× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e9a2152b02468ae5192c391d88d0b55f52d8f565f92902312f1425b33e5955eb
File name: setup.exe
Detection ratio: 2 / 68
Analysis date: 2018-09-17 02:43:37 UTC ( 6 months ago ) View latest
Antivirus Result Update
AVware Trojan.Win32.Generic.pak!cobra 20180917
VIPRE Trojan.Win32.Generic.pak!cobra 20180917
Ad-Aware 20180913
AegisLab 20180917
AhnLab-V3 20180916
Alibaba 20180713
ALYac 20180917
Antiy-AVL 20180916
Arcabit 20180917
Avast 20180917
Avast-Mobile 20180916
AVG 20180917
Avira (no cloud) 20180916
Babable 20180907
Baidu 20180914
BitDefender 20180917
Bkav 20180915
CAT-QuickHeal 20180915
ClamAV 20180916
CMC 20180916
Comodo 20180917
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20180917
Cyren 20180917
DrWeb 20180917
eGambit 20180917
Emsisoft 20180917
Endgame 20180730
ESET-NOD32 20180917
F-Prot 20180917
F-Secure 20180917
Fortinet 20180917
GData 20180917
Ikarus 20180916
Sophos ML 20180717
Jiangmin 20180917
K7AntiVirus 20180916
K7GW 20180916
Kaspersky 20180917
Kingsoft 20180917
Malwarebytes 20180916
MAX 20180917
McAfee 20180917
McAfee-GW-Edition 20180917
Microsoft 20180916
eScan 20180917
NANO-Antivirus 20180917
Palo Alto Networks (Known Signatures) 20180917
Panda 20180916
Qihoo-360 20180917
Rising 20180917
SentinelOne (Static ML) 20180830
Sophos AV 20180916
SUPERAntiSpyware 20180907
Symantec 20180916
Symantec Mobile Insight 20180911
TACHYON 20180917
Tencent 20180917
TheHacker 20180914
TotalDefense 20180915
TrendMicro 20180917
TrendMicro-HouseCall 20180917
Trustlook 20180917
VBA32 20180914
ViRobot 20180916
Webroot 20180917
Yandex 20180915
Zillya 20180914
ZoneAlarm by Check Point 20180917
Zoner 20180916
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem that targets 64bit architectures.
FileVersionInfo properties
PE header basic information
Target machine x64
Compilation timestamp 2018-09-12 08:45:26
Entry Point 0x0000E464
Number of sections 7
PE sections
PE imports
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetStdHandle
WaitForSingleObject
EncodePointer
CreatePipe
GetCurrentProcess
GetConsoleMode
UnhandledExceptionFilter
RtlUnwindEx
FreeEnvironmentStringsW
InitializeSListHead
GetLocaleInfoW
SetStdHandle
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
FindClose
TlsGetValue
SetLastError
PeekNamedPipe
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
RtlVirtualUnwind
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
CreateThread
DeleteCriticalSection
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
TerminateProcess
GetModuleHandleExW
SetEndOfFile
GetCurrentThreadId
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
FreeLibrary
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
RtlPcToFileHeader
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
CompareStringW
FindNextFileW
RtlLookupFunctionEntry
IsValidLocale
FindFirstFileExW
GetProcAddress
ReadConsoleW
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
GetEnvironmentStringsW
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
ReadFile
RtlCaptureContext
CloseHandle
GetACP
GetModuleHandleW
CreateProcessA
IsValidCodePage
CreateProcessW
Sleep
ShellExecuteExW
WinHttpConnect
WinHttpSendRequest
WinHttpCloseHandle
WinHttpSetTimeouts
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpOpen
WinHttpOpenRequest
WinHttpReadData
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 3
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
AMD AMD64

FileTypeExtension
exe

TimeStamp
2018:09:12 01:45:26-07:00

FileType
Win64 EXE

PEType
PE32+

CodeSize
203776

LinkerVersion
14.0

ImageFileCharacteristics
Executable, Large address aware

EntryPoint
0xe464

InitializedDataSize
127488

SubsystemVersion
6.0

ImageVersion
0.0

OSVersion
6.0

UninitializedDataSize
0

File identification
MD5 bba1d01921f01a752d4e0a93896ed52a
SHA1 e8601a0816aba3a184ff932424baaad60418e9f5
SHA256 e9a2152b02468ae5192c391d88d0b55f52d8f565f92902312f1425b33e5955eb
ssdeep
6144:ABle+VF4SgkDxYZwcOZMm4Y/KtIkDqW2D++XvclrohuI+kQUWGBfND:qeQxXD6ZwbPIob+4

authentihash 64e5ab38ba4a6f9f32ec9a52c1b36db447e4b09b8ec1da972bb8ae8c3e0601cd
imphash 0031da77f3501a3e5e593f32854a8583
File size 318.5 KB ( 326144 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (GUI) Mono/.Net assembly

TrID Win64 Executable (generic) (82.0%)
OS/2 Executable (generic) (6.0%)
Generic Win/DOS Executable (5.9%)
DOS Executable Generic (5.9%)
Tags
64bits peexe assembly

VirusTotal metadata
First submission 2018-09-17 02:43:37 UTC ( 6 months ago )
Last submission 2018-09-29 14:09:23 UTC ( 5 months, 3 weeks ago )
File names setup.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!