× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ea0f8304ead1cf230422ced61a7918e897f30c3509f6bf092b19dd046693e2df
File name: setup-contenta-svgconverter-en.exe
Detection ratio: 0 / 56
Analysis date: 2015-12-01 09:49:30 UTC ( 3 years, 4 months ago ) View latest
Antivirus Result Update
Ad-Aware 20151130
AegisLab 20151201
Yandex 20151130
AhnLab-V3 20151130
Alibaba 20151201
ALYac 20151201
Antiy-AVL 20151201
Arcabit 20151201
Avast 20151201
AVG 20151130
Avira (no cloud) 20151201
AVware 20151201
Baidu-International 20151201
BitDefender 20151201
Bkav 20151130
ByteHero 20151201
CAT-QuickHeal 20151201
ClamAV 20151201
CMC 20151201
Comodo 20151201
Cyren 20151201
DrWeb 20151201
Emsisoft 20151201
ESET-NOD32 20151201
F-Prot 20151201
F-Secure 20151201
Fortinet 20151201
GData 20151201
Ikarus 20151201
Jiangmin 20151130
K7AntiVirus 20151201
K7GW 20151201
Kaspersky 20151201
Malwarebytes 20151201
McAfee 20151201
McAfee-GW-Edition 20151201
Microsoft 20151201
eScan 20151201
NANO-Antivirus 20151201
nProtect 20151201
Panda 20151130
Qihoo-360 20151201
Rising 20151129
Sophos AV 20151201
SUPERAntiSpyware 20151201
Symantec 20151130
Tencent 20151201
TheHacker 20151127
TotalDefense 20151201
TrendMicro 20151201
TrendMicro-HouseCall 20151201
VBA32 20151130
VIPRE 20151201
ViRobot 20151201
Zillya 20151201
Zoner 20151201
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 10:34 PM 4/22/2016
Signers
[+] Contenta Software
Status Valid
Issuer COMODO RSA Code Signing CA
Valid from 1:00 AM 6/5/2015
Valid to 12:59 AM 6/5/2020
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 73D4691CDBEB571FB48BF63F44ED391233FAA7AF
Serial number 03 55 2F 5E CC 4E 08 8A 01 9A 58 06 85 15 63 73
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 5/9/2013
Valid to 12:59 AM 5/9/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE?
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 1/19/2010
Valid to 12:59 AM 1/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Packers identified
F-PROT NSIS, appended, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-02-24 19:19:59
Entry Point 0x000039E3
Number of sections 6
PE sections
Overlays
MD5 8e5f075b99b333eedd5de90ac098b369
File type data
Offset 67584
Size 13429712
Entropy 8.00
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegEnumValueW
RegOpenKeyExW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueExW
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
CreateFontIndirectW
SetBkMode
CreateBrushIndirect
SelectObject
SetBkColor
DeleteObject
SetTextColor
GetLastError
WriteFile
CopyFileW
GetShortPathNameW
LoadLibraryA
lstrlenA
GetModuleFileNameW
GlobalFree
WaitForSingleObject
GetVersionExW
GetExitCodeProcess
FindFirstFileW
ExitProcess
GlobalUnlock
GetFileAttributesW
lstrlenW
GetCurrentProcess
CompareFileTime
FindNextFileW
GetFileSize
OpenProcess
SetFileTime
GetCommandLineW
GetWindowsDirectoryW
SetErrorMode
MultiByteToWideChar
CreateDirectoryW
SetFilePointer
GlobalLock
GetPrivateProfileStringW
WritePrivateProfileStringW
GetTempFileNameW
lstrcpynW
RemoveDirectoryW
ExpandEnvironmentStringsW
lstrcpyW
GetFullPathNameW
lstrcmpiA
CreateThread
LoadLibraryW
GetModuleHandleA
GetSystemDirectoryW
GetDiskFreeSpaceW
ReadFile
GetTempPathW
CloseHandle
DeleteFileW
lstrcmpA
lstrcmpW
GetModuleHandleW
lstrcatW
lstrcpynA
FreeLibrary
SearchPathW
WideCharToMultiByte
lstrcmpiW
SetCurrentDirectoryW
lstrcpyA
CreateFileW
GlobalAlloc
CreateProcessW
FindClose
Sleep
MoveFileW
SetFileAttributesW
GetTickCount
GetVersion
GetProcAddress
LoadLibraryExW
MulDiv
SHBrowseForFolderW
SHFileOperationW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFileInfoW
EmptyClipboard
GetMessagePos
EndPaint
EndDialog
LoadBitmapW
SetClassLongW
DefWindowProcW
CharPrevW
PostQuitMessage
ShowWindow
SetWindowPos
wvsprintfW
GetSystemMetrics
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
EnableWindow
GetDC
CharUpperW
DialogBoxParamW
GetClassInfoW
AppendMenuW
CharNextW
IsWindowEnabled
GetDlgItemTextW
MessageBoxIndirectW
GetSysColor
CheckDlgButton
DispatchMessageW
GetAsyncKeyState
BeginPaint
CreatePopupMenu
SendMessageW
SetCursor
SetClipboardData
GetWindowLongW
FindWindowExW
IsWindowVisible
SetForegroundWindow
SetWindowTextW
GetDlgItem
SystemParametersInfoW
LoadImageW
EnableMenuItem
ScreenToClient
InvalidateRect
CreateDialogParamW
wsprintfA
SetTimer
CallWindowProcW
TrackPopupMenu
RegisterClassW
FillRect
IsDlgButtonChecked
CharNextA
SetDlgItemTextW
LoadCursorW
GetSystemMenu
SendMessageTimeoutW
CreateWindowExW
wsprintfW
CloseClipboard
GetClientRect
DrawTextW
DestroyWindow
ExitWindowsEx
OpenClipboard
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_DIALOG 28
RT_ICON 7
RT_BITMAP 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 38
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:02:24 20:19:59+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
28672

LinkerVersion
10.0

EntryPoint
0x39e3

InitializedDataSize
445952

SubsystemVersion
5.0

ImageVersion
6.0

OSVersion
5.0

UninitializedDataSize
16896

File identification
MD5 4fc5df88cf220b87d0287b3f375ac9e1
SHA1 6c3fcd5e09d144366b7e05ec03917115ab27f378
SHA256 ea0f8304ead1cf230422ced61a7918e897f30c3509f6bf092b19dd046693e2df
ssdeep
393216:ri/P4mX/qZ7YTAbJNBAHFM/I+t4OA6ui1M2KB:G/wmaM2wytrp62KB

authentihash f2ff81e2a6ed38c6f18fe5cfe304af685ac2ab130dd4aa64c30bf5c38319de4a
imphash 32f3282581436269b3a75b6675fe3e08
File size 12.9 MB ( 13497296 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
nsis peexe signed overlay

VirusTotal metadata
First submission 2015-12-01 09:49:30 UTC ( 3 years, 4 months ago )
Last submission 2016-04-22 21:34:00 UTC ( 3 years ago )
File names setup-contenta-svgconverter-en.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created mutexes
Opened service managers
Opened services
Runtime DLLs