× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: daaf7d90e47b41e311f39529dd2e9ce0744e522ea75e2ad15ed31ae26db24da5
File name: CerberusInstall.exe
Detection ratio: 1 / 67
Analysis date: 2017-12-22 15:03:17 UTC ( 6 months ago ) View latest
Antivirus Result Update
Zillya Trojan.AgentCRTD.Win32.6529 20171222
Ad-Aware 20171222
AegisLab 20171222
AhnLab-V3 20171222
Alibaba 20171222
ALYac 20171222
Antiy-AVL 20171222
Arcabit 20171222
Avast 20171222
Avast-Mobile 20171222
AVG 20171222
Avira (no cloud) 20171222
AVware 20171222
Baidu 20171222
BitDefender 20171222
Bkav 20171222
CAT-QuickHeal 20171222
ClamAV 20171222
CMC 20171222
Comodo 20171222
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20171222
Cyren 20171222
DrWeb 20171222
eGambit 20171222
Emsisoft 20171222
Endgame 20171130
ESET-NOD32 20171222
F-Prot 20171222
F-Secure 20171222
Fortinet 20171222
GData 20171222
Ikarus 20171222
Sophos ML 20170914
Jiangmin 20171221
K7AntiVirus 20171222
K7GW 20171222
Kaspersky 20171222
Kingsoft 20171222
Malwarebytes 20171222
MAX 20171222
McAfee 20171222
McAfee-GW-Edition 20171222
Microsoft 20171222
eScan 20171222
NANO-Antivirus 20171222
nProtect 20171222
Palo Alto Networks (Known Signatures) 20171222
Panda 20171222
Qihoo-360 20171222
Rising 20171222
SentinelOne (Static ML) 20171207
Sophos AV 20171222
SUPERAntiSpyware 20171222
Symantec 20171222
Symantec Mobile Insight 20171222
Tencent 20171222
TheHacker 20171219
TrendMicro 20171222
TrendMicro-HouseCall 20171222
Trustlook 20171222
VBA32 20171222
VIPRE 20171222
ViRobot 20171222
Webroot 20171222
WhiteArmor 20171204
Yandex 20171221
ZoneAlarm by Check Point 20171222
Zoner 20171222
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2017 Cerberus LLC

