× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ee892eb25b4341e5c7684f0b145d455a58b93fd834a304313262a85586425bb4
File name: MsavSetup.2.2.2.165.exe
Detection ratio: 1 / 68
Analysis date: 2018-11-16 18:58:07 UTC ( 6 months, 1 week ago ) View latest
Antivirus Result Update
DrWeb Program.Monitor.2835 20181116
Ad-Aware 20181116
AegisLab 20181116
AhnLab-V3 20181116
Alibaba 20180921
ALYac 20181116
Antiy-AVL 20181116
Arcabit 20181116
Avast 20181116
Avast-Mobile 20181116
AVG 20181116
Avira (no cloud) 20181116
AVware 20180925
Babable 20180918
Baidu 20181116
BitDefender 20181116
Bkav 20181116
CAT-QuickHeal 20181116
ClamAV 20181116
CMC 20181116
Comodo 20181116
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181116
Cyren 20181116
Emsisoft 20181116
Endgame 20181108
ESET-NOD32 20181116
F-Prot 20181116
F-Secure 20181116
Fortinet 20181116
GData 20181116
Ikarus 20181116
Sophos ML 20181108
Jiangmin 20181116
K7AntiVirus 20181116
K7GW 20181116
Kaspersky 20181116
Kingsoft 20181116
Malwarebytes 20181116
MAX 20181116
McAfee 20181116
McAfee-GW-Edition 20181116
Microsoft 20181116
eScan 20181116
NANO-Antivirus 20181116
Palo Alto Networks (Known Signatures) 20181116
Panda 20181116
Qihoo-360 20181116
Rising 20181116
SentinelOne (Static ML) 20181011
Sophos AV 20181116
SUPERAntiSpyware 20181114
Symantec 20181116
Symantec Mobile Insight 20181108
TACHYON 20181116
Tencent 20181116
TheHacker 20181113
TotalDefense 20181116
TrendMicro 20181116
TrendMicro-HouseCall 20181116
Trustlook 20181116
VBA32 20181116
VIPRE 20181116
ViRobot 20181116
Webroot 20181116
Yandex 20181115
Zillya 20181116
ZoneAlarm by Check Point 20181116
Zoner 20181116
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version
Description Moon Secure Antivirus Setup
Comments This installation was built with Inno Setup: http://www.innosetup.com
Packers identified
F-PROT INNO
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00009264
Number of sections 8
PE sections
Overlays
MD5 d78f38e733d5228e71c8c76032a5d67b
File type data
Offset 50688
Size 26161898
Entropy 8.00
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
GetModuleFileNameA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
CloseHandle
GetFullPathNameA
LocalFree
CreateProcessA
InitializeCriticalSection
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
CharNextA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 6
ENGLISH US 4
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
This installation was built with Inno Setup: http://www.innosetup.com

InitializedDataSize
14336

ImageVersion
0.0

FileVersionNumber
0.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Windows, Latin1

LinkerVersion
2.25

FileTypeExtension
exe

MIMEType
application/octet-stream

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
Moon Secure Antivirus Setup

OSVersion
1.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Trieu Tran Duc

CodeSize
35328

FileSubtype
0

ProductVersionNumber
0.0.0.0

EntryPoint
0x9264

ObjectFileType
Executable application

File identification
MD5 eb5fbfea3192010eb0cee4039d5fb970
SHA1 5731f6bb7d8e153686dc8ffddf592f55eddab7a1
SHA256 ee892eb25b4341e5c7684f0b145d455a58b93fd834a304313262a85586425bb4
ssdeep
786432:ueAQJBNGrGIOh7EE4Pw1WFlviwbWuaf/YiK+WPC/Ql08Up9:uZQgxE7Ehw1KlqwcoX+WPYQG8s9

authentihash 4218382b5123544ed025dd4de56d073fe52abc68f5cf5a60982270efb93f92f7
imphash 25890460a2b98652bed7ba240be2c1d7
File size 25.0 MB ( 26212586 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (92.8%)
Win32 Executable (generic) (3.8%)
Generic Win/DOS Executable (1.6%)
DOS Executable Generic (1.6%)
Tags
peexe overlay via-tor software-collection

VirusTotal metadata
First submission 2009-07-30 14:22:10 UTC ( 9 years, 10 months ago )
Last submission 2019-04-11 08:28:24 UTC ( 1 month, 2 weeks ago )
File names moon-secure-antivirus.exe
MsavSetup.2.2.2.165.exe
Moon Secure Antivirus MsavSetup.2.2.2.165.exe
MsavSetup.2.2.2.165.exe
msavsetup.2.2.2.165.exe
file
Hazard Shield 2.2.2.165.exe
MoonSecure (GNU GPL) MsavSetup.2.2.2.165.exe
Moon Secure Antivirus Setup.2.2.2.165.exe
filename
Moon Secure Antivirus.exe
software.exe
g_redir.php
MsavSetup.2.2.2.165.exe
MoonAV01102014.exe
EE892EB25B4341E5C7684F0B145D455A58B93FD834A304313262A85586425BB4
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!