× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dae55437bec57a991a410a0d30d461431bbc4a60b658c94317acb19879d05287
File name: Moo0 SystemMonitor v1.76 Installer.exe
Detection ratio: 0 / 51
Analysis date: 2014-04-11 18:48:37 UTC ( 4 days, 21 hours ago )
Antivirus Result Update
AVG 20140411
Ad-Aware 20140411
AegisLab 20140411
Agnitum 20140411
AhnLab-V3 20140411
AntiVir 20140411
Antiy-AVL 20140411
Avast 20140411
Baidu-International 20140411
BitDefender 20140411
Bkav 20140411
ByteHero 20140411
CAT-QuickHeal 20140411
CMC 20140411
ClamAV 20140411
Commtouch 20140411
Comodo 20140411
DrWeb 20140411
ESET-NOD32 20140411
Emsisoft 20140411
F-Prot 20140411
F-Secure 20140411
Fortinet 20140411
GData 20140411
Ikarus 20140411
Jiangmin 20140411
K7AntiVirus 20140411
K7GW 20140411
Kaspersky 20140411
Kingsoft 20140411
Malwarebytes 20140411
McAfee 20140411
McAfee-GW-Edition 20140411
MicroWorld-eScan 20140411
Microsoft 20140411
NANO-Antivirus 20140411
Norman 20140411
Panda 20140411
Qihoo-360 20140411
Rising 20140411
SUPERAntiSpyware 20140411
Sophos 20140411
Symantec 20140411
TheHacker 20140410
TotalDefense 20140411
TrendMicro 20140411
TrendMicro-HouseCall 20140411
VBA32 20140411
VIPRE 20140410
ViRobot 20140411
nProtect 20140411
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
(c) Moo0. All rights reserved.

