× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d5cfc965ec7f6976cbee4f7061381c126bd6d3a4851a90f72efbf24416dac399
File name: bwsetup.exe
Detection ratio: 0 / 64
Analysis date: 2019-03-20 20:40:02 UTC ( 1 month ago ) View latest
Antivirus Result Update
Acronis 20190320
Ad-Aware 20190320
AegisLab 20190320
AhnLab-V3 20190320
ALYac 20190320
Antiy-AVL 20190320
Arcabit 20190320
Avast 20190320
Avast-Mobile 20190320
AVG 20190320
Avira (no cloud) 20190320
Babable 20180918
Baidu 20190318
BitDefender 20190320
Bkav 20190320
CAT-QuickHeal 20190320
ClamAV 20190320
CMC 20190320
Comodo 20190320
CrowdStrike Falcon (ML) 20190212
Cybereason 20190109
Cyren 20190320
DrWeb 20190320
eGambit 20190320
Emsisoft 20190320
Endgame 20190215
ESET-NOD32 20190320
F-Secure 20190320
Fortinet 20190320
GData 20190320
Ikarus 20190320
Sophos ML 20190313
Jiangmin 20190320
K7AntiVirus 20190320
K7GW 20190320
Kaspersky 20190320
Kingsoft 20190320
Malwarebytes 20190320
MAX 20190320
McAfee 20190320
McAfee-GW-Edition 20190320
Microsoft 20190320
eScan 20190320
NANO-Antivirus 20190320
Palo Alto Networks (Known Signatures) 20190320
Panda 20190320
Qihoo-360 20190320
Rising 20190320
SentinelOne (Static ML) 20190317
Sophos AV 20190320
SUPERAntiSpyware 20190314
Symantec Mobile Insight 20190220
TACHYON 20190320
Tencent 20190320
TheHacker 20190319
TotalDefense 20190318
Trapmine 20190301
TrendMicro-HouseCall 20190320
Trustlook 20190320
VBA32 20190320
ViRobot 20190320
Yandex 20190320
Zillya 20190320
ZoneAlarm by Check Point 20190320
Zoner 20190320
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
NCH Software

Product BroadWave
Original name BroadWave.exe
Internal name BroadWave
File version 2.00
Description BroadWave Audio Streaming Server
Signature verification Signed file, verified signature
Signing date 2:55 PM 10/17/2018
Signers
[+] NCH Software Pty Ltd
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer DigiCert EV Code Signing CA
Valid from 12:00 AM 10/03/2018
Valid to 01:00 PM 03/25/2019
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 160E0AE3B956EA75C9F0A5E5D00C7351E5A1722F
Serial number 05 72 F6 D5 E5 59 56 34 97 F3 53 31 5B 4E 81 47
[+] DigiCert EV Code Signing CA
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 12:00 PM 04/18/2012
Valid to 12:00 PM 04/18/2027
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 846896AB1BCF45734855C61B63634DFD8719625B
Serial number 0D D0 E3 37 4A C9 5B DB FA 6B 43 4B 2A 48 EC 06
[+] DigiCert
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 01:00 AM 11/10/2006
Valid to 01:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
Serial number 02 AC 5C 26 6A 0B 40 9B 8F 0B 79 F2 AE 46 25 77
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 12:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 01:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 01:00 AM 01/01/1997
Valid to 12:59 AM 01/01/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-01-24 23:09:42
Entry Point 0x000011D4
Number of sections 5
PE sections
Overlays
MD5 09397b8725c7b616afabc765542c80b4
File type data
Offset 542720
Size 14400
Entropy 7.24
PE imports
GetLastError
GetModuleFileNameW
WaitForSingleObject
GetExitCodeProcess
ExitProcess
LoadLibraryA
VerSetConditionMask
SizeofResource
LockResource
GetCommandLineW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
RemoveDirectoryW
lstrcpyW
SetEnvironmentVariableW
WriteFile
CloseHandle
GetModuleHandleW
FreeLibrary
GetTempPathW
LoadResource
FindResourceW
CreateFileW
SetupIterateCabinetW
ShellExecuteW
ShellExecuteExW
MessageBoxW
wsprintfW
CoInitializeEx
CoUninitialize
Number of PE resources by type
RT_ICON 2
Struct(99) 2
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 7
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.0.0.0

LanguageCode
English (Australian)

FileFlagsMask
0x0017

FileDescription
BroadWave Audio Streaming Server

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
539648

EntryPoint
0x11d4

OriginalFileName
BroadWave.exe

MIMEType
application/octet-stream

LegalCopyright
NCH Software

FileVersion
2.0

TimeStamp
2016:01:25 00:09:42+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
BroadWave

ProductVersion
2.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
NCH Software

CodeSize
2048

ProductName
BroadWave

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 d9fd5a1b186fbbbe961c32e88b100e98
SHA1 2847b2a87db3ce4e037b2cc5e1360774a3644df9
SHA256 d5cfc965ec7f6976cbee4f7061381c126bd6d3a4851a90f72efbf24416dac399
ssdeep
12288:Id2oES0e0uzrjo8CrZY8+2I2cjeMiyWc0w78Gtm8tzPqNocj9aAq:5tfe/LCFU4/JyWcB8GlkNocj9bq

authentihash 04cd3bde64423ddd2cb54e40976ea492dc51dc49b0d9cb71bed63c30966c250e
imphash d5878a7df8028566ef33784eb237cac4
File size 544.1 KB ( 557120 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2018-10-19 02:25:36 UTC ( 6 months ago )
Last submission 2019-04-16 05:47:21 UTC ( 6 days, 12 hours ago )
File names output.123994643.txt
bwsetup.exe
BroadWave.exe
bwsetup.exe
BroadWave
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Searched windows
Opened service managers
Opened services
Runtime DLLs