× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: db0757dca2707aa410c13a8bbd8541c7e37a5e66d6aefdc0608d7c058313fbae
File name: SfxInst
Detection ratio: 0 / 55
Analysis date: 2016-07-31 11:17:35 UTC ( 2 years, 3 months ago )
Antivirus Result Update
Ad-Aware 20160731
AegisLab 20160731
AhnLab-V3 20160730
Alibaba 20160730
ALYac 20160731
Antiy-AVL 20160731
Arcabit 20160731
Avast 20160803
AVG 20160731
Avira (no cloud) 20160731
AVware 20160731
Baidu 20160730
BitDefender 20160731
Bkav 20160727
CAT-QuickHeal 20160730
ClamAV 20160731
CMC 20160728
Comodo 20160731
Cyren 20160731
DrWeb 20160731
Emsisoft 20160731
ESET-NOD32 20160731
F-Prot 20160803
F-Secure 20160731
Fortinet 20160731
GData 20160731
Ikarus 20160731
Jiangmin 20160731
K7AntiVirus 20160731
K7GW 20160731
Kaspersky 20160731
Kingsoft 20160731
Malwarebytes 20160731
McAfee 20160731
McAfee-GW-Edition 20160730
Microsoft 20160731
eScan 20160731
NANO-Antivirus 20160731
nProtect 20160729
Panda 20160731
Qihoo-360 20160731
Sophos AV 20160731
SUPERAntiSpyware 20160731
Symantec 20160731
Tencent 20160731
TheHacker 20160729
TotalDefense 20160731
TrendMicro 20160731
TrendMicro-HouseCall 20160731
VBA32 20160729
VIPRE 20160731
ViRobot 20160731
Yandex 20160730
Zillya 20160730
Zoner 20160731
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (c) 2014 AVAST Software

Product Avast Antivirus
Original name SfxInst.exe
Internal name SfxInst
File version 11.1.2241.1482
Description avast! Antivirus Installer
Comments avast! Antivirus
Signature verification Signed file, verified signature
Signing date 9:45 AM 11/3/2015
Signers
[+] AVAST Software a.s.
Status Valid
Issuer DigiCert High Assurance Code Signing CA-1
Valid from 1:00 AM 7/12/2013
Valid to 1:00 PM 9/14/2016
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 181E2AE5727DE60F52EF26D90BC6919481601793
Serial number 0E F5 EC A7 BD 31 CF C3 A7 F8 E6 25 9B 42 33 59
[+] DigiCert High Assurance Code Signing CA-1
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 1:00 PM 2/11/2011
Valid to 1:00 PM 2/10/2026
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint E308F829DC77E80AF15EDD4151EA47C59399AB46
Serial number 02 C4 D1 E5 8A 4A 68 0C 56 8D A3 04 7E 7E 4D 5F
[+] DigiCert
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
Serial number 02 AC 5C 26 6A 0B 40 9B 8F 0B 79 F2 AE 46 25 77
Counter signers
[+] DigiCert Timestamp Responder
Status Valid
Issuer DigiCert Assured ID CA-1
Valid from 1:00 AM 10/22/2014
Valid to 1:00 AM 10/22/2024
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 614D271D9102E30169822487FDE5DE00A352B01D
Serial number 03 01 9A 02 3A FF 58 B1 6B D6 D5 EA E6 17 F0 66
[+] DigiCert Assured ID CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2021
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing
Algorithm sha1RSA
Thumbrint 19A09B5A36F4DD99727DF783C17A51231A56C117
Serial number 06 FD F9 03 96 03 AD EA 00 0A EB 3F 27 BB BA 1B
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbrint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-11-02 16:21:29
Entry Point 0x0016E9A0
Number of sections 3
PE sections
Overlays
MD5 d590564f0e44924a06815ee99b08a81c
File type data
Offset 662016
Size 167138664
Entropy 8.00
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
Number of PE resources by type
RT_ICON 10
RT_MANIFEST 1
RT_VERSION 1
FILE 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 12
ENGLISH US 1
CZECH DEFAULT 1
PE resources
ExifTool file metadata
SubsystemVersion
5.1

Comments
avast! Antivirus

LinkerVersion
11.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
11.1.2241.1482

LanguageCode
Neutral

FileFlagsMask
0x0017

FileDescription
avast! Antivirus Installer

CharacterSet
Unicode

InitializedDataSize
77824

EntryPoint
0x16e9a0

OriginalFileName
SfxInst.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 2014 AVAST Software

FileVersion
11.1.2241.1482

TimeStamp
2015:11:02 17:21:29+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
SfxInst

ProductVersion
11.1.2241.1482

UninitializedDataSize
913408

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
AVAST Software

CodeSize
585728

ProductName
Avast Antivirus

ProductVersionNumber
11.1.2241.1482

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 66ab4f1962d433f22b1827c48dfc19e0
SHA1 88edb8e3d9cd8c0b20efea26a34cdf3f57893b36
SHA256 db0757dca2707aa410c13a8bbd8541c7e37a5e66d6aefdc0608d7c058313fbae
ssdeep
3145728:ulWni82bhRjBO5QD9pBgIwIOwwW2NIZfphj2grQcuX2KZ3FhLSyRpe/cFQSiBbWx:u5HFZBO5QTxAEkIZfpfQci1Z39RE/cWW

authentihash 0d045a66d425d09880611167c06809e2de5d1099842dcd15d0aa46be3f994850
imphash e58ab46f2a279ded0846d81bf0fa21f7
File size 160.0 MB ( 167800680 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (46.5%)
Win32 EXE Yoda's Crypter (40.4%)
Win32 Executable (generic) (6.8%)
Generic Win/DOS Executable (3.0%)
DOS Executable Generic (3.0%)
Tags
peexe signed upx overlay

VirusTotal metadata
First submission 2015-11-03 12:10:07 UTC ( 3 years ago )
Last submission 2015-11-03 12:41:25 UTC ( 3 years ago )
File names avast_free_antivirus_setup.exe
avast_free_antivirus_setup.exe
SfxInst
target.exe
avast_free_antivirus_setup.exe
avast_free_antivirus_setup.exe
DB0757DCA2707AA410C13A8BBD8541C7E37A5E66D6AEFDC0608D7C058313FBAE
avast_free_antivirus_setup.exe
Avast_Free_Antivirus_v2016.11.1.2241.exe
avast_free_antivirus_setup_11.1.2241.1482.exe
avast_free_antivirus_setup.exe
SfxInst.exe
avast_free_antivirus_setup.exe
avast_free_antivirus_setup.exe
avast_free_antivirus_setup (1).exe
avast_free_antivirus_setup(1).exe
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!