× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d7be6b3e8ad8a5fc76f54f882c5c7ed7ea686811b504a933410b50788240268c
File name: OperaMail_Rus_Setup.exe
Detection ratio: 0 / 68
Analysis date: 2018-11-25 10:58:08 UTC ( 1 month, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware 20181125
AegisLab 20181125
AhnLab-V3 20181125
Alibaba 20180921
ALYac 20181125
Antiy-AVL 20181125
Arcabit 20181125
Avast 20181125
Avast-Mobile 20181125
AVG 20181125
Avira (no cloud) 20181125
Babable 20180918
Baidu 20181123
BitDefender 20181125
Bkav 20181123
CAT-QuickHeal 20181124
ClamAV 20181125
CMC 20181124
Comodo 20181125
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181125
Cyren 20181125
DrWeb 20181125
eGambit 20181125
Emsisoft 20181125
Endgame 20181108
ESET-NOD32 20181125
F-Prot 20181125
F-Secure 20181125
Fortinet 20181125
GData 20181125
Ikarus 20181125
Sophos ML 20181108
Jiangmin 20181125
K7AntiVirus 20181125
K7GW 20181125
Kaspersky 20181125
Kingsoft 20181125
Malwarebytes 20181125
MAX 20181125
McAfee 20181125
McAfee-GW-Edition 20181125
Microsoft 20181125
eScan 20181125
NANO-Antivirus 20181125
Palo Alto Networks (Known Signatures) 20181125
Panda 20181125
Qihoo-360 20181125
Rising 20181125
SentinelOne (Static ML) 20181011
Sophos AV 20181125
SUPERAntiSpyware 20181121
Symantec 20181124
Symantec Mobile Insight 20181121
TACHYON 20181125
Tencent 20181125
TheHacker 20181118
Trapmine 20180918
TrendMicro 20181125
TrendMicro-HouseCall 20181125
Trustlook 20181125
VBA32 20181123
ViRobot 20181124
Webroot 20181125
Yandex 20181123
Zillya 20181123
ZoneAlarm by Check Point 20181125
Zoner 20181125
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (c) 1999-2008 Opera Software ASA

Product Opera
Original name Opera.exe
Internal name 7ZSfxNew
Description 7z Setup SFX
Signature verification Signed file, verified signature
Signing date 1:04 PM 2/3/2016
Signers
[+] Opera Software ASA
Status Valid
Issuer DigiCert EV Code Signing CA (SHA2)
Valid from 1:00 AM 1/25/2016
Valid to 1:00 PM 1/29/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint E20BBC7F8D5C46740E35DB701BD1AEA97DFFFA71
Serial number 05 10 E0 3C D7 B8 B7 1E 2E 2D B1 66 79 B0 95 95
[+] DigiCert EV Code Signing CA (SHA2)
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 1:00 PM 4/18/2012
Valid to 1:00 PM 4/18/2027
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 60EE3FC53D4BDFD1697AE5BEAE1CAB1C0F3AD4E3
Serial number 03 F1 B4 E1 5F 3A 82 F1 14 96 78 B3 D7 D8 47 5C
[+] DigiCert
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
Serial number 02 AC 5C 26 6A 0B 40 9B 8F 0B 79 F2 AE 46 25 77
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT maxorder, appended, 7Z, UTF-8
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-07-22 02:33:09
Entry Point 0x00011DE6
Number of sections 4
PE sections
Overlays
MD5 9cdc13fce910e53db1aedf73aa705668
File type data
Offset 536576
Size 11682304
Entropy 8.00
PE imports
GetDeviceCaps
SelectObject
DeleteObject
GetObjectW
CreateFontIndirectW
GetUserDefaultUILanguage
GetLastError
InitializeCriticalSection
GetStdHandle
GetDriveTypeW
ReadFile
LoadLibraryA
lstrlenA
RemoveDirectoryW
WaitForSingleObject
GetVersionExW
GetOEMCP
SystemTimeToFileTime
GetFileAttributesW
lstrlenW
GetLocalTime
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CompareFileTime
GetFileSize
SetFileTime
GetCommandLineW
CreateThread
MultiByteToWideChar
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
TerminateThread
lstrcmpW
SuspendThread
GetModuleFileNameW
SetFilePointer
lstrcpyW
SetFileAttributesW
WideCharToMultiByte
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetSystemDirectoryW
FindNextFileW
WriteFile
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
FindFirstFileW
GetACP
WaitForMultipleObjects
GetModuleHandleW
SetEvent
LocalFree
FormatMessageW
ResumeThread
CreateEventW
GetExitCodeThread
ResetEvent
lstrcmpiW
SetCurrentDirectoryW
GetTempPathW
CreateFileW
VirtualFree
FindClose
Sleep
SetEndOfFile
GetProcAddress
VirtualAlloc
GetModuleHandleA
MulDiv
_purecall
__p__fmode
malloc
__CxxFrameHandler
??1type_info@@UAE@XZ
memset
_wcsnicmp
__dllonexit
_controlfp
_except_handler3
??2@YAPAXI@Z
_onexit
_wtol
exit
_XcptFilter
memcmp
__setusermatherr
_adjust_fdiv
_acmdln
_CxxThrowException
__p__commode
??3@YAXPAX@Z
free
__getmainargs
_initterm
memmove
memcpy
_beginthreadex
_exit
__set_app_type
VariantClear
SysAllocString
SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW
SHGetSpecialFolderPathW
SHGetMalloc
SetFocus
GetParent
EndDialog
SystemParametersInfoW
DefWindowProcW
KillTimer
ShowWindow
MessageBeep
SetWindowPos
wvsprintfW
GetSystemMetrics
SetWindowLongW
GetWindowRect
ScreenToClient
CharUpperW
MessageBoxA
LoadIconW
GetWindowDC
GetWindow
SetDlgItemTextW
GetDC
GetKeyState
ReleaseDC
SendMessageW
wsprintfW
DrawIconEx
GetClientRect
GetDlgItem
DrawTextW
LoadImageW
EnableMenuItem
ClientToScreen
wsprintfA
SetTimer
CallWindowProcW
DialogBoxIndirectParamW
SetWindowTextW
GetWindowTextW
GetSystemMenu
GetWindowTextLengthW
GetWindowLongW
CoCreateInstance
CoInitialize
Number of PE resources by type
RT_ICON 11
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 14
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
7z Setup SFX