Publisher Moo0
Product Moo0 Installer
Original name Installer.exe
Internal name Installer.exe
File version 1.0.0.0
Description Moo0 Installer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-10-18 16:06:19
Link date 5:06 PM 10/18/2013
Entry Point 0x000C439C
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
GetSidSubAuthorityCount
GetSidSubAuthority
RegCloseKey
OpenProcessToken
RegSetValueExW
IsValidSid
GetSidIdentifierAuthority
GetUserNameW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueExW
RegQueryValueW
RegOpenKeyW
InitCommonControlsEx
GetFileTitleW
GetDIBColorTable
GetWindowExtEx
SetMapMode
TextOutW
CreateFontIndirectW
GetClipBox
GetRgnBox
SaveDC
GetPaletteEntries
CreateRectRgnIndirect
SetStretchBltMode
GetDeviceCaps
ExcludeClipRect
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetBkMode
CreateBitmap
StretchBlt
EndDoc
CreateSolidBrush
StartPage
DeleteObject
GetObjectW
CreateDCW
CreateDIBSection
SetTextColor
DPtoLP
GetCurrentObject
RectVisible
ExtTextOutW
GetTextExtentPoint32W
BitBlt
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
GetViewportExtEx
PtVisible
ExtSelectClipRgn
CreateCompatibleDC
StartDocW
ScaleViewportExtEx
EndPage
SelectObject
GetMapMode
SetDIBColorTable
SetWindowExtEx
GetTextColor
GetStretchBltMode
SetViewportExtEx
Escape
SetBkColor
GetBkColor
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
FileTimeToSystemTime
WaitForSingleObject
GetDriveTypeA
HeapDestroy
GetFileAttributesW
DuplicateHandle
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetCurrentDirectoryA
GetConsoleMode
GetLocaleInfoA
LocalAlloc
UnhandledExceptionFilter
SetErrorMode
FreeEnvironmentStringsW
GetLocaleInfoW
EnumResourceLanguagesW
GetFileTime
WideCharToMultiByte
GetStringTypeA
GetDiskFreeSpaceW
InterlockedExchange
FindResourceExW
GetProfileIntW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
ResumeThread
FreeLibrary
LocalFree
FormatMessageW
GetThreadPriority
BeginUpdateResourceW
LoadResource
GlobalHandle
FindClose
InterlockedDecrement
SetFileAttributesW
WritePrivateProfileStringW
SetLastError
GetUserDefaultUILanguage
InitializeCriticalSection
CopyFileW
UpdateResourceW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
SetProcessWorkingSetSize
SetThreadPriority
GetVolumeInformationW
TlsGetValue
MultiByteToWideChar
SetFilePointerEx
CreateEventW
GetFullPathNameW
GlobalAddAtomW
CreateThread
MoveFileExW
SetUnhandledExceptionFilter
ConvertDefaultLocale
MulDiv
GetFileInformationByHandle
ExitThread
SetEnvironmentVariableA
SetPriorityClass
TerminateProcess
WriteConsoleA
GetVersion
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
GetModuleHandleA
CreateToolhelp32Snapshot
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
LoadLibraryW
EndUpdateResourceW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GlobalFindAtomW
GetStartupInfoA
UnlockFile
GetFileSize
LCMapStringW
OpenProcess
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GetTempFileNameW
EnumResourceNamesW
CompareStringW
lstrcpyW
GlobalReAlloc
RemoveDirectoryW
ExpandEnvironmentStringsW
lstrcmpA
FindNextFileW
ResetEvent
FindFirstFileW
lstrcmpW
WaitForMultipleObjects
GlobalLock
SetEvent
GetTempPathW
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
GlobalDeleteAtom
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
FindResourceW
LCMapStringA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
LockFile
lstrlenW
Process32NextW
GetCPInfoExW
SizeofResource
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
Process32FirstW
GetCurrentThread
EnumSystemCodePagesW
SuspendThread
GetSystemDefaultLangID
RaiseException
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
EnumResourceTypesW
GetACP
GetModuleHandleW
FreeResource
FileTimeToLocalFileTime
SetStdHandle
GetEnvironmentStrings
IsValidCodePage
HeapCreate
WriteFile
VirtualQuery
VirtualFree
Sleep
WriteConsoleW
VirtualAlloc
CompareStringA
OleCreateFontIndirect
VariantTimeToSystemTime
SysStringLen
SystemTimeToVariantTime
SysAllocStringLen
VariantChangeType
VariantClear
SysAllocString
SafeArrayDestroy
VariantCopy
SysFreeString
VariantInit
DragQueryFileW
Ord(716)
DragFinish
Ord(155)
Ord(190)
Shell_NotifyIconW
SHGetPathFromIDListW
DragAcceptFiles
SHChangeNotify
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
SHGetDesktopFolder
SHFileOperationW
Ord(162)
SHGetMalloc
SHBrowseForFolderW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
StrFormatByteSizeW
PathFindFileNameW
RedrawWindow
GetForegroundWindow
SetWindowRgn
GetMenuInfo
UnregisterHotKey
SetMenuItemBitmaps
LoadBitmapW
DestroyMenu
PostQuitMessage
GetMessagePos
SetWindowPos
SetScrollPos
IsWindow
GrayStringW
EndPaint
WindowFromPoint
GetMessageTime
SetActiveWindow
DispatchMessageW
GetCursorPos
MapDialogRect
GetDlgCtrlID
GetMenu
UnregisterClassA
UnregisterClassW
GetClassInfoW
DrawTextW
GetNextDlgTabItem
CallNextHookEx
GetClientRect
ClientToScreen
GetActiveWindow
RegisterHotKey
GetWindowTextW
CopyAcceleratorTableW
GetWindowTextLengthW
GetTopWindow
InvalidateRgn
PtInRect
GetClassInfoExW
UpdateWindow
GetPropW
EqualRect
GetMessageW
ShowWindow
GetNextDlgGroupItem
SetPropW
ValidateRect
PeekMessageW
CreateIconFromResource
EnableWindow
CharUpperW
TranslateMessage
IsWindowEnabled
GetWindow
CreateCursor
CreateIconFromResourceEx
GetIconInfo
RegisterClassW
IsZoomed
GetWindowPlacement
DestroyWindow
DrawMenuBar
EnableMenuItem
GetSubMenu
GetScrollRange
SetTimer
IsDialogMessageW
CopyRect
GetSysColorBrush
CreateWindowExW
TabbedTextOutW
GetWindowLongW
CharNextW
IsChild
MapWindowPoints
RegisterWindowMessageW
GetMonitorInfoW
IsIconic
BeginPaint
OffsetRect
DefWindowProcW
GetScrollPos
KillTimer
SetClipboardViewer
GetParent
SendDlgItemMessageA
GetSystemMetrics
SetWindowLongW
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
DrawTextExW
SendDlgItemMessageW
PostMessageW
InvalidateRect
CheckMenuItem
GetClassLongW
GetLastActivePopup
DrawIconEx
SetWindowTextW
GetDlgItem
GetMenuCheckMarkDimensions
ScreenToClient
PostThreadMessageW
GetMenuItemCount
GetMenuState
SetWindowsHookExW
LoadCursorW
LoadIconW
GetMenuItemID
SetForegroundWindow
GetAsyncKeyState
CreateDialogIndirectParamW
ReleaseDC
IntersectRect
EndDialog
SetWindowContextHelpId
GetCapture
MessageBeep
SetFocus
GetWindowThreadProcessId
MessageBoxW
SendMessageW
RegisterClassExW
UnhookWindowsHookEx
MoveWindow
GetWindowDC
ChangeClipboardChain
AdjustWindowRectEx
GetSysColor
RegisterClipboardFormatW
GetKeyState
SystemParametersInfoA
DestroyIcon
EnumDisplayMonitors
IsWindowVisible
WinHelpW
GetDesktopWindow
SystemParametersInfoW
GetDC
SetRect
MonitorFromRect
CallWindowProcW
GetClassNameW
ModifyMenuW
IsRectEmpty
GetFocus
wsprintfW
SetCursor
SetMenu
RemovePropW
HttpQueryInfoW
InternetConnectW
InternetReadFile
InternetCloseHandle
HttpSendRequestW
InternetGetConnectedState
InternetOpenW
HttpOpenRequestW
ClosePrinter
DocumentPropertiesW
OpenPrinterW
OleUninitialize
CoUninitialize
StgOpenStorageOnILockBytes
CoFreeUnusedLibraries
OleFlushClipboard
RegisterDragDrop
RevokeDragDrop
CoRegisterMessageFilter
OleGetClipboard
StgCreateDocfileOnILockBytes
CLSIDFromString
CreateILockBytesOnHGlobal
CoGetClassObject
CoInitialize
OleInitialize
CoLockObjectExternal
CoCreateInstance
CoTaskMemAlloc
CoRevokeClassObject
CLSIDFromProgID
CoInitializeSecurity
OleIsCurrentClipboard
CoTaskMemFree
OleUIBusyW
URLDownloadToCacheFileW
URLDownloadToFileW
Number of PE resources by type
RT_CURSOR 16
RT_GROUP_CURSOR 15
RT_STRING 13
RT_ICON 12
IDR_ZIP 4
RT_DIALOG 2
RT_BITMAP 2
RT_MANIFEST 1
RT_VERSION 1
IDR_XML 1
RT_GROUP_ICON 1
Number of PE resources by language
JAPANESE DEFAULT 49
ENGLISH US 19
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
2920448

