× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ecfa5434202260e83d79004e69118c1be078fe61a4eac36c6a113e48907713c0
File name: 817778
Detection ratio: 0 / 56
Analysis date: 2016-03-15 18:20:28 UTC ( 1 year, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware 20160315
AegisLab 20160315
Yandex 20160314
AhnLab-V3 20160315
Alibaba 20160315
ALYac 20160315
Antiy-AVL 20160315
Arcabit 20160315
Avast 20160315
AVG 20160315
AVware 20160315
Baidu 20160315
Baidu-International 20160315
BitDefender 20160315
Bkav 20160315
ByteHero 20160315
CAT-QuickHeal 20160314
ClamAV 20160311
CMC 20160314
Comodo 20160315
Cyren 20160315
DrWeb 20160315
Emsisoft 20160315
ESET-NOD32 20160315
F-Prot 20160315
F-Secure 20160315
Fortinet 20160315
GData 20160315
Ikarus 20160315
Jiangmin 20160315
K7AntiVirus 20160315
K7GW 20160315
Kaspersky 20160315
Malwarebytes 20160315
McAfee 20160315
McAfee-GW-Edition 20160315
Microsoft 20160315
eScan 20160315
NANO-Antivirus 20160315
nProtect 20160315
Panda 20160315
Qihoo-360 20160315
Rising 20160315
Sophos AV 20160315
SUPERAntiSpyware 20160315
Symantec 20160315
Tencent 20160315
TheHacker 20160314
TotalDefense 20160315
TrendMicro 20160315
TrendMicro-HouseCall 20160315
VBA32 20160315
VIPRE 20160315
ViRobot 20160315
Zillya 20160315
Zoner 20160315
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (c) 2012 Flexera Software LLC. All Rights Reserved.

Product ADAudit Plus
Original name InstallShield Setup.exe
Internal name Setup
File version 1.00.000
Description InstallScript Setup Launcher
Signature verification Signed file, verified signature
Signing date 11:53 AM 3/11/2016
Signers
[+] ZOHO Corporation
Status Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer COMODO RSA Code Signing CA
Valid from 1:00 AM 12/21/2014
Valid to 12:59 AM 12/21/2017
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 10EEAED7ED307812847DB1B4DDDB048E741E8481
Serial number 00 E1 D8 BF 8B 0B AE 09 43 4B A1 52 B6 44 03 5A 49
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 5/9/2013
Valid to 12:59 AM 5/9/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 1/19/2010
Valid to 12:59 AM 1/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] COMODO SHA-1 Time Stamping Signer
Status Valid
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 12/31/2015
Valid to 7:40 PM 7/9/2019
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 03A5B14663EB12023091B84A6D6A68BC871DE66B
Serial number 16 88 F0 39 25 5E 63 8E 69 14 39 07 E6 33 0B
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-09-09 23:28:54
Entry Point 0x0003DF7D
Number of sections 4
PE sections
Overlays
MD5 c3bfbb37658aa320211e129e280395a5
File type data
Offset 807424
Size 63316016
Entropy 7.99
PE imports
RegCreateKeyExW
SetSecurityDescriptorOwner
RegCloseKey
RegQueryValueExA
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW
SetSecurityDescriptorDacl
OpenProcessToken
RegEnumKeyW
RegOpenKeyW
RegOpenKeyExA
GetTokenInformation
RegOpenKeyExW
RegEnumKeyExW
OpenThreadToken
RegEnumValueW
RegSetValueExW
FreeSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
EqualSid
SetSecurityDescriptorGroup
GetDIBColorTable
SetMapMode
TextOutW
GetSystemPaletteEntries
CreateHalftonePalette
PlayMetaFile
SaveDC
SetStretchBltMode
GetDeviceCaps
TranslateCharsetInfo
DeleteDC
RestoreDC
SetBkMode
CreateFontIndirectW
CreateBitmap
SetMetaFileBitsEx
SetPixel
SetWindowOrgEx
GetObjectW
BitBlt
RealizePalette
SetTextColor
CreatePatternBrush
GetTextExtentPoint32W
CreateDCW
CreatePalette
GetStockObject
CreateDIBitmap
SetViewportOrgEx
SelectPalette
UnrealizeObject
SelectClipRgn
CreateCompatibleDC
StretchBlt
CreateRectRgn
SelectObject
PatBlt
SetWindowExtEx
CreateSolidBrush
SetViewportExtEx
SetBkColor
DeleteObject
CreateCompatibleBitmap
DeleteMetaFile
GetPrivateProfileSectionNamesA
GetStdHandle
GetDriveTypeW
ReleaseMutex
WaitForSingleObject
HeapDestroy
GetFileAttributesW
lstrcmpW
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
lstrcatW
GetThreadContext
GetLocaleInfoW
SetStdHandle
GetFileTime
WideCharToMultiByte
LoadLibraryW
GetStringTypeA
GetDiskFreeSpaceW
InterlockedExchange
FindResourceExW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
LocalFree
FormatMessageW
ResumeThread
GetEnvironmentVariableA
LoadResource
FindClose
InterlockedDecrement
SetFileAttributesW
SetLastError
InitializeCriticalSection
GetUserDefaultLangID
GetModuleFileNameW
HeapAlloc
VerLanguageNameW
GetModuleFileNameA
GetVersionExA
lstrcmpiW
RaiseException
GetPrivateProfileStringA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
FlushInstructionCache
GetModuleHandleA
CreateThread
MoveFileExW
GetSystemDirectoryW
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
ExitThread
SetThreadContext
TerminateProcess
SearchPathW
GetVersion
SetCurrentDirectoryW
VirtualQuery
GetCurrentThreadId
LeaveCriticalSection
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
GetWindowsDirectoryW
GetFileSize
WriteProcessMemory
OpenProcess
GetPrivateProfileIntA
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetPrivateProfileIntW
VirtualProtectEx
GetProcessHeap
GetTempFileNameW
CreateFileMappingW
CompareStringW
lstrcpyW
RemoveDirectoryW
ExpandEnvironmentStringsW
lstrcmpA
FindNextFileW
lstrcpyA
GetTimeFormatA
ResetEvent
FindFirstFileW
IsValidLocale
DuplicateHandle
GlobalLock
SetEvent
GetTempPathW
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
HeapCreate
GetSystemInfo
lstrlenA
GlobalFree
FindResourceW
LCMapStringA
GetProcessTimes
GetEnvironmentStringsW
GlobalUnlock
GlobalAlloc
lstrlenW
VirtualFree
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
GetCurrentThread
lstrcpynW
GetSystemDefaultLangID
QueryPerformanceFrequency
MapViewOfFile
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
FreeResource
GetEnvironmentStrings
CompareFileTime
UnmapViewOfFile
WriteFile
CreateProcessW
Sleep
IsBadReadPtr
IsBadCodePtr
VirtualAlloc
GetOEMCP
CompareStringA
LZOpenFileW
LZCopy
LZClose
VariantChangeType
SysStringLen
SysAllocStringLen
VariantClear
SysAllocString
SysReAllocStringLen
GetErrorInfo
SysFreeString
UuidCreate
UuidToStringW
RpcStringFreeW
SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetPathFromIDListW
SetFocus
MapWindowPoints
GetParent
CreateDialogIndirectParamW
ReleaseDC
IntersectRect
EndDialog
BeginPaint
DefWindowProcW
MoveWindow
GetWindowTextW
GetPropW
GetMessageW
ShowWindow
EnableWindow
SetPropW
GetSystemMetrics
SetWindowLongW
MessageBoxW
PeekMessageW
GetWindowRect
InflateRect
EndPaint
IsWindow
UpdateWindow
CharUpperW
EnumChildWindows
GetWindowDC
DrawIcon
TranslateMessage
IsWindowEnabled
GetWindow
PostMessageW
GetSysColor
DispatchMessageW
SetActiveWindow
GetDC
GetWindowLongW
CreateDialogParamW
MapDialogRect
SendMessageW
DrawFocusRect
SendDlgItemMessageW
FindWindowExW
IsWindowVisible
LoadStringW
SetWindowTextW
GetDlgItem
RemovePropW
SystemParametersInfoW
CallWindowProcW
SetWindowPos
EnableMenuItem
ScreenToClient
InvalidateRect
wsprintfA
LoadImageW
GetClassNameW
DialogBoxIndirectParamW
FillRect
CopyRect
WaitForInputIdle
SetDlgItemTextW
GetDesktopWindow
IsDialogMessageW
LoadIconW
RegisterClassExW
CreateWindowExW
MsgWaitForMultipleObjects
wsprintfW
SetForegroundWindow
GetDlgItemTextW
DrawTextW
DestroyWindow
ExitWindowsEx
GetClientRect
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
Ord(169)
Ord(137)
Ord(8)
Ord(141)
Ord(88)
CoInitializeEx
CoUninitialize
CoInitializeSecurity
Number of PE resources by type
RT_STRING 25
RT_DIALOG 23
RT_ICON 11
RT_BITMAP 6
RT_GROUP_ICON 3
GIF 1
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 45
ENGLISH US 26
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
InstallScript Setup Launcher

