× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e63d99e463b1540ee94e945efc3661bd85f7d809dfe763361081185433adc680
File name: setup357379sid1584permlnk.exe
Detection ratio: 0 / 68
Analysis date: 2018-08-03 22:36:37 UTC ( 1 month, 2 weeks ago )
Antivirus Result Update
Ad-Aware 20180803
AegisLab 20180803
AhnLab-V3 20180803
Alibaba 20180713
ALYac 20180803
Antiy-AVL 20180803
Arcabit 20180803
Avast 20180803
Avast-Mobile 20180803
AVG 20180803
Avira (no cloud) 20180803
AVware 20180727
Babable 20180725
Baidu 20180802
BitDefender 20180803
Bkav 20180803
CAT-QuickHeal 20180803
ClamAV 20180803
CMC 20180803
Comodo 20180803
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20180803
Cyren 20180803
DrWeb 20180803
eGambit 20180803
Emsisoft 20180803
Endgame 20180730
ESET-NOD32 20180803
F-Prot 20180803
F-Secure 20180730
Fortinet 20180803
GData 20180803
Ikarus 20180803
Sophos ML 20180717
Jiangmin 20180803
K7AntiVirus 20180803
K7GW 20180803
Kaspersky 20180803
Kingsoft 20180803
Malwarebytes 20180803
MAX 20180803
McAfee 20180803
McAfee-GW-Edition 20180803
Microsoft 20180803
eScan 20180803
NANO-Antivirus 20180803
Palo Alto Networks (Known Signatures) 20180803
Panda 20180803
Qihoo-360 20180803
Rising 20180803
SentinelOne (Static ML) 20180701
Sophos AV 20180803
SUPERAntiSpyware 20180803
Symantec 20180803
Symantec Mobile Insight 20180801
TACHYON 20180803
Tencent 20180803
TheHacker 20180802
TotalDefense 20180803
TrendMicro 20180803
TrendMicro-HouseCall 20180803
Trustlook 20180803
VBA32 20180803
VIPRE 20180803
ViRobot 20180803
Webroot 20180803
Yandex 20180803
Zillya 20180803
ZoneAlarm by Check Point 20180803
Zoner 20180803
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 3:59 PM 6/14/2011
Signers
[+] PY Software
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 8/18/2010
Valid to 12:59 AM 8/19/2011
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint B27030A121DB3342CAFE888702B9D9E00B150817
Serial number 00 96 83 9A 22 CC 84 2B 92 ED EF B2 82 40 16 F0 CC
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbprint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 1:00 AM 6/15/2007
Valid to 12:59 AM 6/15/2012
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x000452C4
Number of sections 8
PE sections
Overlays
MD5 d4a3b108204c6a09d630f338a2c29d53
File type data
Offset 336384
Size 773712
Entropy 7.99
PE imports
RegFlushKey
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
ImageList_BeginDrag
ImageList_SetBkColor
ImageList_GetImageInfo
ImageList_SetDragCursorImage
ImageList_Read
ImageList_GetDragImage
ImageList_Remove
ImageList_DragMove
ImageList_DrawEx
ImageList_SetIconSize
ImageList_GetImageCount
ImageList_Destroy
ImageList_Draw
ImageList_GetIconSize
ImageList_DragLeave
ImageList_GetBkColor
ImageList_ReplaceIcon
ImageList_DragEnter
ImageList_Add
ImageList_DragShowNolock
ImageList_Create
ImageList_EndDrag
GetDIBColorTable
GetWindowOrgEx
PatBlt
GetClipBox
GetCurrentPositionEx
SaveDC
TextOutA
CreateFontIndirectA
GetTextMetricsA
MaskBlt
SetStretchBltMode
EnumFontsA
GetPixel
Rectangle
GetObjectA
ExcludeClipRect
LineTo
DeleteDC
RestoreDC
SetBkMode
GetSystemPaletteEntries
SetPixel
CreateSolidBrush
IntersectClipRect
CreateHalftonePalette
CreateDIBSection
CreateFontA
RealizePalette
SetTextColor
GetDeviceCaps
MoveToEx
BitBlt
CreateBitmap
RectVisible
CreatePalette
GetStockObject
CreateDIBitmap
SetViewportOrgEx
SelectPalette
UnrealizeObject
GetDIBits
SetBrushOrgEx
GetDCOrgEx
GetBrushOrgEx
StretchBlt
GetBitmapBits
CreateCompatibleDC
SetROP2
CreateRectRgn
SelectObject
GetPaletteEntries
SetDIBColorTable
CreateBrushIndirect
SetWindowOrgEx
CreatePenIndirect
GetTextExtentPointA
SetBkColor
DeleteObject
CreateCompatibleBitmap
EnumFontFamiliesExA
SetThreadLocale
GetStdHandle
FileTimeToDosDateTime
GetFileAttributesA
WaitForSingleObject
GetExitCodeProcess
