× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e9f0800ffb5dca631dc95a8ea4e8d044b429aa473a243e1640dec182bd632e3c
File name: wpsetup_26.1.2013.exe
Detection ratio: 1 / 70
Analysis date: 2019-01-07 23:17:01 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
Yandex PUA.TDownloader.A 20181229
Acronis 20181227
Ad-Aware 20190108
AegisLab 20190108
AhnLab-V3 20190108
Alibaba 20180921
ALYac 20190108
Antiy-AVL 20190107
Arcabit 20190107
Avast 20190107
Avast-Mobile 20190107
AVG 20190107
Avira (no cloud) 20190107
Babable 20180918
Baidu 20190107
BitDefender 20190107
Bkav 20190107
CAT-QuickHeal 20190107
ClamAV 20190107
CMC 20190107
Comodo 20190107
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20190108
Cyren 20190107
DrWeb 20190107
eGambit 20190108
Emsisoft 20190107
Endgame 20181108
ESET-NOD32 20190108
F-Prot 20190108
F-Secure 20190108
Fortinet 20190108
GData 20190108
Ikarus 20190108
Sophos ML 20181128
Jiangmin 20190107
K7AntiVirus 20190108
K7GW 20190108
Kaspersky 20190108
Kingsoft 20190108
MAX 20190108
McAfee 20190108
McAfee-GW-Edition 20190108
Microsoft 20190108
eScan 20190108
NANO-Antivirus 20190108
Palo Alto Networks (Known Signatures) 20190108
Panda 20190107
Qihoo-360 20190108
Rising 20190108
SentinelOne (Static ML) 20181223
Sophos AV 20190108
SUPERAntiSpyware 20190102
Symantec 20190108
TACHYON 20190108
Tencent 20190108
TheHacker 20190106
TotalDefense 20190107
Trapmine 20190103
TrendMicro 20190108
TrendMicro-HouseCall 20190108
Trustlook 20190108
VBA32 20190104
VIPRE 20190108
ViRobot 20190108
Webroot 20190108
Zillya 20190105
ZoneAlarm by Check Point 20190108
Zoner 20190108
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 1997- 2013 BillP Studios

Product WinPatrol
Original name TSULoader.exe
Internal name TSULoader
File version 2013.1.4.1621
Description Installer
Comments Win32 (x86) ANSI Lib Rel
Signature verification Signed file, verified signature
Signing date 1:21 PM 1/4/2013
Signers
[+] BillP Studios
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer COMODO Code Signing CA 2
Valid from 11:00 PM 06/06/2012
Valid to 10:59 PM 06/07/2013
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint F744C783FAA0156992A2CB18EA46CEB0EEE0057F
Serial number 00 B9 EF 7D 46 C7 F1 20 E2 83 74 F1 D5 76 77 A4 A6
[+] COMODO Code Signing CA 2
Status Valid
Issuer UTN-USERFirst-Object
Valid from 11:00 PM 08/23/2011
Valid to 09:48 AM 05/30/2020
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint B64771392538D1EB7A9281998791C14AFD0C5035
Serial number 10 70 9D 4F F5 54 08 D7 30 60 01 D8 EA 91 75 BB
[+] UTN-USERFirst-Object
Status Valid
Issuer AddTrust External CA Root
Valid from 07:09 AM 06/07/2005
Valid to 09:48 AM 05/30/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] The USERTrust Network™
Status Valid
Issuer AddTrust External CA Root
Valid from 09:48 AM 05/30/2000
Valid to 09:48 AM 05/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbprint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
Counter signers
[+] COMODO Time Stamping Signer
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer UTN-USERFirst-Object
Valid from 11:00 PM 05/09/2010
Valid to 10:59 PM 05/10/2015
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 3DBB6DB5085C6DD5A1CA7F9CF84ECB1A3910CAC8
Serial number 47 8A 8E FB 59 E1 D8 3F 0C E1 42 D2 A2 87 07 BE
[+] UTN-USERFirst-Object
Status Valid
Issuer AddTrust External CA Root
Valid from 07:09 AM 06/07/2005
Valid to 09:48 AM 05/30/2020
Valid usage All
Algorithm sha1RSA
Thumbrint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] The USERTrust Network™
Status Valid
Issuer AddTrust External CA Root
Valid from 09:48 AM 05/30/2000
Valid to 09:48 AM 05/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbrint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-11-30 01:03:47
Entry Point 0x000014D8
Number of sections 7
PE sections
Overlays
MD5 429625eb22291f004b33203415e08d20
File type data
Offset 884736
Size 7368
Entropy 7.42
PE imports
GetLastError
HeapFree
lstrlenA
GetFileAttributesA
FreeLibrary
ExitProcess
LoadLibraryA
GetModuleFileNameA
GetFileSize
SetFileTime
DeleteFileA
MultiByteToWideChar
GetCommandLineA
GetProcAddress
GetProcessHeap
SetFilePointer
GetTempPathA
lstrcpynA
WideCharToMultiByte
MapViewOfFile
GetModuleHandleA
ReadFile
WriteFile
CloseHandle
GetSystemTimeAsFileTime
CreateFileMappingA
GetCurrentThreadId
SetFileAttributesA
UnmapViewOfFile
Sleep
GetTickCount
CreateFileA
HeapAlloc
OutputDebugStringA
GetCurrentProcessId
wsprintfA
MessageBoxA
PostMessageA
wvsprintfA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Number of PE resources by type
RT_ICON 6
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 9
PE resources
Debug information
ExifTool file metadata
WebSite
http://www.winpatrol.com

