× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e67e6b3d9982e2078a386bb29a9099e73fcf12f8c29101212699b6aaee629274
File name: 813653
Detection ratio: 1 / 57
Analysis date: 2016-03-10 03:16:02 UTC ( 3 years ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.151026.9950.9989 20160225
Ad-Aware 20160310
AegisLab 20160310
Yandex 20160308
AhnLab-V3 20160309
Alibaba 20160310
ALYac 20160310
Antiy-AVL 20160310
Arcabit 20160310
Avast 20160310
AVG 20160310
Avira (no cloud) 20160310
AVware 20160310
Baidu-International 20160309
BitDefender 20160310
Bkav 20160309
ByteHero 20160310
CAT-QuickHeal 20160310
ClamAV 20160310
CMC 20160307
Comodo 20160310
Cyren 20160310
DrWeb 20160310
Emsisoft 20160310
ESET-NOD32 20160310
F-Prot 20160310
F-Secure 20160310
Fortinet 20160309
GData 20160310
Ikarus 20160310
Jiangmin 20160310
K7AntiVirus 20160309
K7GW 20160310
Kaspersky 20160309
Malwarebytes 20160309
McAfee 20160310
McAfee-GW-Edition 20160309
Microsoft 20160310
eScan 20160310
NANO-Antivirus 20160310
nProtect 20160309
Panda 20160309
Qihoo-360 20160310
Rising 20160310
Sophos AV 20160309
SUPERAntiSpyware 20160310
Symantec 20160309
Tencent 20160310
TheHacker 20160309
TotalDefense 20160308
TrendMicro 20160310
TrendMicro-HouseCall 20160310
VBA32 20160309
VIPRE 20160310
ViRobot 20160310
Zillya 20160309
Zoner 20160310
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © K7 Computing Pvt. Ltd. 2003 - 2014.

Product K7UltimateSecurity
Original name K7Installer.exe
Internal name Installer Package for K7 Security Suites
File version 15, 1, 0, 282
Description K7UltimateSecurity
Signature verification Signed file, verified signature
Signing date 5:11 AM 3/1/2016
Signers
[+] K7 Computing Pvt Ltd
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Go Daddy Secure Certification Authority
Valid from 05:02 AM 10/22/2015
Valid to 05:02 AM 10/22/2018
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01
Serial number 00 A7 32 6E 82 FD 91 6E A2
[+] Go Daddy Secure Certification Authority
Status Valid
Issuer Go Daddy Class 2 Certification Authority
Valid from 01:54 AM 11/16/2006
Valid to 01:54 AM 11/16/2026
Valid usage All
Algorithm sha1RSA
Thumbprint 7C4656C3061F7F4C0D67B319A855F60EBC11FC44
Serial number 03 01
[+] Go Daddy Class 2 Certification Authority
Status Valid
Issuer Go Daddy Class 2 Certification Authority
Valid from 04:06 PM 06/29/2004
Valid to 04:06 PM 06/29/2034
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 2796BAE63F1801E277261BA0D77770028F20EEE4
Serial number 00
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 11:00 PM 10/17/2012
Valid to 11:59 PM 12/29/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 12/21/2012
Valid to 11:59 PM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 01/01/1997
Valid to 11:59 PM 12/31/2020
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-12-31 06:24:21
Entry Point 0x00019B90
Number of sections 5
PE sections
Overlays
MD5 6f45c7f43af9091da61ba8dd43983da3
File type application/x-ms-dos-executable
Offset 287744
Size 191126856
Entropy 8.00
PE imports
RegDeleteKeyA
LookupPrivilegeValueA
RegCloseKey
OpenServiceA
RegEnumValueA
RegQueryValueExA
RegCreateKeyW
AdjustTokenPrivileges
ControlService
LookupPrivilegeValueW
RegCreateKeyExA
DeleteService
RegQueryValueExW
CloseServiceHandle
CreateWellKnownSid
OpenProcessToken
QueryServiceStatus
RegOpenKeyExW
RegOpenKeyExA
EqualSid
GetTokenInformation
RegEnumKeyA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExW
FreeSid
ChangeServiceConfigA
AllocateAndInitializeSid
CheckTokenMembership
RegSetValueExA
RegDeleteValueA
OpenSCManagerA
ImageList_Create
InitCommonControlsEx
ImageList_Draw
ImageList_Add
AddFontResourceA
SetMapMode
SetStretchBltMode
CreatePen
CreateFontIndirectA
AddFontResourceW
GetClipBox
Rectangle
GetDeviceCaps
RoundRect
DeleteDC
SetBkMode
SetMapperFlags
BitBlt
SetTextColor
GetObjectA
GetCurrentObject
CreateBitmap
CreateBrushIndirect
GetStockObject
CreateCompatibleDC
StretchBlt
RemoveFontResourceA
SelectObject
DPtoLP
GetMapMode
SetBkColor
DeleteObject
CreateCompatibleBitmap
GetStdHandle
GetConsoleOutputCP
GetFileAttributesA
WaitForSingleObject
FindFirstFileW
GetExitCodeProcess
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
lstrcatA
ExitProcess
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
WideCharToMultiByte
LoadLibraryW
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
GetOEMCP
MoveFileA
InitializeCriticalSection
LoadResource
FindClose
TlsGetValue
OutputDebugStringA
SetLastError
GetSystemTime
DeviceIoControl
CopyFileW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
LoadLibraryExA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetPrivateProfileStringW
CreateMutexA
GetModuleHandleA
CreateThread
GetSystemDirectoryW
SetNamedPipeHandleState
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
GetSystemDirectoryA
MoveFileExA
TerminateProcess
CreateSemaphoreW
WriteConsoleA
SetCurrentDirectoryW
GetDiskFreeSpaceExW
SetEndOfFile
GetVersion
InterlockedIncrement
SetCurrentDirectoryA
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
Process32Next
GetStartupInfoA
GetFileSize
Process32First
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
OpenProcess
GetCPInfo
DeleteFileW
GetProcAddress
GetPrivateProfileIntW
GetProcessHeap
CreateFileMappingW
FindFirstFileA
WaitNamedPipeA
lstrcpyA
CreateFileMappingA
FindNextFileA
WaitForMultipleObjects
ExpandEnvironmentStringsA
SetEvent
Sleep
CreateFileW
CreateDirectoryW
CreateEventA
CopyFileA
GetFileType
TlsSetValue
CreateFileA
GetCurrentThreadId
LeaveCriticalSection
GetLastError
LCMapStringW
UnmapViewOfFile
lstrlenA
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
RemoveDirectoryA
SizeofResource
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
SetFileTime
GetCurrentDirectoryA
HeapSize
GetCommandLineA
OpenMutexA
RaiseException
ReleaseSemaphore
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
SetDllDirectoryW
GetACP
GetModuleHandleW
FreeResource
GetEnvironmentStrings
CreateProcessA
IsValidCodePage
HeapCreate
GetTempPathW
VirtualFree
TransactNamedPipe
FindResourceA
VirtualAlloc
SHGetFileInfoA
SHGetFolderPathW
SHGetFolderPathA
SHGetSpecialFolderPathA
ShellExecuteA
SHStrDupW
SHDeleteKeyA
SHCopyKeyA
SetFocus
DrawEdge
GetMessagePos
GetParent
UpdateWindow
SetPropA
GetWindowTextA
EndDialog
BeginPaint
KillTimer
LoadImageA
DestroyMenu
ShowWindow
DefWindowProcA
CreatePopupMenu
SetClassLongA
DrawFrameControl
MessageBoxA
DrawTextExA
FindWindowA
GetMenuState
CharLowerA
IsWindow
MessageBeep
GetWindowRect
RegisterClassA
PostMessageA
DrawIcon
EnumChildWindows
MapWindowPoints
GetAsyncKeyState
WindowFromPoint
GetPropA
GetSystemMenu
SetWindowPos
DialogBoxParamA
PostMessageW
GetSysColor
SendDlgItemMessageA
GetDC
SetWindowLongA
GetCursorPos
DrawTextA
SendMessageA
SetWindowTextA
DestroyIcon
LoadStringA
wsprintfA
wsprintfW
DrawIconEx
GetClassInfoA
IsWindowEnabled
GetClientRect
SetTimer
GetDlgItem
EnableMenuItem
ScreenToClient
GetClassLongA
TrackPopupMenuEx
InsertMenuA
GetWindowLongA
GetWindowTextLengthA
CreateWindowExA
LoadCursorA
LoadIconA
InvalidateRect
LoadStringW
ClientToScreen
FillRect
CopyRect
WaitForInputIdle
ExitWindowsEx
GetDesktopWindow
CallWindowProcA
GetClassNameA
ReleaseDC
EndPaint
SetForegroundWindow
PtInRect
GetIconInfo
SetCursor
CoInitializeEx
CoCreateInstance
CoUninitialize
CoInitialize
PropVariantClear
Number of PE resources by type
RT_ICON 9
RT_GROUP_ICON 2
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL DEFAULT 9
ENGLISH US 4
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
15.1.0.282

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

FileDescription
K7UltimateSecurity

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
138240

EntryPoint
0x19b90

OriginalFileName
K7Installer.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright K7 Computing Pvt. Ltd. 2003 - 2014.

FileVersion
15, 1, 0, 282

TimeStamp
2015:12:31 07:24:21+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Installer Package for K7 Security Suites

ProductVersion
15, 1, 0, 282

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
K7 Computing Pvt. Ltd.

CodeSize
148480

ProductName
K7UltimateSecurity

ProductVersionNumber
15.1.0.282

Warning
Possibly corrupt Version resource

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 f5de3ad9567296eefd62f87ae09cb0da
SHA1 aec6d68264cbbf6251fb76cc3522fac229814c2e
SHA256 e67e6b3d9982e2078a386bb29a9099e73fcf12f8c29101212699b6aaee629274
ssdeep
3145728:UdofIJFzPPYPgfNAVkjbag967TSAdoJ+UEjtzzDWjoZCE9jQN9uOG8S9+C5d:MwIn3EUag0OAd6+UEjF/WUZC2QN9uOw9

authentihash e80beb024cb14f69307e7ee270fda55a4dce70494a416eded2bb3fa11140758a
imphash 38f955bbe389cfabe7a6e7bc4a34d808
File size 182.5 MB ( 191414600 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2016-03-10 03:16:02 UTC ( 3 years ago )
Last submission 2016-03-10 03:16:02 UTC ( 3 years ago )
File names E67E6B3D9982E2078A386BB29A9099E73FCF12F8C29101212699B6AAEE629274.exe
813653
setup-eng-us.exe
K7Installer.exe
Installer Package for K7 Security Suites
E67E6B3D9982E2078A386BB29A9099E73FCF12F8C29101212699B6AAEE629274.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!