× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ebc7cb1f964e1dda61f74f148d36f0141e0bc4aafb6cfea27c24c549f2c6cb31
File name: b-vob-converter-custom-cnet.exe
Detection ratio: 0 / 70
Analysis date: 2018-12-11 16:15:06 UTC ( 3 months, 1 week ago )
Antivirus Result Update
Ad-Aware 20181211
AegisLab 20181211
AhnLab-V3 20181211
Alibaba 20180921
ALYac 20181211
Antiy-AVL 20181211
Arcabit 20181211
Avast 20181211
Avast-Mobile 20181211
AVG 20181211
Avira (no cloud) 20181211
Babable 20180918
Baidu 20181207
BitDefender 20181211
Bkav 20181211
CAT-QuickHeal 20181210
ClamAV 20181211
CMC 20181210
Comodo 20181211
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181211
Cyren 20181211
DrWeb 20181211
eGambit 20181211
Emsisoft 20181211
Endgame 20181108
ESET-NOD32 20181211
F-Prot 20181211
F-Secure 20181211
Fortinet 20181211
GData 20181211
Ikarus 20181211
Sophos ML 20181128
Jiangmin 20181211
K7AntiVirus 20181211
K7GW 20181211
Kaspersky 20181211
Kingsoft 20181211
Malwarebytes 20181211
MAX 20181211
McAfee 20181211
McAfee-GW-Edition 20181211
Microsoft 20181211
eScan 20181211
NANO-Antivirus 20181211
Palo Alto Networks (Known Signatures) 20181211
Panda 20181210
Qihoo-360 20181211
Rising 20181211
SentinelOne (Static ML) 20181011
Sophos AV 20181211
SUPERAntiSpyware 20181205
Symantec 20181211
Symantec Mobile Insight 20181207
TACHYON 20181211
Tencent 20181211
TheHacker 20181210
TotalDefense 20181211
Trapmine 20181205
TrendMicro 20181211
TrendMicro-HouseCall 20181211
Trustlook 20181211
VBA32 20181211
VIPRE 20181211
ViRobot 20181211
Webroot 20181211
Yandex 20181211
Zillya 20181211
ZoneAlarm by Check Point 20181211
Zoner 20181211
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Bigasoft VOB Converter 3.2.3.4772
File version 3.2.3.4772
Description Bigasoft VOB Converter 3.2.3.4772 Setup
Comments This installation was built with Inno Setup.
Packers identified
F-PROT INNO, appended, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-05-15 09:13:48
Entry Point 0x000163C4
Number of sections 9
PE sections
Overlays
MD5 808185ca1488b77f9d39095b2c8b11ac
File type data
Offset 140800
Size 10692446
Entropy 8.00
PE imports
RegCloseKey
OpenProcessToken
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
InitCommonControls
GetLastError
EnumCalendarInfoA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetThreadLocale
VirtualProtect
GetFileAttributesW
RtlUnwind
lstrlenW
GetLocalTime
CreateProcessW
DeleteCriticalSection
GetStartupInfoA
SizeofResource
GetWindowsDirectoryW
LocalAlloc
LockResource
GetDiskFreeSpaceW
GetCommandLineW
SetErrorMode
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetCPInfo
DeleteFileW
GetProcAddress
GetDateFormatW
InterlockedCompareExchange
GetLocaleInfoW
lstrcpynW
CompareStringW
RaiseException
WideCharToMultiByte
RemoveDirectoryW
SetFilePointer
GetFullPathNameW
ReadFile
GetEnvironmentVariableW
InterlockedExchange
CreateDirectoryW
WriteFile
GetCurrentProcess
CloseHandle
FindFirstFileW
GetACP
GetModuleHandleW
SignalObjectAndWait
SetEvent
FormatMessageW
LoadLibraryW
CreateEventW
GetExitCodeProcess
GetVersion
InitializeCriticalSection
LoadResource
FindResourceW
CreateFileW
VirtualQuery
VirtualFree
FindClose
TlsGetValue
Sleep
SetEndOfFile
TlsSetValue
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
GetFileSize
SetLastError
ResetEvent
VariantChangeType
SafeArrayGetLBound
SafeArrayPtrOfIndex
SysAllocStringLen
VariantClear
SafeArrayCreate
SysReAllocStringLen
SafeArrayGetUBound
VariantCopy
SysFreeString
VariantInit
GetSystemMetrics
SetWindowLongW
MessageBoxW
PeekMessageW
CharToOemW
LoadStringW
MessageBoxA
CreateWindowExW
MsgWaitForMultipleObjects
TranslateMessage
CharUpperBuffW
CallWindowProcW
CharNextW
GetKeyboardType
ExitWindowsEx
DispatchMessageW
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 4
RT_RCDATA 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 9
ENGLISH US 4
DUTCH 4
PE resources
ExifTool file metadata
SubsystemVersion
5.0

Comments
This installation was built with Inno Setup.

InitializedDataSize
60416

ImageVersion
6.0

ProductName
Bigasoft VOB Converter 3.2.3.4772

FileVersionNumber
3.2.3.4772

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Unicode

LinkerVersion
2.25

FileTypeExtension
exe

MIMEType
application/octet-stream

FileVersion
3.2.3.4772

TimeStamp
2009:05:15 10:13:48+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
3.2.3.4772

FileDescription
Bigasoft VOB Converter 3.2.3.4772 Setup

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Bigasoft Corporation

CodeSize
86016

FileSubtype
0

ProductVersionNumber
0.0.0.0

EntryPoint
0x163c4

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 1990cd099763dbd3cb6df6b21dbb157a
SHA1 f99416bd0c8d386c1ab2b41ffb47d17226adf5ea
SHA256 ebc7cb1f964e1dda61f74f148d36f0141e0bc4aafb6cfea27c24c549f2c6cb31
ssdeep
196608:K6icgqFvD54BsoSS36oZUDny2wR7yHAeQI39CGcAUmrTmuceT/7I/:9LxCsol/Ujy2wR7ylA1AZmuXw

authentihash 4466d4ec0db6d7e11fd0e2ff921d5567b008af882b5a4dac2f9f4028f3503358
imphash 72faf036969f0d1e2da5e177111256fc
File size 10.3 MB ( 10833246 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (76.6%)
Win32 Executable Delphi generic (9.9%)
Win32 Dynamic Link Library (generic) (4.5%)
Win32 Executable (generic) (3.1%)
Win16/32 Executable Delphi generic (1.4%)
Tags
peexe overlay

VirusTotal metadata
First submission 2013-04-26 13:42:14 UTC ( 5 years, 11 months ago )
Last submission 2018-05-22 23:01:03 UTC ( 10 months ago )
File names Bigasoft-vob-converter.exe
b-vob-converter.exe
ebc7cb1f964e1dda61f74f148d36f0141e0bc4aafb6cfea27c24c549f2c6cb31
b-vob-converter.exe
b-vob-converter.exe
2812-b-vob-converter-custom-cnet.exe
b-vob-converter-(custom-cnet).exe
b-vob-converter-custom-cnet.exe
396170
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.