× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: de7e13991bbbe84c6470c070d675ceff1f07b3ff3c545ca53b33ebbc1790b9c9
File name: Profile Viewer - 5.exe
Detection ratio: 24 / 47
Analysis date: 2013-06-10 11:09:11 UTC ( 3 years, 9 months ago ) View latest
Antivirus Result Update
AntiVir JS/Redirect.BR 20130610
BitDefender Trojan.Generic.9021806 20130610
Commtouch W32/Trojan.XZYS-8691 20130610
Comodo Heur.Suspicious 20130610
DrWeb Trojan.AVKill.30538 20130610
Emsisoft Trojan.Generic.9021806 (B) 20130610
ESET-NOD32 JS/TrojanClicker.Agent.NDL 20130610
F-Secure Trojan.Generic.9021806 20130610
Fortinet W32/Agent.ABOE!tr 20130610
GData Trojan.Generic.9021806 20130610
Ikarus Trojan.SuspectCRC 20130610
K7AntiVirus Riskware 20130607
K7GW Riskware 20130607
McAfee Artemis!814837294BC3 20130610
McAfee-GW-Edition Artemis!814837294BC3 20130610
eScan Trojan.Generic.9021806 20130610
NANO-Antivirus Trojan.Win32.Redirect.bsnsxz 20130610
Norman Suspicious_Gen2.VPYZG 20130610
nProtect Trojan.Generic.9021806 20130610
Panda Suspicious file 20130609
Sophos Troj/Agent-ABOE 20130610
TrendMicro TROJ_GEN.R0UCREG 20130610
TrendMicro-HouseCall TROJ_GEN.R0UCREG 20130610
VIPRE Trojan.Win32.Clicker!BT 20130610
Yandex 20130609
AhnLab-V3 20130609
Antiy-AVL 20130610
Avast 20130610
AVG 20130610
ByteHero 20130606
CAT-QuickHeal 20130610
ClamAV 20130610
eSafe 20130606
F-Prot 20130610
Jiangmin 20130610
Kaspersky 20130610
Kingsoft 20130506
Malwarebytes 20130610
Microsoft 20130610
PCTools 20130521
Rising 20130607
SUPERAntiSpyware 20130609
Symantec 20130610
TheHacker 20130608
TotalDefense 20130607
VBA32 20130610
ViRobot 20130610
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Facebook Inc.

Publisher rinim
Product Facebook Profile Viewer installer
Original name setup.exe
Internal name setup.exe
File version 1.3.4
Description Deploy Facebook Profile Viewer browsers extension
Signature verification Signed file, verified signature
Signing date 6:47 PM 4/9/2013
Signers
[+] rinim
Status A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Issuer None
Valid from 11:00 PM 12/31/2012
Valid to 11:00 PM 12/31/2018
Valid usage Code Signing
Algorithm SHA1
Thumbprint D263125E4A1F1CE739D0F8D3297542BB73FEB405
Serial number 3D 93 94 A4 D3 EC 5E 8A 45 B5 17 1E 76 F8 19 9A
Packers identified
F-PROT NSIS
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-29 18:03:41
Entry Point 0x0001F3A0
Number of sections 9
PE sections
Overlays
MD5 9b28adaf79b081593d890a897cf58d1f
File type data
Offset 4519424
Size 2752
Entropy 7.38
PE imports
SHGetFolderPathA
RegFlushKey
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetSystemInfo
lstrlenA
GetFileAttributesA
WaitForSingleObject
FreeLibrary
QueryPerformanceCounter
CopyFileA
GetTickCount
GetThreadLocale
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
GetLocalTime
WritePrivateProfileStringA
DeleteCriticalSection
GetStartupInfoA
GetDateFormatA
LoadLibraryExA
SizeofResource
GetPrivateProfileStringA
GetLocaleInfoA
GetFileSize
CreateDirectoryA
LockResource
IsDBCSLeadByte
DeleteFileA
GetWindowsDirectoryA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
EnumCalendarInfoA
GetCPInfo
GetCommandLineA
GetProcAddress
FormatMessageA
GetFullPathNameA
SetFilePointer
GetTempPathA
RaiseException
CompareStringA
CloseHandle
WideCharToMultiByte
GetModuleHandleA
FindFirstFileA
WriteFile
GetCurrentProcess
ReadFile
ResetEvent
lstrcpynA
GetSystemDirectoryA
GetACP
GetDiskFreeSpaceA
FreeResource
SetFileAttributesA
SetEvent
FindResourceA
CreateProcessA
GetExitCodeProcess
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
CreateEventA
FindClose
InterlockedDecrement
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
LocalAlloc
InterlockedIncrement
StringFromCLSID
CoTaskMemFree
CoCreateGuid
VariantChangeType
SafeArrayGetLBound
SafeArrayPtrOfIndex
SysAllocStringLen
VariantClear
SafeArrayCreate
SysReAllocStringLen
SafeArrayGetUBound
VariantCopy
SysFreeString
VariantInit
ShellExecuteExA
CharPrevA
MapVirtualKeyA
keybd_event
FindWindowA
GetSystemMetrics
DispatchMessageA
VkKeyScanA
CharUpperBuffA
MessageBoxA
PeekMessageA
TranslateMessage
GetWindow
SetKeyboardState
GetKeyState
LoadStringA
SendMessageA
GetKeyboardState
CharNextA
WaitForInputIdle
MsgWaitForMultipleObjects
GetWindowTextA
CharToOemA
GetKeyboardType
IsDialogMessageA
DestroyWindow
Number of PE resources by type
RT_STRING 8
RT_RCDATA 6
RT_ICON 5
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 14
ENGLISH US 8
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
2.25

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.3.4.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
4402688

EntryPoint
0x1f3a0

OriginalFileName
setup.exe

MIMEType
application/octet-stream

LegalCopyright
Facebook Inc.

FileVersion
1.3.4

TimeStamp
2013:03:29 19:03:41+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
setup.exe

ProductVersion
1.3.4

FileDescription
Deploy Facebook Profile Viewer browsers extension

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
124416

ProductName
Facebook Profile Viewer installer

ProductVersionNumber
1.3.4.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 814837294bc34f288e31637bab955e6c
SHA1 d0626e5dc296904360400dc529a6ca57fa7e81ef
SHA256 de7e13991bbbe84c6470c070d675ceff1f07b3ff3c545ca53b33ebbc1790b9c9
ssdeep
98304:U7Ar71MSDvsSgwDJWFPRF4V5sUheW1TxBq/j3g:U7MMSDv/jgL65sUhr57q/jQ

authentihash 4bedf8a84badacc76b020c4a4afffd6e22636b6665fb4e521a97d2da1f646f09
imphash 73747b911244725f88ce26d959287999
File size 4.3 MB ( 4522176 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (53.2%)
Win32 Executable Delphi generic (17.5%)
Windows screen saver (16.1%)
Win32 Executable (generic) (5.5%)
Win16/32 Executable Delphi generic (2.5%)
Tags
nsis peexe signed overlay

VirusTotal metadata
First submission 2013-04-30 02:30:44 UTC ( 3 years, 10 months ago )
Last submission 2015-12-25 14:32:22 UTC ( 1 year, 2 months ago )
File names de7e13991bbbe84c6470c070d675ceff1f07b3ff3c545ca53b33ebbc1790b9c9.bin
pv5.exe
filename
Profile Viewer - 5.exe
setup.exe
Profile Viewer - 5(3).exe
file-5440208_exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R047C0CJ415.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Set keys
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications