× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e6fba50b21fee771b5d8fa02730845ee7f4059cc47dec6968b6974b2d6af18f4
File name: Setup
Detection ratio: 0 / 68
Analysis date: 2018-09-15 08:35:19 UTC ( 7 months, 1 week ago )
Antivirus Result Update
Ad-Aware 20180913
AegisLab 20180915
AhnLab-V3 20180914
Alibaba 20180713
ALYac 20180915
Antiy-AVL 20180915
Arcabit 20180915
Avast 20180915
Avast-Mobile 20180915
AVG 20180915
Avira (no cloud) 20180914
AVware 20180915
Babable 20180907
Baidu 20180914
BitDefender 20180915
Bkav 20180915
CAT-QuickHeal 20180912
ClamAV 20180915
CMC 20180914
Comodo 20180915
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20180915
Cyren 20180915
DrWeb 20180915
eGambit 20180915
Emsisoft 20180915
Endgame 20180730
ESET-NOD32 20180915
F-Prot 20180915
F-Secure 20180915
Fortinet 20180915
GData 20180915
Ikarus 20180915
Sophos ML 20180717
Jiangmin 20180915
K7AntiVirus 20180915
K7GW 20180915
Kaspersky 20180915
Kingsoft 20180915
Malwarebytes 20180915
MAX 20180915
McAfee 20180915
McAfee-GW-Edition 20180915
Microsoft 20180915
eScan 20180915
NANO-Antivirus 20180915
Palo Alto Networks (Known Signatures) 20180915
Panda 20180915
Qihoo-360 20180915
Rising 20180915
SentinelOne (Static ML) 20180830
Sophos AV 20180915
SUPERAntiSpyware 20180907
Symantec 20180914
Symantec Mobile Insight 20180911
TACHYON 20180915
Tencent 20180915
TheHacker 20180914
TotalDefense 20180915
TrendMicro 20180915
TrendMicro-HouseCall 20180915
Trustlook 20180915
VBA32 20180914
VIPRE 20180915
ViRobot 20180915
Webroot 20180915
Yandex 20180915
Zillya 20180914
ZoneAlarm by Check Point 20180915
Zoner 20180914
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (c) 2013 Flexera Software LLC. All Rights Reserved.