Product Cerberus FTP Server
Original name CerberusInstall.exe
Internal name CerberusInstall
File version 9.0.13
Description This installer database contains the logic and data required to install Cerberus FTP Server.
Signature verification Signed file, verified signature
Signing date 11:44 AM 12/21/2017
Signers
[+] Cerberus, LLC
Status Valid
Issuer Symantec Class 3 SHA256 Code Signing CA
Valid from 1:00 AM 2/11/2015
Valid to 12:59 AM 5/13/2018
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 1D4A6A95E150125870455914F023B7973F26B00D
Serial number 55 A9 E0 8D FA 6B 07 E9 37 FE 6D 8B 42 9B C3 48
[+] Symantec Class 3 SHA256 Code Signing CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 12/10/2013
Valid to 12:59 AM 12/10/2023
Valid usage Client Auth, Code Signing
Algorithm sha256RSA
Thumbprint 007790F6561DAD89B0BCD85585762495E358F8A5
Serial number 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-12-06 13:04:18
Entry Point 0x000DA467
Number of sections 5
PE sections
Overlays
MD5 74dc8f86feb2edb53f8dc756e7ca28e7
File type application/x-ms-dos-executable
Offset 1728000
Size 22230432
Entropy 8.00
PE imports
GetStdHandle
GetDriveTypeW
FileTimeToSystemTime
WaitForSingleObject
HeapDestroy
GetPrivateProfileSectionNamesW
GetFileAttributesW
GetExitCodeProcess
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
EnumSystemLocalesW
FreeEnvironmentStringsW
InitializeSListHead
InterlockedPopEntrySList
GetLocaleInfoW
EnumResourceLanguagesW
GetFileTime
WideCharToMultiByte
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
FormatMessageW
ConnectNamedPipe
InterlockedPushEntrySList
InitializeCriticalSection
LoadResource
GetLogicalDriveStringsW
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
EncodePointer
WritePrivateProfileStringW
GetEnvironmentVariableW
SetLastError
GetSystemTime
TlsGetValue
CopyFileW
GetUserDefaultLangID
OutputDebugStringW
OpenEventW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
LoadLibraryA
QueryPerformanceFrequency
LoadLibraryExA
GetUserDefaultLCID
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetLocalTime
SetFilePointerEx
FlushInstructionCache
GetPrivateProfileStringW
GetFullPathNameW
CreateThread
GetSystemDirectoryW
GetExitCodeThread
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetModuleHandleExW
SetCurrentDirectoryW
VirtualQuery
GetDiskFreeSpaceExW
SetEndOfFile
GetCurrentThreadId
GetProcAddress
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
PeekNamedPipe
TerminateThread
LoadLibraryW
GetVersionExW
SetEvent
QueryPerformanceCounter
SetConsoleTextAttribute
TlsAlloc
VirtualProtect
FlushFileBuffers
lstrcmpiW
RtlUnwind
GetWindowsDirectoryW
GetFileSize
GetStartupInfoW
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
GetConsoleScreenBufferInfo
CreateNamedPipeW
GetProcessHeap
GetTempFileNameW
CompareStringW
RemoveDirectoryW
FindNextFileW
InterlockedIncrement
ResetEvent
FindFirstFileW
IsValidLocale
lstrcmpW
FindFirstFileExW
GlobalLock
ReadConsoleW
GetTempPathW
CreateEventW
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
GetSystemInfo
GlobalFree
GetConsoleCP
FindResourceW
GetEnvironmentStringsW
GlobalUnlock
GlobalAlloc
lstrlenW
Process32NextW
VirtualFree
WaitForSingleObjectEx
SizeofResource
CompareFileTime
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
CopyFileExW
Process32FirstW
GetCurrentThread
lstrcpynW
GetSystemDefaultLangID
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
SetStdHandle
IsValidCodePage
FindResourceExW
CreateProcessW
Sleep
VirtualAlloc
GetOEMCP
Number of PE resources by type
RT_STRING 15
RT_DIALOG 13
RT_BITMAP 6
RT_ICON 5
RTF_FILE 2
RT_MENU 2
IMAGE_FILE 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 48
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
14.12

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
9.0.13.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
530944

EntryPoint
0xda467

OriginalFileName
CerberusInstall.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2017 Cerberus LLC

FileVersion
9.0.13

TimeStamp
2017:12:06 14:04:18+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
CerberusInstall

ProductVersion
9.0.13

FileDescription
This installer database contains the logic and data required to install Cerberus FTP Server.

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Cerberus LLC

CodeSize
1196032

ProductName
Cerberus FTP Server

ProductVersionNumber
9.0.13.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 548f78def2a2094c87f6454822d35ff5
SHA1 777f0b901ed769c840f2126d853fcfa73be80a8b
SHA256 daaf7d90e47b41e311f39529dd2e9ce0744e522ea75e2ad15ed31ae26db24da5
ssdeep
393216:8xlILjaaqiuNIGIvM3olp+dkBSuF2SfUfn6MLw5XUdQbcKLXU9W0Jgqf0vfJ:8xOLjpuNStp+Ty2SfUfn6udocKjUU0Jq

authentihash d6da6f9a83693ce6837203dc4b7e1b143a1f19d05d5f1d981d44e1103ad00302
imphash ac220fb01eeea4ecb84da554526c3e36
File size 22.8 MB ( 23958432 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2017-12-22 15:03:17 UTC ( 6 months ago )
Last submission 2017-12-22 15:03:17 UTC ( 6 months ago )
File names CerberusInstall.exe
CerberusInstall
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!