× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ec3a3a806241a246619b2d02c79673f4891278ff39f5a58584268710c6dff05e
File name: Setup.exe
Detection ratio: 1 / 58
Analysis date: 2017-02-13 15:57:41 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9996 20170213
Ad-Aware 20170213
AegisLab 20170213
AhnLab-V3 20170213
Alibaba 20170213
ALYac 20170213
Antiy-AVL 20170213
Arcabit 20170213
Avast 20170213
AVG 20170213
Avira (no cloud) 20170213
AVware 20170213
BitDefender 20170213
Bkav 20170213
CAT-QuickHeal 20170213
ClamAV 20170213
CMC 20170213
Comodo 20170213
CrowdStrike Falcon (ML) 20170130
Cyren 20170213
DrWeb 20170213
Emsisoft 20170213
Endgame 20170208
ESET-NOD32 20170213
F-Prot 20170213
F-Secure 20170213
Fortinet 20170213
GData 20170213
Ikarus 20170213
Sophos ML 20170203
Jiangmin 20170213
K7AntiVirus 20170213
K7GW 20170213
Kaspersky 20170213
Kingsoft 20170213
Malwarebytes 20170213
McAfee 20170213
McAfee-GW-Edition 20170213
Microsoft 20170213
eScan 20170213
NANO-Antivirus 20170213
nProtect 20170213
Panda 20170213
Qihoo-360 20170213
Rising 20170213
Sophos AV 20170213
SUPERAntiSpyware 20170213
Symantec 20170213
Tencent 20170213
TheHacker 20170211
TrendMicro 20170213
TrendMicro-HouseCall 20170213
Trustlook 20170213
VBA32 20170213
VIPRE 20170213
ViRobot 20170213
WhiteArmor 20170202
Yandex 20170212
Zillya 20170210
Zoner 20170213
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2014

Product Squirrel-based application
Original name Setup.exe
Internal name Setup.exe
File version 1.4.3.0
Description Installer for Squirrel-based applications
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-10 18:14:50
Entry Point 0x0000A5F9
Number of sections 5
PE sections
PE imports
RegCreateKeyExW
GetTokenInformation
RegDeleteValueW
RegCloseKey
OpenProcessToken
GetUserNameW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteKeyW
RegQueryValueExW
InitCommonControlsEx
GetStdHandle
WaitForSingleObject
EncodePointer
GetFileAttributesW
VerifyVersionInfoW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
GetExitCodeProcess
OutputDebugStringW
TlsGetValue
MoveFileW
SetLastError
LoadResource
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
VerSetConditionMask
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetModuleHandleExW
LocalFileTimeToFileTime
GetCurrentThreadId
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
lstrcmpiW
RtlUnwind
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GetTempFileNameW
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
GetConsoleCP
FindResourceW
GetEnvironmentStringsW
lstrlenW
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
FreeResource
IsValidCodePage
GetTempPathW
CreateProcessW
Sleep
VarUI4FromStr
SysFreeString
VariantClear
VariantInit
SysAllocString
SHGetFolderPathW
ShellExecuteW
ShellExecuteExW
MessageBoxW
GetActiveWindow
LoadStringW
wsprintfW
CharNextW
ExitWindowsEx
DestroyWindow
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
URLDownloadToFileW
Number of PE resources by type
RT_ICON 4
RT_GROUP_ICON 2
RT_MANIFEST 1
RT_STRING 1
DATA 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 10
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.4.3.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Installer for Squirrel-based applications

CharacterSet
Unicode

InitializedDataSize
12379136

SquirrelAwareVersion
1

EntryPoint
0xa5f9

OriginalFileName
Setup.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2014

FileVersion
1.4.3.0

TimeStamp
2016:08:10 19:14:50+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Setup.exe

ProductVersion
1.4.3.0

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
107008

ProductName
Squirrel-based application

ProductVersionNumber
1.4.3.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 c5e398d708784e10b8830062648cca34
SHA1 5b2a8987aa6ee2caf93c25e6f86724d8848d4dfa
SHA256 ec3a3a806241a246619b2d02c79673f4891278ff39f5a58584268710c6dff05e
ssdeep
196608:aPhAQJIlGFZfAiteoamzM0OL3LURffeMZP2VICdA0UgstyerWztv3/kOjQ9PlFVW:ACNQtramzMwff7d2VNdlstyerajmlFVW

authentihash 13c130c39d29283f6069b3df90f8293b63f9e073cb9e14c5166d1981fff9befc
imphash e859dd0409c406b4558a8d7b196d17f1
File size 11.9 MB ( 12487168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (53.0%)
Win64 Executable (generic) (34.0%)
Win32 Executable (generic) (5.5%)
OS/2 Executable (generic) (2.4%)
Generic Win/DOS Executable (2.4%)
Tags
peexe

VirusTotal metadata
First submission 2017-02-13 15:57:41 UTC ( 1 year, 5 months ago )
Last submission 2017-02-13 15:57:41 UTC ( 1 year, 5 months ago )
File names Setup.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs