× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d5cb8698ad46604009031236c244d115fcd1b032595b8e2d1b4798fb4a6f9543
Detection ratio: 0 / 68
Analysis date: 2018-02-09 12:52:06 UTC ( 1 week, 4 days ago )
Antivirus Result Update
Ad-Aware 20180209
AegisLab 20180209
AhnLab-V3 20180209
Alibaba 20180209
ALYac 20180209
Antiy-AVL 20180209
Arcabit 20180209
Avast 20180209
Avast-Mobile 20180209
AVG 20180209
Avira (no cloud) 20180209
AVware 20180209
Baidu 20180208
BitDefender 20180209
Bkav 20180209
CAT-QuickHeal 20180209
ClamAV 20180209
CMC 20180209
Comodo 20180209
CrowdStrike Falcon (ML) 20170201
Cybereason 20180205
Cylance 20180209
Cyren 20180209
DrWeb 20180209
eGambit 20180209
Emsisoft 20180209
Endgame 20171130
ESET-NOD32 20180209
F-Prot 20180209
F-Secure 20180209
Fortinet 20180209
GData 20180209
Ikarus 20180209
Sophos ML 20180121
Jiangmin 20180209
K7AntiVirus 20180209
K7GW 20180209
Kaspersky 20180209
Kingsoft 20180209
Malwarebytes 20180209
MAX 20180209
McAfee 20180209
McAfee-GW-Edition 20180209
Microsoft 20180209
eScan 20180209
NANO-Antivirus 20180209
nProtect 20180209
Palo Alto Networks (Known Signatures) 20180209
Panda 20180208
Qihoo-360 20180209
Rising 20180209
SentinelOne (Static ML) 20180115
Sophos AV 20180209
SUPERAntiSpyware 20180209
Symantec 20180209
Symantec Mobile Insight 20180209
Tencent 20180209
TheHacker 20180208
TotalDefense 20180209
TrendMicro 20180209
TrendMicro-HouseCall 20180209
Trustlook 20180209
VBA32 20180209
VIPRE 20180209
ViRobot 20180209
Webroot 20180209
WhiteArmor 20180205
Yandex 20180207
Zillya 20180208
ZoneAlarm by Check Point 20180209
Zoner 20180209
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
All rights reserved