DeleteCriticalSection
GetLocaleInfoA
LocalAlloc
SetErrorMode
GetTempPathA
GetCPInfo
WriteFile
GetDiskFreeSpaceA
SetEvent
LocalFree
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
TlsGetValue
FormatMessageA
ExitProcess
GetModuleFileNameA
EnumCalendarInfoA
LoadLibraryExA
InterlockedDecrement
MultiByteToWideChar
SetFilePointer
CreateThread
GlobalAddAtomA
MulDiv
GetSystemDirectoryA
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetVersion
InterlockedIncrement
SetCurrentDirectoryA
EnterCriticalSection
FreeLibrary
GetTickCount
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GlobalLock
GlobalReAlloc
FindFirstFileA
lstrcpyA
CompareStringA
GetProcAddress
CreateEventA
GetFileType
TlsSetValue
CreateFileA
LeaveCriticalSection
GetLastError
DosDateTimeToFileTime
GlobalDeleteAtom
GetSystemInfo
lstrlenA
GlobalFree
GetThreadLocale
GlobalUnlock
VirtualQuery
WinExec
FileTimeToLocalFileTime
SizeofResource
GetCurrentProcessId
LockResource
SetFileTime
GetCurrentDirectoryA
GetCommandLineA
RaiseException
GetModuleHandleA
ReadFile
CloseHandle
GetCurrentThreadId
FreeResource
CreateProcessA
WideCharToMultiByte
VirtualFree
Sleep
FindResourceA
VirtualAlloc
CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemFree
IsEqualGUID
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
SysReAllocStringLen
SysFreeString
VariantChangeTypeEx
SHBrowseForFolder
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetPathFromIDList
RedrawWindow
GetForegroundWindow
SetWindowRgn
EnableScrollBar
DestroyMenu
PostQuitMessage
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
SetMenuItemInfoA
WindowFromPoint
DrawIcon
SetActiveWindow
GetMenuItemID
GetCursorPos
MapDialogRect
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
SetScrollPos
CallNextHookEx
GetKeyboardState
ClientToScreen
GetTopWindow
ShowCursor
ScrollWindow
GetWindowTextA
GetKeyState
PtInRect
GetMessageA
GetParent
UpdateWindow
SetPropA
EqualRect
EnumWindows
DefMDIChildProcA
ShowWindow
GetPropA
GetDesktopWindow
TranslateMDISysAccel
EnableWindow
SetWindowPlacement
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
ActivateKeyboardLayout
InsertMenuItemA
GetIconInfo
LoadStringA
CharLowerA
IsZoomed
GetWindowPlacement
GetWindowRgn
GetKeyboardLayoutList
DrawMenuBar
IsIconic
RegisterClassA
GetMenuItemCount
GetWindowLongA
SetTimer
OemToCharA
GetActiveWindow
ShowOwnedPopups
FillRect
EnumThreadWindows
CreateMenu
DestroyWindow
IsChild
IsDialogMessageA
SetFocus
CreateWindowExA
MapVirtualKeyA
DrawEdge
SetCapture
BeginPaint
OffsetRect
GetScrollPos
KillTimer
RegisterWindowMessageA
DefWindowProcA
MapWindowPoints
GetSystemMetrics
EnableMenuItem
SetScrollRange
GetWindowRect
InflateRect
PostMessageA
ReleaseCapture
GetScrollRange
SetWindowLongA
RemovePropA
CreatePopupMenu
CheckMenuItem
GetSubMenu
GetLastActivePopup
GetDCEx
GetDlgItem
BringWindowToTop
ScreenToClient
InsertMenuA
CreateDialogIndirectParamA
LoadCursorA
LoadIconA
TrackPopupMenu
SetWindowsHookExA
GetMenuStringA
GetMenuState
GetKeyboardLayout
GetSystemMenu
GetDC
SetForegroundWindow
ReleaseDC
IntersectRect
GetScrollInfo
GetCapture
WaitMessage
FindWindowA
RemoveMenu
GetWindowThreadProcessId
ShowScrollBar
DrawFrameControl
UnhookWindowsHookEx
RegisterClipboardFormatA
MoveWindow
MessageBoxA
GetWindowDC
DestroyCursor
AdjustWindowRectEx
GetSysColor
SetScrollInfo
GetMenuItemInfoA
SystemParametersInfoA
DestroyIcon
GetKeyNameTextA
IsWindowVisible
WinHelpA
FrameRect
SetRect
DeleteMenu
InvalidateRect
DefFrameProcA
DrawTextA
CreateIcon
CallWindowProcA
GetCursor
GetFocus
GetKeyboardType
SetMenu
SetCursor
Number of PE resources by type
RT_BITMAP 21
RT_STRING 12
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_ICON 3
RT_RCDATA 2
RT_GROUP_ICON 2
RT_VERSION 1
Number of PE resources by language
NEUTRAL 49
RUSSIAN 3
ENGLISH US 3
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
55808

