× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d6ead2a971712c5dbf289fe8e83d27c0afb0a2d19c4c54106ade144f0347ecaf
Detection ratio: 0 / 66
Analysis date: 2018-04-06 02:37:21 UTC ( 10 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware 20180406
AegisLab 20180406
AhnLab-V3 20180406
Alibaba 20180404
ALYac 20180406
Antiy-AVL 20180406
Arcabit 20180406
Avast 20180406
Avast-Mobile 20180405
AVG 20180406
Avira (no cloud) 20180405
AVware 20180406
Baidu 20180404
BitDefender 20180406
Bkav 20180405
CAT-QuickHeal 20180405
ClamAV 20180405
CMC 20180405
Comodo 20180406
CrowdStrike Falcon (ML) 20170201
Cybereason 20180225
Cylance 20180406
Cyren 20180406
DrWeb 20180406
eGambit 20180406
Emsisoft 20180406
Endgame 20180403
ESET-NOD32 20180406
F-Prot 20180406
F-Secure 20180406
Fortinet 20180406
GData 20180406
Ikarus 20180405
Sophos ML 20180121
Jiangmin 20180405
K7AntiVirus 20180404
K7GW 20180406
Kaspersky 20180406
Kingsoft 20180406
Malwarebytes 20180406
MAX 20180406
McAfee 20180405
McAfee-GW-Edition 20180406
Microsoft 20180405
eScan 20180406
NANO-Antivirus 20180405
nProtect 20180406
Palo Alto Networks (Known Signatures) 20180406
Panda 20180405
Qihoo-360 20180406
Rising 20180406
SentinelOne (Static ML) 20180225
Sophos AV 20180406
SUPERAntiSpyware 20180405
Symantec 20180405
Symantec Mobile Insight 20180401
Tencent 20180406
TheHacker 20180404
TrendMicro 20180405
TrendMicro-HouseCall 20180406
Trustlook 20180406
VBA32 20180405
VIPRE 20180406
ViRobot 20180405
WhiteArmor 20180405
Yandex 20180405
Zillya 20180405
ZoneAlarm by Check Point 20180405
Zoner 20180405
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2016 Corel Corporation. All rights reserved.

Product Corel PaintShop Pro
Internal name SampleStubInstaller.exe
File version 20.0.0.1
Description Corel PaintShop Pro Installer
Signature verification Signed file, verified signature
Signing date 9:06 AM 11/14/2017
Signers
[+] Corel Corporation
Status Valid
Issuer Symantec Class 3 SHA256 Code Signing CA
Valid from 1:00 AM 4/19/2016
Valid to 12:59 AM 5/23/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 55DAAE5131F2066E44C3947AABA2C4E6A512AE15
Serial number 24 A1 BD 17 60 51 FF 86 4D 01 88 12 F9 F2 30 4C
[+] Symantec Class 3 SHA256 Code Signing CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 12/10/2013
Valid to 12:59 AM 12/10/2023
Valid usage Client Auth, Code Signing
Algorithm sha256RSA
Thumbprint 007790F6561DAD89B0BCD85585762495E358F8A5
Serial number 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT appended, UTF-8, ZIP
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-11-14 07:17:45
Entry Point 0x0004C9E7
Number of sections 5
PE sections
Overlays
MD5 ad2293fdcbd485ee54d5eef10583cc71
File type application/zip
Offset 655872
Size 5443640
Entropy 8.00
PE imports
RegCreateKeyExW
RegEnumValueW
CryptReleaseContext
RegCloseKey
OpenProcessToken
RegSetValueExW
RegDeleteValueW
CryptGetHashParam
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
CryptAcquireContextW
AdjustTokenPrivileges
LookupPrivilegeValueW
CryptHashData
RegQueryInfoKeyW
CryptDestroyHash
CryptCreateHash
GetStdHandle
GetDriveTypeW
FileTimeToSystemTime
WaitForSingleObject
EncodePointer
GetFileAttributesW
GetExitCodeProcess
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
GetVolumeInformationW
GetFileInformationByHandle
GetLocaleInfoW
SetStdHandle
GetCPInfo
InterlockedExchange
GetTempPathW
GetTimeZoneInformation
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
InitializeCriticalSection
OutputDebugStringW
FindClose
InterlockedDecrement
GetFullPathNameW
QueueUserWorkItem
SetLastError
GetUserDefaultUILanguage
GetSystemTime
DeviceIoControl
TlsGetValue
CopyFileW
RemoveDirectoryW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
LoadLibraryExA
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
CreateThread
MoveFileExW
GetSystemDirectoryW
SetUnhandledExceptionFilter
CreateMutexW
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
TerminateProcess
GetModuleHandleExW
GetDiskFreeSpaceExW
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
PeekNamedPipe
LoadLibraryW
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
EnumSystemLocalesW
RtlUnwind
GetFileSize
OpenProcess
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GetTimeFormatW
GetFileSizeEx
GetModuleFileNameW
FreeEnvironmentStringsW
FindNextFileW
FindFirstFileW
IsValidLocale
FindFirstFileExW
GetUserDefaultLCID
ReadConsoleW
CreateEventW
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
CompareStringW
GetEnvironmentStringsW
GetUserGeoID
FileTimeToLocalFileTime
GetCurrentDirectoryW
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetLongPathNameW
IsValidCodePage
WriteFile
CreateProcessW
Sleep
GetOEMCP
UuidToStringW
RpcStringFreeW
Number of PE resources by type
RT_ICON 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 7
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