Product Liquid Studio 2017
File version 15.1.17.7979
Description Liquid Studio 2017 Installation
Comments This installation was built with InstallAware: http://www.installaware.com
Signature verification Signed file, verified signature
Signing date 7:15 PM 1/10/2018
Signers
[+] Liquid Technologies Limited
Status Valid
Issuer thawte SHA256 Code Signing CA
Valid from 1:00 AM 3/10/2017
Valid to 12:59 AM 4/21/2020
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 120E8ACF451895508AAC6520B97A6DF70821041C
Serial number 04 A0 F1 7A E2 9D 9F 53 3F 6D AE D1 CC 31 97 D5
[+] thawte SHA256 Code Signing CA
Status Valid
Issuer thawte Primary Root CA
Valid from 1:00 AM 12/10/2013
Valid to 12:59 AM 12/10/2023
Valid usage Client Auth, Code Signing
Algorithm sha256RSA
Thumbprint D00CFDBF46C98A838BC10DC4E097AE0152C461BC
Serial number 71 A0 B7 36 95 DD B1 AF C2 3B 2B 9A 18 EE 54 CB
[+] thawte
Status Valid
Issuer thawte Primary Root CA
Valid from 1:00 AM 11/17/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 91C6D6EE3E8AC86384E548C299295C756C817B81
Serial number 34 4E D5 57 20 D5 ED EC 49 F4 2F CE 37 DB 2B 6D
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT 7Z
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-09-08 22:01:54
Entry Point 0x00021BD6
Number of sections 4
PE sections
Overlays
MD5 e560f43a6f0542610f05c936886f74e4
File type data
Offset 414208
Size 3774800
Entropy 8.00
PE imports
RegCreateKeyExW
RegCloseKey
RegSetValueExW
GetObjectW
GetStdHandle
GetConsoleOutputCP
WaitForSingleObject
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetEvent
LocalFree
FormatMessageW
InitializeCriticalSection
FindClose
InterlockedDecrement
SetFileAttributesW
SetLastError
RemoveDirectoryW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetFullPathNameW
CreateThread
SetUnhandledExceptionFilter
ExitThread
TerminateProcess
WriteConsoleA
SetCurrentDirectoryW
SetEndOfFile
GetVersion
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetVersionExW
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetWindowsDirectoryW
GetFileSize
GetModuleHandleW
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
GetTempFileNameW
GetModuleFileNameW
FindNextFileW
ResetEvent
FindFirstFileW
GetProcAddress
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
GetShortPathNameW
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
lstrlenW
CreateProcessW
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetCurrentThreadId
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
GetOEMCP
SysAllocString
SysFreeString
VariantClear
SysAllocStringLen
SHGetFolderPathW
ShellExecuteExW
RegisterWindowMessageW
EndDialog
MoveWindow
KillTimer
ShowWindow
SetWindowLongW
MessageBoxW
PeekMessageW
GetWindowRect
CharUpperW
DialogBoxParamW
PostMessageW
SetDlgItemTextW
CreateDialogParamW
SendMessageW
LoadStringW
SetWindowTextW
GetDlgItem
SystemParametersInfoW
SetTimer
LoadImageW
AdjustWindowRect
IsDlgButtonChecked
GetWindowTextW
GetDesktopWindow
LoadIconW
GetWindowTextLengthW
GetWindowLongW
SetForegroundWindow
DestroyWindow
CoCreateInstance
CoInitialize
Number of PE resources by type
RT_STRING 105
RT_ICON 13
RT_DIALOG 3
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 19
HEBREW DEFAULT 3
SWEDISH 3
HUNGARIAN DEFAULT 3
VIETNAMESE DEFAULT 3
ESTONIAN DEFAULT 3
LITHUANIAN 3
FRENCH 3
CHINESE SIMPLIFIED 3
SLOVENIAN DEFAULT 3
DUTCH 3
PORTUGUESE 3
ITALIAN 3
CATALAN DEFAULT 3
FINNISH DEFAULT 3
PORTUGUESE BRAZILIAN 3
KOREAN 3
CZECH DEFAULT 3
BASQUE DEFAULT 3
LATVIAN DEFAULT 3
GERMAN 3
POLISH DEFAULT 3
JAPANESE DEFAULT 3
DANISH DEFAULT 3
SLOVAK DEFAULT 3
GREEK DEFAULT 3
TURKISH DEFAULT 3
NORWEGIAN BOKMAL 3
CHINESE TRADITIONAL 3
THAI DEFAULT 3
SERBIAN DEFAULT 3
ARABIC SAUDI ARABIA 3
NEUTRAL 3
SPANISH MODERN 3
ROMANIAN 3
RUSSIAN 3
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
This installation was built with InstallAware: http://www.installaware.com

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
15.1.17.7979

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
229888

EntryPoint
0x21bd6

MIMEType
application/octet-stream

LegalCopyright
All rights reserved

FileVersion
15.1.17.7979

TimeStamp
2015:09:08 23:01:54+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

ProductVersion
15.1.17.79

FileDescription
Liquid Studio 2017 Installation

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Liquid Technologies Limited

CodeSize
183296

ProductName
Liquid Studio 2017

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 c5f935bf782a0f0cb0a0cc7707f9cbac
SHA1 e80483e56216fcbadd13818e949c2b5bbcd20ef9
SHA256 d5cb8698ad46604009031236c244d115fcd1b032595b8e2d1b4798fb4a6f9543
ssdeep
98304:1nZaLe435JO0RgP5HsFLe/ic5VRElR7lx11qvNQCQ1r2UncutrN:+Le4pgOgP5MPcal1t1qFQ1r2UncupN

authentihash 4920d0e4091c3ea2a80024b45566f2567a788d2aa1c88505eaad25e2e552b914
imphash eaefd1169420dcee9fef7c65aa268740
File size 4.0 MB ( 4189008 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (36.8%)
Win32 Executable MS Visual C++ (generic) (26.6%)
Win64 Executable (generic) (23.6%)
Win32 Dynamic Link Library (generic) (5.6%)
Win32 Executable (generic) (3.8%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2018-01-11 20:42:15 UTC ( 1 month, 1 week ago )
Last submission 2018-02-08 10:41:58 UTC ( 1 week, 5 days ago )
File names LiquidStudio2017.exe
LiquidStudio2017.exe
XmlStudio.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Searched windows
Runtime DLLs