Product Xmanager 5
Original name InstallShield Setup.exe
Internal name Setup
File version 5.0.0855
Description Setup Launcher Unicode
Signature verification Signed file, verified signature
Signing date 8:01 AM 12/23/2016
Signers
[+] NetSarang Computer, Inc
Status Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer thawte SHA256 Code Signing CA
Valid from 1:00 AM 10/13/2016
Valid to 12:59 AM 11/13/2018
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 88ECB604C5E9D987F1B4F3A9A9D9C4826DB9CFD6
Serial number 53 0C E1 4C 81 F3 62 10 A1 68 2A FF 17 9E 25 80
[+] thawte SHA256 Code Signing CA
Status Valid
Issuer thawte Primary Root CA
Valid from 1:00 AM 12/10/2013
Valid to 12:59 AM 12/10/2023
Valid usage Client Auth, Code Signing
Algorithm sha256RSA
Thumbprint D00CFDBF46C98A838BC10DC4E097AE0152C461BC
Serial number 71 A0 B7 36 95 DD B1 AF C2 3B 2B 9A 18 EE 54 CB
[+] thawte
Status Valid
Issuer thawte Primary Root CA
Valid from 1:00 AM 11/17/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 91C6D6EE3E8AC86384E548C299295C756C817B81
Serial number 34 4E D5 57 20 D5 ED EC 49 F4 2F CE 37 DB 2B 6D
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-10-02 05:23:06
Entry Point 0x00098FAB
Number of sections 4
PE sections
Overlays
MD5 b2e7ad1d5cdde0b2de64623065c30096
File type data
Offset 1447936
Size 42455264
Entropy 8.00
PE imports
SetSecurityDescriptorOwner
RegCreateKeyExW
RegCloseKey
RegCreateKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW
RegQueryValueExW
SetSecurityDescriptorDacl
OpenProcessToken
RegEnumKeyW
RegOpenKeyW
GetTokenInformation
RegQueryInfoKeyW
RegEnumKeyExW
OpenThreadToken
RegEnumValueW
RegSetValueExW
FreeSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
EqualSid
SetSecurityDescriptorGroup
GetDIBColorTable
SetMapMode
CreateFontIndirectW
CreateHalftonePalette
PlayMetaFile
SaveDC
SetStretchBltMode
StretchBlt
GetDeviceCaps
TranslateCharsetInfo
DeleteDC
RestoreDC
SetBkMode
GetSystemPaletteEntries
SetMetaFileBitsEx
SetPixel
SetWindowOrgEx
DeleteObject
GetObjectW
BitBlt
RealizePalette
SetTextColor
CreatePatternBrush
CreateBitmap
CreateDCW
CreatePalette
GetStockObject
CreateDIBitmap
SetViewportOrgEx
SelectPalette
UnrealizeObject
SelectClipRgn
CreateCompatibleDC
CreateFontW
CreateRectRgn
SelectObject
PatBlt
SetWindowExtEx
CreateSolidBrush
SetViewportExtEx
SetBkColor
GetTextExtentPoint32W
CreateCompatibleBitmap
DeleteMetaFile
GetPrivateProfileSectionNamesA
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
WaitForSingleObject
HeapDestroy
GetFileAttributesW
DuplicateHandle
GetLocalTime
HeapAlloc
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
lstrcatW
GetThreadContext
GetLocaleInfoW
SetStdHandle
GetFileTime
GetCPInfo
lstrcmpiA
GetStringTypeA
GetDiskFreeSpaceW
InterlockedExchange
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
FormatMessageW
ResumeThread
CreateEventW
LoadResource
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
InitializeCriticalSection
CopyFileW
GetUserDefaultLangID
RemoveDirectoryW
IsDebuggerPresent
ExitProcess
VerLanguageNameW
GetModuleFileNameA
lstrcmpiW
RaiseException
EnumSystemLocalesA
GetPrivateProfileStringA
SetConsoleCtrlHandler
GetUserDefaultLCID
WritePrivateProfileSectionW
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
FatalAppExitA
FlushInstructionCache
GetPrivateProfileStringW
SetFilePointer
CreateThread
MoveFileExW
GetSystemDirectoryW
GetExitCodeThread
SetUnhandledExceptionFilter
MulDiv
ExitThread
SetEnvironmentVariableA
SetThreadContext
TerminateProcess
SearchPathW
WriteConsoleA
SetCurrentDirectoryW
GlobalAlloc
SetEndOfFile
GetVersion
LeaveCriticalSection
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
GetWindowsDirectoryW
GetFileSize
WriteProcessMemory
OpenProcess
GetPrivateProfileIntA
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
VirtualProtectEx
GetProcessHeap
GetTempFileNameW
CreateFileMappingW
WriteFile
CompareStringW
lstrcpyW
GetModuleFileNameW
ExpandEnvironmentStringsW
lstrcmpA
FindNextFileW
lstrcpyA
CompareStringA
ResetEvent
FindFirstFileW
IsValidLocale
lstrcmpW
GlobalLock
SetEvent
GetPrivateProfileSectionW
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
GetCurrentThreadId
InterlockedIncrement
GetLastError
IsValidCodePage
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
UnmapViewOfFile
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetTimeFormatW
GetProcessTimes
GetEnvironmentStringsW
GlobalUnlock
VirtualQuery
lstrlenW
Process32NextW
CreateProcessW
FileTimeToLocalFileTime
SizeofResource
CompareFileTime
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
Process32FirstW
GetCurrentThread
lstrcpynW
GetSystemDefaultLangID
QueryPerformanceFrequency
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
lstrcpynA
GetACP
GetModuleHandleW
FreeResource
FindResourceExW
TlsGetValue
GetCurrentDirectoryW
HeapCreate
FindResourceW
VirtualFree
Sleep
IsBadReadPtr
VirtualAlloc
GetOEMCP
GetTimeFormatA
VarUI4FromStr
VariantChangeType
SysFreeString
SysStringLen
SystemTimeToVariantTime
CreateErrorInfo
SysAllocStringLen
RegisterTypeLib
VarBstrCat
VariantClear
SysAllocStringByteLen
VarBstrCmp
SysReAllocStringLen
VarBstrFromDate
SysStringByteLen
LoadTypeLib
SysAllocString
GetErrorInfo
SetErrorInfo
UuidFromStringW
UuidCreate
UuidToStringW
RpcStringFreeW
SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetMalloc
CommandLineToArgvW
MapWindowPoints
DrawTextW
PostQuitMessage
SetWindowPos
IsWindow
EndPaint
SetActiveWindow
DispatchMessageW
MapDialogRect
GetDlgCtrlID
SendMessageW
GetClientRect
GetDlgItemTextW
LoadImageW
GetWindowTextW
MsgWaitForMultipleObjects
DestroyWindow
GetParent
UpdateWindow
GetPropW
GetMessageW
ShowWindow
SetPropW
PeekMessageW
EnableWindow
CharUpperW
TranslateMessage
GetWindow
RegisterClassW
DrawFocusRect
SetTimer
IsDialogMessageW
FillRect
CopyRect
WaitForInputIdle
GetSysColorBrush
CreateWindowExW
GetWindowLongW
CharNextW
SetFocus
BeginPaint
DefWindowProcW
KillTimer
CharPrevW
GetSystemMetrics
SetWindowLongW
GetWindowRect
InflateRect
DrawIcon
EnumChildWindows
SendDlgItemMessageW
PostMessageW
CreateDialogParamW
SetWindowTextW
GetDlgItem
RemovePropW
ClientToScreen
DialogBoxIndirectParamW
GetDesktopWindow
LoadCursorW
LoadIconW
FindWindowExW
GetDC
SetForegroundWindow
ExitWindowsEx
CreateDialogIndirectParamW
ReleaseDC
IntersectRect
EndDialog
FindWindowW
ScreenToClient
wvsprintfW
MessageBoxW
RegisterClassExW
MoveWindow
GetWindowDC
GetSysColor
SetDlgItemTextW
SubtractRect
SetRect
InvalidateRect
wsprintfA
CallWindowProcW
GetClassNameW
wsprintfW
SetCursor
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
ProgIDFromCLSID
CLSIDFromProgID
CoInitialize
CreateItemMoniker
CoCreateGuid
CoTaskMemRealloc
CoCreateInstance
CoInitializeSecurity
CoUninitialize
GetRunningObjectTable
CoTaskMemFree
StringFromGUID2
CoTaskMemAlloc
Number of PE resources by type
RT_STRING 25
RT_DIALOG 23
RT_ICON 11
RT_BITMAP 6
RT_GROUP_ICON 3
RT_MANIFEST 1
GIF 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 45
ENGLISH US 26
PE resources
Debug information
ExifTool file metadata
FileTypeExtension
exe

UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

ProductName
Xmanager 5

FileVersionNumber
5.0.855.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

LegalCopyright
Copyright (c) 2013 Flexera Software LLC. All Rights Reserved.

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
514048

InternalBuildNumber
133442

OriginalFileName
InstallShield Setup.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
5.0.0855

TimeStamp
2013:10:02 06:23:06+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Setup

SubsystemVersion
5.0

ProductVersion
5.0.0855

FileDescription
Setup Launcher Unicode

ISInternalDescription
Setup Launcher Unicode

OSVersion
5.0

FileOS
Win32

ISInternalVersion
20.0.496

MachineType
Intel 386 or later, and compatibles

CompanyName
NetSarang Computer, Inc.

CodeSize
932864

FileSubtype
0

ProductVersionNumber
5.0.855.0

EntryPoint
0x98fab

ObjectFileType
Dynamic link library

File identification
MD5 bd3e8e465e77ac203b2115771ff036f1
SHA1 6272ff4ac43370dba9c63f0e3dbe8b9d8e554e6c
SHA256 e6fba50b21fee771b5d8fa02730845ee7f4059cc47dec6968b6974b2d6af18f4
ssdeep
786432:FAn/Uo4XClZ+b1P3fMMp+lgCjpQYZqNsSs8RP9iZagWrAGeVLxcjqWdObZ4yqRu:FAnf4XCWb1PvMMAlgrRs8Ma33CVYqYOl

authentihash 5330bc68c6659a87b614862fda888a09a249861bb52151b3bcaccdb3a62e1e05
imphash b950d8063774a26bdd19d96b6b3280f3
File size 41.9 MB ( 43903200 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (53.0%)
Win64 Executable (generic) (34.0%)
Win32 Executable (generic) (5.5%)
OS/2 Executable (generic) (2.4%)
Generic Win/DOS Executable (2.4%)
Tags
revoked-cert peexe signed overlay

VirusTotal metadata
First submission 2016-12-30 06:57:50 UTC ( 2 years, 3 months ago )
Last submission 2017-01-18 21:23:37 UTC ( 2 years, 3 months ago )
File names InstallShield Setup.exe
Setup
E6FBA50B21FEE771B5D8FA02730845EE7F4059CC47DEC6968B6974B2D6AF18F4.exe
Xmgr5.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!