× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d9ced3c408885abb35d070a52f796fa31c80af4785cbf693133745c727361281
File name: Setup.exe
Detection ratio: 7 / 48
Analysis date: 2013-12-06 15:44:36 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
Avast Win32:Installer-AH [PUP] 20131206
Comodo Application.Win32.DomaIQ.JIK 20131206
DrWeb Trojan.PayInt.2 20131206
ESET-NOD32 a variant of Win32/DomaIQ.AN 20131206
Malwarebytes PUP.Optional.Domalq 20131206
Sophos DomainIQ pay-per install 20131206
VIPRE DomaIQ (fs) 20131206
AVG 20131206
Ad-Aware 20131206
Agnitum 20131205
AhnLab-V3 20131206
AntiVir 20131206
Antiy-AVL 20131206
Baidu-International 20131206
BitDefender 20131206
Bkav 20131206
ByteHero 20131127
CAT-QuickHeal 20131206
ClamAV 20131206
Commtouch 20131206
Emsisoft 20131206
F-Prot 20131206
F-Secure 20131206
Fortinet 20131206
GData 20131206
Ikarus 20131206
Jiangmin 20131206
K7AntiVirus 20131206
K7GW 20131206
Kaspersky 20131206
Kingsoft 20130829
McAfee 20131206
McAfee-GW-Edition 20131206
MicroWorld-eScan 20131206
Microsoft 20131206
NANO-Antivirus 20131206
Norman 20131206
Panda 20131206
Rising 20131206
SUPERAntiSpyware 20131206
Symantec 20131206
TheHacker 20131204
TotalDefense 20131205
TrendMicro 20131206
TrendMicro-HouseCall 20131206
VBA32 20131206
ViRobot 20131206
nProtect 20131206
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Publisher Payments Interactive SL
Signature verification Signed file, verified signature
Signing date 6:22 PM 12/22/2013
Signers
[+] Payments Interactive SL
Status Valid
Valid from 1:00 AM 10/15/2013
Valid to 1:00 PM 12/19/2014
Valid usage Code Signing
Algorithm SHA1
Thumbprint 287B7FB20F7ECD211092A81E20837E971D35FD1F
Serial number 06 0C E3 45 6F DD B3 F9 8D A9 ED A1 B8 76 84 2F
[+] DigiCert Assured ID Code Signing CA-1
Status Valid
Valid from 1:00 PM 2/11/2011
Valid to 1:00 PM 2/10/2026
Valid usage Code Signing
Algorithm SHA1
Thumbprint 409AA4A74A0CDA7C0FEE6BD0BB8823D16B5F1875
Serial number 0F A8 49 06 15 D7 00 A0 BE 21 76 FD C5 EC 6D BD
[+] DigiCert
Status Valid
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm SHA1
Thumbprint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-12-05 18:22:12
Entry Point 0x0000D171
Number of sections 5
PE sections
PE imports
SetMapMode
SaveDC
TextOutA
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
DeleteObject
SetTextColor
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
ExtTextOutA
PtVisible
ScaleViewportExtEx
SelectObject
SetWindowExtEx
Escape
SetBkColor
SetViewportExtEx
GetStdHandle
GetConsoleOutputCP
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
InitializeCriticalSection
LoadResource
GlobalHandle
TlsGetValue
FormatMessageA
SetLastError
IsDebuggerPresent
ExitProcess
FlushFileBuffers
GetModuleFileNameA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointer
GlobalAddAtomA
SetUnhandledExceptionFilter
TerminateProcess
WriteConsoleA
GlobalAlloc
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
LCMapStringW
CreateDirectoryA
GetProcAddress
GlobalReAlloc
lstrcmpA
CompareStringA
CreateFileMappingA
lstrcmpW
GlobalLock
GlobalFindAtomA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
LocalReAlloc
GlobalDeleteAtom
UnmapViewOfFile
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GlobalGetAtomNameA
GetEnvironmentStringsW
GlobalUnlock
GetEnvironmentStrings
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
MapViewOfFile
TlsFree
GetModuleHandleA
GlobalFlags
CloseHandle
GetACP
CopyFileA
GetModuleHandleW
SizeofResource
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
CreateStdAccessibleObject
LresultFromObject
Ord(12)
Ord(8)
Ord(9)
ShellExecuteExA
MapWindowPoints
GetDlgCtrlID
GetForegroundWindow
GetParent
EnableWindow
SystemParametersInfoA
SetPropA
SetMenuItemBitmaps
PostQuitMessage
UnhookWindowsHookEx
GetCapture
GetClassInfoExA
DestroyMenu
RegisterWindowMessageA
DefWindowProcA
GetMessagePos
IsWindowEnabled
GetPropA
LoadBitmapA
DrawTextExA
GetWindowThreadProcessId
GetMenuState
GetSystemMetrics
IsIconic
IsWindow
GetWindowRect
DispatchMessageA
ClientToScreen
SetMenu
PostMessageA
GrayStringA
MessageBoxA
PeekMessageA
SetWindowPos
AdjustWindowRectEx
GetMessageTime
GetWindow
GetSysColor
GetMenuItemID
SetWindowLongA
DrawTextA
RemovePropA
GetClassInfoA
CheckMenuItem
GetMenu
GetWindowLongA
GetLastActivePopup
PtInRect
GetWindowPlacement
SendMessageA
GetWindowTextA
GetClientRect
GetDlgItem
GetMenuCheckMarkDimensions
WinHelpA
EnableMenuItem
RegisterClassA
GetClassLongA
CallNextHookEx
TabbedTextOutA
GetSubMenu
CreateWindowExA
LoadCursorA
LoadIconA
SetWindowsHookExA
SetWindowTextA
GetTopWindow
GetSysColorBrush
CopyRect
ValidateRect
CallWindowProcA
GetClassNameA
GetFocus
GetDC
ReleaseDC
GetMenuItemCount
SetForegroundWindow
ModifyMenuA
GetKeyState
DestroyWindow
OpenPrinterA
DocumentPropertiesA
ClosePrinter
Number of PE resources by type
RT_ICON 3
FILE 3
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
SPANISH MODERN 7
ENGLISH US 1
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:12:05 19:22:12+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
114688

LinkerVersion
9.0

FileAccessDate
2013:12:22 18:21:06+01:00

EntryPoint
0xd171

InitializedDataSize
336384

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

FileCreateDate
2013:12:22 18:21:06+01:00

UninitializedDataSize
0

File identification
MD5 7227e4202d33c0cd8a5764c792179b57
SHA1 a7d7fab422d3d59689a486b2a1e859caf8f9ff0c
SHA256 d9ced3c408885abb35d070a52f796fa31c80af4785cbf693133745c727361281
ssdeep
12288:lK7a7KUexh62phxB7wyxGV6Z/4N49cCrN+:9Be9tfGV6N4N4SQY

File size 447.5 KB ( 458264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe signed via-tor

VirusTotal metadata
First submission 2013-12-06 15:44:36 UTC ( 1 year, 5 months ago )
Last submission 2013-12-06 15:44:36 UTC ( 1 year, 5 months ago )
File names Setup.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!