ImageVersion
0.0

FileVersionNumber
2.3.0.69

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Windows, Latin1

LinkerVersion
2.25

FileTypeExtension
exe

MIMEType
application/octet-stream

Ller
4ProductVersion

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
1.0

AlName
Installer

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
P

CodeSize
279552

FileSubtype
0

ProductVersionNumber
2.3.0.69

Warning
Possibly corrupt Version resource

EntryPoint
0x452c4

ObjectFileType
Executable application

Ool
Permanent Links

File identification
MD5 c0383aa15b6ab5bda1747f676a724e9a
SHA1 4d2d6f4f99a62c4a7edcf49fcff7dc972052ac06
SHA256 e63d99e463b1540ee94e945efc3661bd85f7d809dfe763361081185433adc680
ssdeep
24576:Sln0QBIuGxNlqqi81K48CtSJcRcZz0hKWxfpYYcM169:cn0Q0xNlqf8A4X2OcZzeKWxfpYYXQ

authentihash 080ad34a70a2f98f1d44721dda63d45b946a7e02463178e8d8e71086facadeee
imphash b2e6b383d68bb3bf99b698062f6fce6c
File size 1.1 MB ( 1110096 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (43.2%)
Win32 Executable Delphi generic (14.2%)
Windows screen saver (13.1%)
DOS Borland compiled Executable (generic) (10.0%)
Win32 Dynamic Link Library (generic) (6.6%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2011-09-06 09:30:41 UTC ( 7 years ago )
Last submission 2015-11-18 09:16:23 UTC ( 2 years, 10 months ago )
File names setup137868sid1443permlnk.exe
1347819013-setup138389sid1666permlnk.exe
setup138335sid1443permlnk.exe
setup379824sid1136permlnk.exe
setup138348sid1443permlnk.exe
setup227306sid1443permlnk.exe
setup156887sid1410permlnk.exe
1360577085-setup333867sid1576permlnk.exe
setup141192sid1443permlnk.exe
setup137830sid1443permlnk.exe
setup187403sid1171permlnk.exe
setup243143sid1443permlnk.exe
setup138376sid1443permlnk.exe
setup186189sid1443permlnk.exe
setup188987sid1443permlnk.exe
setup235163sid1443permlnk.exe
setup211584sid1443permlnk.exe
setup138234sid1443permlnk.exe
setup162767sid1443permlnk.exe
setup139225sid1443permlnk.exe
setup217952sid1443permlnk.exe
file
setup139597sid1443permlnk.exe
setup187403sid1443permlnk.exe
setup159047sid1443permlnk.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!