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
462336

EntryPoint
0x11de6

OriginalFileName
Opera.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 1999-2008 Opera Software ASA

TimeStamp
2007:07:22 03:33:09+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
7ZSfxNew

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Opera Software ASA

CodeSize
74752

ProductName
Opera

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 bb0e401ebb5ada0003c5f9c21a5bbddc
SHA1 a57336113278d1c5883fc24a157c42bc6d6c9d2d
SHA256 d7be6b3e8ad8a5fc76f54f882c5c7ed7ea686811b504a933410b50788240268c
ssdeep
196608:+ukh3gHIOEVN4+PPN73wl3SW3JOGCvH4yy53kRuRsmfj2G5XoOYKDvJ1PKo:+DLHB5WCuJO/Hy9kniaMLzDvJ1PT

authentihash 96a40517c223d2f60ad0f8065f1daaef339fed3194143e6ecbde10ae99b36de3
imphash 0c40996f6e1e5f2a82b51e9950881bf1
File size 11.7 MB ( 12218880 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2016-02-15 19:47:09 UTC ( 2 years, 11 months ago )
Last submission 2019-01-05 22:52:49 UTC ( 1 week, 4 days ago )
File names Opera-Mail-1.0-1044.i386.exe
Opera-Mail-1.0-1044.i386.exe
Opera-Mail-1.0-1044.i386.exe
Opera-Mail-1.0-1044.i386.exe
Opera-Mail-1.0-1044.i386(1).exe
OperaMail_Rus_Setup.exe
opera-mail-1.0-1044.i386.exe
7ZSfxNew
Opera Mail 1.0-1044.i386.exe
Opera-Mail-1.0-1044.i386.exe
Opera-Mail-1.0-1044.i386.exe
Opera-Mail-1.0-1044.i386 (1).exe
Opera.exe
Opera-Mail-1.0-1044.i386.exe
opera_mail_1.0.1044.exe
Opera-Mail-1.0-1044.i386.exe
myfile.exe
90563db7973dadbe6754.exe
Opera-Mail-1.0-1044.i386.exe
Opera-Mail-1.0-1044.i386.exe
Opera-Mail-1.0-1044.i386.exe
opera-mail_1-0-1044_fr_429825.exe
0da1c947974a3ad47e9a.exe
D7BE6B3E8AD8A5FC76F54F882C5C7ED7EA686811B504A933410B50788240268C.exe
Opera-Mail-1.0-1044.i386.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs
UDP communications