× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e9cf705680c6207d6d7fc1dcfb30c26206665ee7e81e2906dab8f6bc95f0e56d
File name: 497471f2efa877856b2538727aeb67ab553463151a5acf9066b2a58a7ab5843f5...
Detection ratio: 0 / 56
Analysis date: 2016-10-09 23:39:00 UTC ( 7 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware 20161009
AegisLab 20161009
AhnLab-V3 20161009
Alibaba 20161009
ALYac 20161009
Antiy-AVL 20161009
Arcabit 20161009
Avast 20161009
AVG 20161009
Avira (no cloud) 20161009
AVware 20161009
Baidu 20161001
BitDefender 20161009
Bkav 20161008
CAT-QuickHeal 20161008
ClamAV 20161009
CMC 20161003
Comodo 20161007
CrowdStrike Falcon (ML) 20160725
Cyren 20161009
DrWeb 20161009
Emsisoft 20161009
ESET-NOD32 20161009
F-Prot 20161009
F-Secure 20161009
Fortinet 20161009
GData 20161009
Ikarus 20161009
Invincea 20160928
Jiangmin 20161009
K7AntiVirus 20161009
K7GW 20161009
Kaspersky 20161009
Kingsoft 20161010
Malwarebytes 20161009
McAfee 20161010
McAfee-GW-Edition 20161009
Microsoft 20161009
eScan 20161009
NANO-Antivirus 20161010
nProtect 20161010
Panda 20161009
Qihoo-360 20161010
Rising 20161009
Sophos 20161010
SUPERAntiSpyware 20161009
Symantec 20161010
Tencent 20161010
TheHacker 20161009
TrendMicro 20161010
TrendMicro-HouseCall 20161009
VBA32 20161009
VIPRE 20161009
ViRobot 20161009
Yandex 20161009
Zillya 20161007
Zoner 20161009
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
(c) 1996-2012 by Joachim Marder

Product UltraSearch
File version 1.7.1.239
Description UltraSearch Setup
Comments This installation was built with Inno Setup.
Signature verification Signed file, verified signature
Signing date 12:25 PM 10/25/2012
Signers
[+] JAM Software GmbH
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2009-2 CA
Valid from 1:00 AM 1/14/2010
Valid to 12:59 AM 1/14/2013
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 36B61C05779AB59A1948E6E4125BF43B0F1BDFB6
Serial number 55 E1 BF 2B 36 6A 98 B6 E8 C6 1D C8 44 1C BB 61
[+] VeriSign Class 3 Code Signing 2009-2 CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 5/21/2009
Valid to 12:59 AM 5/21/2019
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 12D4872BC3EF019E7E0B6F132480AE29DB5B1CA3
Serial number 65 52 26 E1 B2 2E 18 E1 59 0F 29 85 AC 22 E7 5C
[+] VeriSign Class 3 Public Primary CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 1/29/1996
Valid to 12:59 AM 8/2/2028
Valid usage Email Protection, Client Auth, Code Signing, Server Auth
Algorithm md2RSA
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
Counter signers
[+] Symantec Time Stamping Services Signer - G3
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 1:00 AM 5/1/2012
Valid to 12:59 AM 1/1/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 8FD99D63FB3AFBD534A4F6E31DACD27F59504021
Serial number 79 A2 A5 85 F9 D1 15 42 13 D9 B8 3E F6 B6 8D ED
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT INNO, appended
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-12-20 14:16:50
Entry Point 0x00016478
Number of sections 8
PE sections
Overlays
MD5 560c7a242aae99bb8aefda99e3b71939
File type data
Offset 217600
Size 3099864
Entropy 8.00
PE imports
RegCloseKey
OpenProcessToken
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
InitCommonControls
GetLastError
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetThreadLocale
VirtualProtect
GetFileAttributesW
RtlUnwind
lstrlenW
GetLocalTime
CreateProcessW
DeleteCriticalSection
GetStartupInfoA
SizeofResource
GetWindowsDirectoryW
LocalAlloc
LockResource
GetDiskFreeSpaceW
GetCommandLineW
SetErrorMode
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
EnumCalendarInfoW
GetCPInfo
DeleteFileW
GetProcAddress
GetDateFormatW
InterlockedCompareExchange
GetLocaleInfoW
lstrcpynW
CompareStringW
RaiseException
WideCharToMultiByte
RemoveDirectoryW
SetFilePointer
GetFullPathNameW
ReadFile
GetEnvironmentVariableW
InterlockedExchange
CreateDirectoryW
WriteFile
GetCurrentProcess
CloseHandle
FindFirstFileW
GetACP
GetModuleHandleW
SignalObjectAndWait
SetEvent
FormatMessageW
LoadLibraryW
CreateEventW
GetExitCodeProcess
GetVersion
InitializeCriticalSection
LoadResource
FindResourceW
CreateFileW
VirtualQuery
VirtualFree
FindClose
TlsGetValue
Sleep
SetEndOfFile
TlsSetValue
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
GetFileSize
SetLastError
ResetEvent
VariantChangeType
SafeArrayGetLBound
SafeArrayPtrOfIndex
SysAllocStringLen
VariantClear
SafeArrayCreate
SysReAllocStringLen
SafeArrayGetUBound
VariantCopy
SysFreeString
VariantInit
GetSystemMetrics
SetWindowLongW
MessageBoxW
PeekMessageW
LoadStringW
MessageBoxA
CreateWindowExW
MsgWaitForMultipleObjects
TranslateMessage
CharUpperBuffW
CallWindowProcW
CharNextW
GetKeyboardType
ExitWindowsEx
DispatchMessageW
DestroyWindow
Number of PE resources by type
RT_ICON 10
RT_STRING 6
RT_RCDATA 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 14
NEUTRAL 9
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
This installation was built with Inno Setup.