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
(c) Moo0. All rights reserved.

FileVersion
1.0.0.0

TimeStamp
2013:10:18 17:06:19+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Installer.exe

FileAccessDate
2014:04:11 19:47:32+01:00

ProductVersion
1.0.0.0

FileDescription
Moo0 Installer

OSVersion
4.0

FileCreateDate
2014:04:11 19:47:32+01:00

OriginalFilename
Installer.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Moo0

CodeSize
1126400

ProductName
Moo0 Installer

ProductVersionNumber
1.0.0.0

EntryPoint
0xc439c

ObjectFileType
Executable application

File identification
MD5 781467201278b17a28d041c47aed4936
SHA1 6397302a28e72b113d5b208b716205683fd93962
SHA256 dae55437bec57a991a410a0d30d461431bbc4a60b658c94317acb19879d05287
ssdeep
98304:jtKMb9eIxC8xXQjX5PD8iDqw798WIoNUWpqYxYFr18t0GS:jcMh9xCAXQj9D8ChxlqYxYboW

imphash b9c96a8434df46149bee33a6d2c11289
File size 3.9 MB ( 4050944 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (48.1%)
Win32 Executable MS Visual C++ (generic) (34.9%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Generic Win/DOS Executable (2.2%)
Tags
peexe

VirusTotal metadata
First submission 2013-10-21 10:57:00 UTC ( 5 months, 3 weeks ago )
Last submission 2014-04-11 18:48:37 UTC ( 4 days, 21 hours ago )
File names Moo0 SystemMonitor v1.76 Installer.exe
Installer.exe
moo0 systemmonitor v1.76 installer.exe
Moo0%20SystemMonitor%20v1.76%20Installer.exe
Moo0 System Monitor 1.76.exe
Moo0 SystemMonitor v1.76 Installer.exe
Moo0 SystemMonitor v1.76 Installer.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
screen-capture

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications