publishing CA
Status Valid
Valid from 2:00 PM 1/28/1999
Valid to 1:00 PM 1/27/2017
Valid usage Code Signing
Algorithm SHA1
Thumbrint 549DF5E7102A223BA204B7150106D8EA17B7A70A
Serial number 04 00 00 00 00 01 23 9E 0F AC B3
[+] GlobalSign
Status Valid
Valid from 1:00 PM 9/1/1998
Valid to 1:00 PM 1/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, 1.3.6.1.5.5.8.2.2
Algorithm SHA1
Thumbrint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
Packers identified
F-PROT INNO, INNO, INNO, INNO, INNO, INNO, INNO, INNO, INNO, UTF-8, INNO, INNO, INNO, INNO, INNO, INNO, INNO, INNO, INNO, INNO, INNO, INNO, INNO, INNO, INNO, INNO, INNO, INNO, INNO, UTF-8, INNO, INNO, INNO, INNO, INNO, INNO, INNO, INNO, INNO, INNO, INNO, INNO, INNO, INNO, INNO, INNO, INNO, INNO
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Link date 11:22 PM 6/19/1992
Entry Point 0x00009C40
Number of sections 8
PE sections
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
CreateDirectoryA
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetLocaleInfoA
LocalAlloc
LockResource
IsDBCSLeadByte
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
CloseHandle
GetACP
GetFullPathNameA
LocalFree
CreateProcessA
GetModuleFileNameA
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
FindResourceA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 4
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
DUTCH 4
ENGLISH US 3
ExifTool file metadata
UninitializedDataSize
0

Comments
This installation was built with Inno Setup.

LinkerVersion
2.25

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
0.1.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
17920

MIMEType
application/octet-stream

LegalCopyright
Copyright by Abelssoft

FileVersion
0.1

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

FileAccessDate
2014:02:11 19:49:02+01:00

ProductVersion
1.7

FileDescription
Abelssoft

OSVersion
1.0

FileCreateDate
2014:02:11 19:49:02+01:00

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Abelssoft

CodeSize
37888

ProductName
Picolino 2013

ProductVersionNumber
0.1.0.0

EntryPoint
0x9c40

ObjectFileType
Executable application

File identification
MD5 bc911a942e9999eea34343250f5a4966
SHA1 b6c663d9664c5bf301aee2f294562332e0aecfdd
SHA256 d548474c69158ba3325b4f527c9dadc833578e6c0a6778720e34e53d776e9971
ssdeep
24576:JnaHh+/j6+b0hctBQS+YHud62GYCa0uUW2h6+VheIbyLIGXmGQJxkTt:Jao/mW08Q0O82GaEWlkbyLImp

imphash 884310b1928934402ea6fec1dbd3cf5e
File size 1.5 MB ( 1598800 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (86.4%)
Win32 Dynamic Link Library (generic) (5.1%)
Win32 Executable (generic) (3.5%)
Win16/32 Executable Delphi generic (1.6%)
Generic Win/DOS Executable (1.5%)
Tags
peexe signed mz

VirusTotal metadata
First submission 2013-01-31 06:09:44 UTC ( 1 year, 2 months ago )
Last submission 2014-02-11 18:47:05 UTC ( 2 months ago )
File names picolino (1).ex
samples_analysis_platform
picolino.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Created processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.