LinkerVersion
2.25

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
1.7.1.239

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
130560

EntryPoint
0x16478

MIMEType
application/octet-stream

LegalCopyright
(c) 1996-2012 by Joachim Marder

FileVersion
1.7.1.239

TimeStamp
2011:12:20 15:16:50+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

ProductVersion
1.7.1

FileDescription
UltraSearch Setup

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
JAM Software

CodeSize
86016

ProductName
UltraSearch

ProductVersionNumber
1.7.1.239

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 2d9959396da4f8d029b284282e05651f
SHA1 466f4d6f76374125f7a423ba0e6a829b233ba294
SHA256 e9cf705680c6207d6d7fc1dcfb30c26206665ee7e81e2906dab8f6bc95f0e56d
ssdeep
49152:4Jxjx3Ypa5ymSCifj0RuDZ7TuHOknywsMVbbkOKZDJ+gLP3YucegYZsYRYN9mpHI:w3YpbS80utGbiMVbSNvYcTm8KG0R/Nf

authentihash f580b2d80a7d963037adbd03109a732296508f3705bc86c83e62d14d84563534
imphash 483f0c4259a9148c34961abbda6146c1
File size 3.2 MB ( 3317464 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (81.5%)
Win32 Executable Delphi generic (10.5%)
Win32 Executable (generic) (3.3%)
Win16/32 Executable Delphi generic (1.5%)
Generic Win/DOS Executable (1.4%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2012-10-26 11:03:41 UTC ( 4 years, 7 months ago )
Last submission 2016-10-09 23:39:00 UTC ( 7 months, 2 weeks ago )
File names file
2d9959396da4f8d029b284282e05651f
UltraSearchSetup1.7.exe
UltraSearch v1.71 setup.exe
samples_analysis_platform
test.exe
file-4929063_exe
UltraSearchSetup1.7.1-uni.exe
output.9269336.txt
UltraSearchSetup.exe
12800483.exe
497471f2efa877856b2538727aeb67ab553463151a5acf9066b2a58a7ab5843f5272ea2691bdfb35d31645ea85ffe16ef484c24295bc0082f037d68237fc4863
ultrasearch-1-7-en-win.exe
UltraSearchSetup_v1.71.exe
octet-stream
9269336
ultrasearchsetup.exe
UltraSearchSetup.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.