× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dae63d57e0dd3833a28eca43cf57b355280fd068bec0d5000f5066feebf68dad
File name: itsetup.exe
Detection ratio: 41 / 57
Analysis date: 2015-03-01 05:56:22 UTC ( 4 years, 1 month ago )
Antivirus Result Update
Ad-Aware Trojan.Inject.RA 20150301
AegisLab DR-Inject.Gen 20150301
Yandex Trojan.Injector!OLFnwUCbQEc 20150228
AhnLab-V3 Win-Trojan/CeeInject.1229979 20150228
Antiy-AVL Trojan[:HEUR]/Win32.Unknown 20150301
Avast Win32:Trojan-gen 20150301
AVG Win32/DH{gQ9+UIEHFVGBCYEVHFOBEoET} 20150301
Avira (no cloud) TR/Hijacker.Gen 20150228
AVware Trojan.Win32.Generic!BT 20150228
Baidu-International Trojan.Win32.Inject.alve 20150228
BitDefender Trojan.Inject.RA 20150301
Cyren W32/Trojan.LLJM-5841 20150301
DrWeb Adware.Siggen.1098 20150301
Emsisoft Trojan.Inject.RA (B) 20150301
ESET-NOD32 a variant of Win32/Injector.AMI 20150228
F-Prot W32/TrojanX.EASM 20150301
F-Secure Trojan.Inject.RA 20150301
Fortinet W32/Inject.ALVE!tr 20150301
GData Trojan.Inject.RA 20150301
Ikarus Trojan.Win32.Inject 20150301
K7AntiVirus Trojan ( 001183e51 ) 20150301
K7GW Trojan ( 001183e51 ) 20150301
Kaspersky Trojan.Win32.Inject.alve 20150301
Kingsoft VIRUS_UNKNOWN 20150301
Malwarebytes Adware.DoubleD 20150301
McAfee Artemis!0EC533A29E86 20150301
McAfee-GW-Edition Artemis!Trojan 20150301
Microsoft Trojan:Win32/Lodap!rts 20150301
eScan Trojan.Inject.RA 20150301
NANO-Antivirus Trojan.Win32.Siggen.blqxe 20150301
Norman Malware 20150228
nProtect Trojan/W32.Agent.1229979 20150227
Qihoo-360 Win32/Trojan.a6e 20150301
Rising PE:Trojan.Win32.Generic.11E577DB!300251099 20150228
Sophos AV Mal/Generic-S 20150301
Symantec Trojan.ADH 20150301
Tencent Win32.Trojan.Inject.Jwf 20150301
VBA32 Trojan.Inject 20150227
VIPRE Trojan.Win32.Generic!BT 20150301
ViRobot Trojan.Win32.S.Inject.1229979[h] 20150301
Zillya Trojan.Inject.Win32.48769 20150228
Alibaba 20150301
ALYac 20150301
Bkav 20150228
ByteHero 20150301
CAT-QuickHeal 20150228
ClamAV 20150301
CMC 20150301
Comodo 20150301
Jiangmin 20150228
Panda 20150228
SUPERAntiSpyware 20150228
TheHacker 20150227
TotalDefense 20150301
TrendMicro 20150301
TrendMicro-HouseCall 20150301
Zoner 20150227
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright

Publisher
Product Internet Today
File version 1.1.0.1090
Description Internet Today Setup
Comments This installation was built with Inno Setup.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00009B24
Number of sections 8
PE sections
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
CreateDirectoryA
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetLocaleInfoA
LocalAlloc
LockResource
IsDBCSLeadByte
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
CloseHandle
GetACP
GetFullPathNameA
LocalFree
CreateProcessA
GetModuleFileNameA
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
FindResourceA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 4
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
ENGLISH US 7
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
This installation was built with Inno Setup.

InitializedDataSize
23552

ImageVersion
6.0

ProductName
Internet Today

FileVersionNumber
1.1.0.1090

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
2.25

MIMEType
application/octet-stream

FileVersion
1.1.0.1090

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.1.0.1090

FileDescription
Internet Today Setup

OSVersion
1.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
37888

FileSubtype
0

ProductVersionNumber
1.1.0.1090

EntryPoint
0x9b24

ObjectFileType
Executable application

File identification
MD5 0ec533a29e86338c4748422f96f15697
SHA1 b269a665de4e01c244324e0b8a264492186e705b
SHA256 dae63d57e0dd3833a28eca43cf57b355280fd068bec0d5000f5066feebf68dad
ssdeep
24576:g20y7tp42+WFFkfO6IHkPbJCgdainGYhZzD2o05UIg:g2f02tFCfY0GYhZXF0KF

authentihash 578b8a362bb2ee246a00701559ce3eea1213bec622baef123fbac55f0c99356a
imphash 884310b1928934402ea6fec1dbd3cf5e
File size 1.2 MB ( 1229979 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (86.4%)
Win32 Dynamic Link Library (generic) (5.1%)
Win32 Executable (generic) (3.5%)
Win16/32 Executable Delphi generic (1.6%)
Generic Win/DOS Executable (1.5%)
Tags
peexe

VirusTotal metadata
First submission 2009-11-13 15:47:14 UTC ( 9 years, 5 months ago )
Last submission 2012-03-11 14:08:33 UTC ( 7 years, 1 month ago )
File names 281744
TE091120ABDOD-000003
14A6205A9BF07BE8C4DF128A043B990059BBAC46.exe
itsetup.exe
0ec533a29e86338c4748422f96f15697
itsetup.exe.20100127_1534
itsetup_1_.exe
mVed9G2.com
bba0f0460aa49c46eaea31663307ba0e
0EC533A29E86338C4748422F96F15697
itsetup.exe-KFXLjU
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!