× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e471e201a0fe88f1c6a5888ebdbdde118d3f886b5aed500261d2bf3b1874b20e
File name: 360586
Detection ratio: 0 / 57
Analysis date: 2016-03-23 10:34:07 UTC ( 3 years, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware 20160323
AegisLab 20160323
Yandex 20160316
AhnLab-V3 20160323
Alibaba 20160323
ALYac 20160323
Antiy-AVL 20160323
Arcabit 20160323
Avast 20160323
AVG 20160323
Avira (no cloud) 20160323
AVware 20160323
Baidu 20160322
Baidu-International 20160323
BitDefender 20160323
Bkav 20160322
ByteHero 20160323
CAT-QuickHeal 20160323
ClamAV 20160319
CMC 20160322
Comodo 20160323
Cyren 20160323
DrWeb 20160323
Emsisoft 20160323
ESET-NOD32 20160323
F-Prot 20160323
F-Secure 20160323
Fortinet 20160323
GData 20160323
Ikarus 20160323
Jiangmin 20160323
K7AntiVirus 20160323
K7GW 20160323
Kaspersky 20160323
Malwarebytes 20160323
McAfee 20160323
McAfee-GW-Edition 20160323
Microsoft 20160323
eScan 20160323
NANO-Antivirus 20160323
nProtect 20160322
Panda 20160322
Qihoo-360 20160323
Rising 20160323
Sophos AV 20160323
SUPERAntiSpyware 20160323
Symantec 20160323
Tencent 20160323
TheHacker 20160321
TotalDefense 20160323
TrendMicro 20160323
TrendMicro-HouseCall 20160323
VBA32 20160323
VIPRE 20160323
ViRobot 20160323
Zillya 20160322
Zoner 20160323
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
(c) BitMart Inc. 2000-2013

Product Restorer Ultimate
File version 7.8.708.689.689
Description Restorer Ultimate 7.8
Signature verification Signed file, verified signature
Signing date 3:31 PM 3/21/2013
Signers
[+] Bitmart Inc.
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer GlobalSign ObjectSign CA
Valid from 07:25 AM 06/30/2010
Valid to 07:25 AM 06/30/2013
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 77059080DD75B64AA517EE92EE013825633CE4E2
Serial number 01 00 00 00 00 01 29 88 2C D8 80
[+] GlobalSign ObjectSign CA
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer GlobalSign Primary Object Publishing CA
Valid from 10:00 AM 01/22/2004
Valid to 11:00 AM 01/27/2017
Valid usage All
Algorithm sha1RSA
Thumbprint B859853EF366AC9335763C340A87BD208113055F
Serial number 04 00 00 00 00 01 1E 44 A5 EC BE
[+] GlobalSign Primary Object Publishing CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer GlobalSign Root CA
Valid from 01:00 PM 01/28/1999
Valid to 12:00 PM 01/27/2017
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 549DF5E7102A223BA204B7150106D8EA17B7A70A
Serial number 04 00 00 00 00 01 23 9E 0F AC B3
[+] GlobalSign Root CA - R1
Status Valid
Issuer GlobalSign Root CA
Valid from 11:00 AM 09/01/1998
Valid to 12:00 PM 01/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbprint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 11:00 PM 10/17/2012
Valid to 11:59 PM 12/29/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 12/21/2012
Valid to 11:59 PM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 01/01/1997
Valid to 11:59 PM 12/31/2020
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT NSIS, appended, UTF-8, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-04-10 12:19:31
Entry Point 0x0000354B
Number of sections 5
PE sections
Overlays
MD5 675f26d51d6554335e673aac277c72c3
File type data
Offset 43008
Size 19592624
Entropy 8.00
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegEnumValueW
RegOpenKeyExW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueExW
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
CreateFontIndirectW
SetBkMode
CreateBrushIndirect
SelectObject
SetBkColor
DeleteObject
SetTextColor
GetLastError
WriteFile
CopyFileW
GetShortPathNameW
LoadLibraryA
lstrlenA
GetModuleFileNameW
GlobalFree
WaitForSingleObject
GetVersionExW
GetExitCodeProcess
ExitProcess
GlobalUnlock
GetFileAttributesW
lstrlenW
GetCurrentProcess
CompareFileTime
FindNextFileW
GetFileSize
OpenProcess
SetFileTime
GetCommandLineW
GetWindowsDirectoryW
SetErrorMode
MultiByteToWideChar
CreateDirectoryW
SetFilePointer
GlobalLock
GetPrivateProfileStringW
WritePrivateProfileStringW
GetTempFileNameW
lstrcpynW
RemoveDirectoryW
ExpandEnvironmentStringsW
lstrcpyW
GetFullPathNameW
lstrcmpiA
CreateThread
LoadLibraryW
GetModuleHandleA
GetSystemDirectoryW
GetDiskFreeSpaceW
ReadFile
GetTempPathW
CloseHandle
DeleteFileW
FindFirstFileW
lstrcmpW
GetModuleHandleW
lstrcatW
lstrcpynA
FreeLibrary
SearchPathW
WideCharToMultiByte
lstrcmpiW
SetCurrentDirectoryW
lstrcpyA
CreateFileW
GlobalAlloc
CreateProcessW
FindClose
Sleep
MoveFileW
SetFileAttributesW
GetTickCount
GetVersion
GetProcAddress
LoadLibraryExW
MulDiv
SHBrowseForFolderW
SHFileOperationW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFileInfoW
EmptyClipboard
GetMessagePos
EndPaint
EndDialog
LoadBitmapW
SetClassLongW
DefWindowProcW
CharPrevW
PostQuitMessage
ShowWindow
FillRect
SetWindowPos
GetSystemMetrics
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
EnableWindow
GetDC
CharUpperW
DialogBoxParamW
GetClassInfoW
AppendMenuW
CharNextW
IsWindowEnabled
GetDlgItemTextW
MessageBoxIndirectW
GetSysColor
CheckDlgButton
DispatchMessageW
CreateDialogParamW
BeginPaint
CreatePopupMenu
SendMessageW
SetCursor
SetClipboardData
GetWindowLongW
IsWindowVisible
SetForegroundWindow
SetWindowTextW
GetDlgItem
SystemParametersInfoW
LoadImageW
EnableMenuItem
ScreenToClient
InvalidateRect
wsprintfA
SetTimer
CallWindowProcW
TrackPopupMenu
RegisterClassW
FindWindowExW
CharNextA
SetDlgItemTextW
LoadCursorW
GetSystemMenu
SendMessageTimeoutW
CreateWindowExW
wsprintfW
CloseClipboard
GetClientRect
DrawTextW
DestroyWindow
ExitWindowsEx
OpenClipboard
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_DIALOG 6
RT_ICON 4
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 12
NEUTRAL 1
PE resources
ExifTool file metadata
CodeSize
25600

SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
7.8.708.689

LanguageCode
Neutral

FileFlagsMask
0x0000

FileDescription
Restorer Ultimate 7.8

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
431104

EntryPoint
0x354b

MIMEType
application/octet-stream

LegalCopyright
(c) BitMart Inc. 2000-2013

FileVersion
7.8.708.689.689

TimeStamp
2010:04:10 14:19:31+02:00

FileType
Win32 EXE

PEType
PE32

UninitializedDataSize
16896

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
BitMart Inc.

LegalTrademarks
Restorer Ultimate

ProductName
Restorer Ultimate

ProductVersionNumber
7.8.708.689

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 1434517330406211aa251fd5eab48a87
SHA1 b8e25f73d4e5fb314905e7eeefb24bab127584e6
SHA256 e471e201a0fe88f1c6a5888ebdbdde118d3f886b5aed500261d2bf3b1874b20e
ssdeep
393216:naqN7T45AByi60ylRe7ZRZDLJ/uZdcmpQSTRTH+v8dTkuEtwb77X2xP0k:nZvGAByAylReNRZDLJ/uZdHhT4ITktmi

authentihash 7c737eb41ee1e63f73b8161fe73828df3e459422cb1a30ee6d082215356bd2eb
imphash b729b61eb1515fcf7b3e511e4e66258b
File size 18.7 MB ( 19635632 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe overlay revoked-cert signed nsis via-tor

VirusTotal metadata
First submission 2013-03-23 16:56:42 UTC ( 6 years, 2 months ago )
Last submission 2019-01-27 15:09:29 UTC ( 3 months, 3 weeks ago )
File names Restorer7.exe
ru_7.exe
Restorer7.exe
aa
360586
output.14144049.txt
Restorer Ultimate Pro.exe
E471E201A0FE88F1C6A5888EBDBDDE118D3F886B5AED500261D2BF3B1874B20E
Restorer7.exe
Restorer Ultimate Pro Network 7.8 build 708689.exe
restorer7.exe
14144049
Restorer7.exe
filename
file-5748824_exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!