CharacterSet
Unicode

InitializedDataSize
389120

InternalBuildNumber
120108

ISInternalVersion
19.0.185

OriginalFileName
InstallShield Setup.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.00.000

TimeStamp
2012:09:10 00:28:54+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Setup

ProductVersion
1.00.000

SubsystemVersion
5.0

ISInternalDescription
InstallScript Setup Launcher

OSVersion
4.0

EntryPoint
0x3df7d

FileOS
Win32

LegalCopyright
Copyright (c) 2012 Flexera Software LLC. All Rights Reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
ZOHO Corp

CodeSize
417280

ProductName
ADAudit Plus

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 25a8f1e36bff6b5eb70ed6767666c0d2
SHA1 74b22fb0b3ff6a4fcecd37afc7c840bf49792b45
SHA256 ecfa5434202260e83d79004e69118c1be078fe61a4eac36c6a113e48907713c0
ssdeep
1572864:wAt++uCPWeOZuhYcXY19JK7ko/jWltjlyGrD46V:wC++uCPgZuOckQ/gtHX4i

authentihash 46022c81b90f517aeb6fecd1ddb01ced1f5b80848848edb38a9cb06e9c494d1f
imphash bfecaaab94acbf4570f22de5aced082c
File size 61.2 MB ( 64123440 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID DirectShow filter (40.4%)
Windows ActiveX control (23.4%)
Win32 EXE PECompact compressed (v2.x) (11.8%)
InstallShield setup (8.6%)
Win32 EXE PECompact compressed (generic) (8.3%)
Tags
revoked-cert peexe signed overlay

VirusTotal metadata
First submission 2016-03-15 18:20:28 UTC ( 1 year, 10 months ago )
Last submission 2016-03-29 08:30:02 UTC ( 1 year, 9 months ago )
File names InstallShield Setup.exe
Setup
817778
ManageEngine_ADAudit_Plus.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!