SubsystemVersion
4.0

Comments
Win32 (x86) ANSI Lib Rel

LinkerVersion
8.0

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
2013.1.4.1621

Email
support@winpatrol.com

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Installer

LegalCopyright
Copyright 1997- 2013 BillP Studios

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

PackageCode
{3CEF7641-B39A-4862-ED77-51F45DFAC3A4}

InitializedDataSize
876032

EntryPoint
0x14d8

OriginalFileName
TSULoader.exe

MIMEType
application/octet-stream

ProductCode
{A62F9CD0-B2E0-4F2A-88F2-79254A3C8539}

FileVersion
2013.1.4.1621

TimeStamp
2012:11:29 17:03:47-08:00

FileType
Win32 EXE

PEType
PE32

InternalName
TSULoader

ProductVersion
26.1.2013.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
BillP Studios

CodeSize
7680

ProductName
WinPatrol

ProductVersionNumber
26.1.2013.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 0f38e829eae6c1dbf333f56ad8fbc53e
SHA1 eb5caa1225f8e0a8bbf51dad8dd3ea8e071076ac
SHA256 e9f0800ffb5dca631dc95a8ea4e8d044b429aa473a243e1640dec182bd632e3c
ssdeep
24576:YU4FYHnMIHi6u8C7qK9HMeeCIkaN3ZCl3ND/93T:YUBhuJ9feCZa6ldDVD

authentihash 70b44456b9158e9f813707abd46361b78af09dcf9df462affaddb178734e01b9
imphash f33524df451199f1ab0cc24e2836f097
File size 871.2 KB ( 892104 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2013-01-05 08:46:08 UTC ( 6 years, 1 month ago )
Last submission 2018-05-27 09:52:02 UTC ( 8 months, 3 weeks ago )
File names wpsetup_3.exe
12910998.exe
wpsetup26012013.exe
wpsetup_26.1_2013.exe
wp261setup.exe
TSULoader
file-4978203_exe
winpatrol_26_1_2013
wpsetup.exe
TSULoader.exe
wpsetup_26.1.2013.exe
WinPatrol 2013 v26.1_26.1.2013_wp261setup_chip.exe
software.exe
octet-stream
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!