InitializedDataSize
208896

ImageVersion
0.0

ProductName
Corel PaintShop Pro

FileVersionNumber
1.0.7.1

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
11.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
20.0.0.1

TimeStamp
2017:11:14 08:17:45+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
SampleStubInstaller.exe

ProductVersion
20.0.0.1

FileDescription
Corel PaintShop Pro Installer

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) 2016 Corel Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Corel Corporation

CodeSize
454656

FileSubtype
0

ProductVersionNumber
1.0.7.1

EntryPoint
0x4c9e7

ObjectFileType
Executable application

Execution parents
File identification
MD5 82570bf97cb9e1ea2ac4c653a1509a29
SHA1 2decbf3ec7cd31e35ab968adead97d656ff2494c
SHA256 d6ead2a971712c5dbf289fe8e83d27c0afb0a2d19c4c54106ade144f0347ecaf
ssdeep
98304:xc3Q+cMQGXofQGXozMZrY5MZrYS1kB1kPi9faQGi9faQs3IZFOJOu3IZFOJOatiz:xc3Q+tnlBUIZFOJ5IZFOJDtiz

authentihash a75010ff41d5175a77fa8a0c16da8be44780836a3daf9eaeaaac895f096c9fae
imphash 31b17aebfd083aa827469750a98a4896
File size 5.8 MB ( 6099512 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2017-11-27 00:49:20 UTC ( 1 year, 2 months ago )
Last submission 2018-04-06 02:37:21 UTC ( 10 months, 2 weeks ago )
File names PSP2018Installer(1).exe
D6EAD2A971712C5DBF289FE8E83D27C0AFB0A2D19C4C54106ADE144F0347ECAF.exe
PSP2018Installer.exe
SampleStubInstaller.exe
PaintShopPro018Installer.exe
1028021
D6EAD2A971712C5DBF289FE8E83D27C0AFB0A2D19C4C54106ADE144F0347ECAF.exe
D6EAD2A971712C5DBF289FE8E83D27C0AFB0A2D19C4C54106ADE144F0347ECAF.exe
D6EAD2A971712C5DBF289FE8E83D27C0AFB0A2D19C4C54106ADE144F0347ECAF
flareFile
D6EAD2A971712C5DBF289FE8E83D27C0AFB0A2D19C4C54106ADE144F0347ECAF.exe
PSP2018Installer(2).exe
PSP2018Installer.exe
D6EAD2A971712C5DBF289FE8E83D27C0AFB0A2D19C4C54106ADE144F0347ECAF.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications