× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: eeaaee167b79ba51ef33bd87b464b61d9095fc43fdffe0da6010b46b9962434e
File name: setupBotFence.exe
Detection ratio: 0 / 58
Analysis date: 2016-03-25 10:26:19 UTC ( 2 years, 12 months ago ) View latest
Antivirus Result Update
Ad-Aware 20160325
AegisLab 20160325
Yandex 20160316
AhnLab-V3 20160325
Alibaba 20160323
ALYac 20160325
Antiy-AVL 20160325
Arcabit 20160325
Avast 20160325
AVG 20160325
Avira (no cloud) 20160325
AVware 20160325
Baidu 20160324
Baidu-International 20160325
BitDefender 20160325
Bkav 20160324
ByteHero 20160325
CAT-QuickHeal 20160325
ClamAV 20160325
CMC 20160322
Comodo 20160325
Cyren 20160325
DrWeb 20160325
Emsisoft 20160325
ESET-NOD32 20160325
F-Prot 20160325
F-Secure 20160325
Fortinet 20160325
GData 20160325
Ikarus 20160325
Jiangmin 20160325
K7AntiVirus 20160325
K7GW 20160323
Kaspersky 20160325
Kingsoft 20160325
Malwarebytes 20160325
McAfee 20160325
McAfee-GW-Edition 20160325
Microsoft 20160325
eScan 20160325
NANO-Antivirus 20160325
nProtect 20160324
Panda 20160324
Qihoo-360 20160325
Rising 20160325
Sophos AV 20160325
SUPERAntiSpyware 20160325
Symantec 20160325
Tencent 20160325
TheHacker 20160325
TotalDefense 20160325
TrendMicro 20160325
TrendMicro-HouseCall 20160325
VBA32 20160324
VIPRE 20160325
ViRobot 20160325
Zillya 20160324
Zoner 20160325
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (c) 2014 Flexera Software LLC. All Rights Reserved.

Product BotFence
Original name InstallShield Setup.exe
Internal name Setup
File version 2.15.0002
Description Setup Launcher Unicode
Signature verification Signed file, verified signature
Signing date 7:26 PM 2/19/2016
Signers
[+] Servolutions GmbH
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Go Daddy Secure Certificate Authority - G2
Valid from 10:47 AM 02/16/2016
Valid to 10:47 AM 02/16/2017
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint D7D1025FADDAD436526AD20C408AB405C0E10F58
Serial number 01 0D 46 2E 2B DA F3 76
[+] Go Daddy Secure Certificate Authority - G2
Status Valid
Issuer Go Daddy Root Certificate Authority - G2
Valid from 06:00 AM 05/03/2011
Valid to 06:00 AM 05/03/2031
Valid usage All
Algorithm sha256RSA
Thumbprint 27AC9369FAF25207BB2627CEFACCBE4EF9C319B8
Serial number 07
[+] Go Daddy Root Certificate Authority - G2
Status Valid
Issuer Go Daddy Class 2 Certification Authority
Valid from 07:00 AM 01/01/2014
Valid to 06:00 AM 05/30/2031
Valid usage All
Algorithm sha256RSA
Thumbprint 340B2880F446FCC04E59ED33F52B3D08D6242964
Serial number 1B E7 15
[+] Go Daddy Class 2 Certification Authority
Status Valid
Issuer Go Daddy Class 2 Certification Authority
Valid from 04:06 PM 06/29/2004
Valid to 04:06 PM 06/29/2034
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 2796BAE63F1801E277261BA0D77770028F20EEE4
Serial number 00
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 11:00 PM 10/17/2012
Valid to 11:59 PM 12/29/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 12/21/2012
Valid to 11:59 PM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 01/01/1997
Valid to 11:59 PM 12/31/2020
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-17 22:51:43
Entry Point 0x000A5F7C
Number of sections 4
PE sections
Overlays
MD5 e081d7c843b071e88f5e7b9b97cfd537
File type data
Offset 1563648
Size 4044760
Entropy 8.00
PE imports
SetSecurityDescriptorOwner
RegCreateKeyExW
RegCloseKey
RegCreateKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW
SetSecurityDescriptorDacl
OpenProcessToken
RegEnumKeyW
RegOpenKeyExW
RegOpenKeyW
GetTokenInformation
RegQueryInfoKeyW
RegEnumKeyExW
OpenThreadToken
RegEnumValueW
RegSetValueExW
FreeSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
EqualSid
SetSecurityDescriptorGroup
GetDIBColorTable
SetMapMode
GetSystemPaletteEntries
PatBlt
PlayMetaFile
SaveDC
CreateHalftonePalette
SetStretchBltMode
SetMetaFileBitsEx
GetDeviceCaps
TranslateCharsetInfo
DeleteDC
RestoreDC
SetBkMode
CreateFontIndirectW
CreateBitmap
CreateFontW
SetPixel
SetWindowOrgEx
GetObjectW
BitBlt
RealizePalette
SetTextColor
CreatePatternBrush
GetTextExtentPoint32W
CreateDCW
CreatePalette
GetStockObject
CreateDIBitmap
SetViewportOrgEx
SelectPalette
UnrealizeObject
SelectClipRgn
CreateCompatibleDC
StretchBlt
CreateRectRgn
SelectObject
SetWindowExtEx
CreateSolidBrush
SetViewportExtEx
SetBkColor
DeleteObject
CreateCompatibleBitmap
DeleteMetaFile
GetPrivateProfileSectionNamesA
GetStdHandle
GetDriveTypeW
WaitForSingleObject
HeapAlloc
EncodePointer
GetFileAttributesW
DuplicateHandle
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
lstrcatA
UnhandledExceptionFilter
SetErrorMode
FreeEnvironmentStringsW
lstrcatW
GetThreadContext
GetLocaleInfoW
SetStdHandle
GetFileTime
GetPrivateProfileSectionW
GetCPInfo
lstrcmpiA
GetDiskFreeSpaceW
InterlockedExchange
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
FormatMessageW
ResumeThread
OutputDebugStringW
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
TlsGetValue
CopyFileW
GetUserDefaultLangID
LoadResource
RemoveDirectoryW
IsDebuggerPresent
ExitProcess
VerLanguageNameW
RaiseException
LoadLibraryExA
GetPrivateProfileStringA
SetConsoleCtrlHandler
WritePrivateProfileSectionW
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
FatalAppExitA
SetFilePointerEx
FlushInstructionCache
GetPrivateProfileStringW
CreateThread
MoveFileExW
GetSystemDirectoryW
GetExitCodeThread
CreateSemaphoreW
MulDiv
IsProcessorFeaturePresent
ExitThread
DecodePointer
SetThreadContext
TerminateProcess
SetUnhandledExceptionFilter
GetModuleHandleExW
SetCurrentDirectoryW
GlobalAlloc
SetEndOfFile
GetVersion
LeaveCriticalSection
WriteConsoleW
CreateToolhelp32Snapshot
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
lstrcmpiW
RtlUnwind
GetWindowsDirectoryW
GetFileSize
WriteProcessMemory
OpenProcess
GetPrivateProfileIntA
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
VirtualProtectEx
GetProcessHeap
GetTempFileNameW
CreateFileMappingW
WriteFile
CompareStringW
lstrcpyW
GetModuleFileNameW
ExpandEnvironmentStringsW
lstrcmpA
FindNextFileW
lstrcpyA
CompareStringA
FindFirstFileW
IsValidLocale
lstrcmpW
GetProcAddress
SetEvent
ReadConsoleW
CreateEventW
SearchPathW
CreateFileW
GetFileType
TlsSetValue
GetCurrentThreadId
InterlockedIncrement
GetLastError
IsValidCodePage
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
GetTimeFormatW
GetProcessTimes
GetEnvironmentStringsW
GlobalUnlock
VirtualQuery
lstrlenW
Process32NextW
FileTimeToLocalFileTime
SizeofResource
CompareFileTime
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
Process32FirstW
GetCurrentThread
lstrcpynW
GetSystemDefaultLangID
QueryPerformanceFrequency
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
GlobalLock
GetModuleHandleW
FreeResource
FindResourceExW
GetCurrentDirectoryW
UnmapViewOfFile
FindResourceW
CreateProcessW
Sleep
IsBadReadPtr
GetOEMCP
ResetEvent
VarBstrCmp
VarUI4FromStr
VarBstrCat
SysStringLen
SystemTimeToVariantTime
SysStringByteLen
CreateErrorInfo
SysAllocStringLen
VarBstrFromDate
VariantChangeType
VariantClear
SysAllocString
SysReAllocStringLen
RegisterTypeLib
LoadTypeLib
GetErrorInfo
SysFreeString
SysAllocStringByteLen
SetErrorInfo
UuidFromStringW
UuidCreate
UuidToStringW
RpcStringFreeW
SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetMalloc
CommandLineToArgvW
MapWindowPoints
DrawTextW
PostQuitMessage
SetWindowPos
IsWindow
EndPaint
SetActiveWindow
DispatchMessageW
MapDialogRect
GetDlgCtrlID
SendMessageW
GetClientRect
GetDlgItemTextW
LoadImageW
GetWindowTextW
MsgWaitForMultipleObjects
DestroyWindow
GetParent
UpdateWindow
GetPropW
GetMessageW
ShowWindow
SetPropW
PeekMessageW
EnableWindow
CharUpperW
TranslateMessage
GetWindow
RegisterClassW
DrawFocusRect
SetTimer
IsDialogMessageW
FillRect
MonitorFromPoint
CopyRect
WaitForInputIdle
GetSysColorBrush
CreateWindowExW
GetWindowLongW
CharNextW
SetFocus
BeginPaint
DefWindowProcW
KillTimer
CharPrevW
GetSystemMetrics
SetWindowLongW
GetWindowRect
InflateRect
DrawIcon
EnumChildWindows
SendDlgItemMessageW
PostMessageW
CreateDialogParamW
SetWindowTextW
GetDlgItem
RemovePropW
ScreenToClient
DialogBoxIndirectParamW
GetDesktopWindow
LoadCursorW
LoadIconW
FindWindowExW
GetDC
SetForegroundWindow
ExitWindowsEx
CreateDialogIndirectParamW
ReleaseDC
IntersectRect
EndDialog
FindWindowW
wvsprintfW
MessageBoxW
RegisterClassExW
MoveWindow
GetWindowDC
GetSysColor
SetDlgItemTextW
SubtractRect
SetRect
InvalidateRect
wsprintfA
CallWindowProcW
GetClassNameW
wsprintfW
SetCursor
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
GdipSetInterpolationMode
GdipCreateFromHDC
GdipFree
GdipGetImageHeight
GdipAlloc
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipGetImageWidth
GdipDrawImageRectI
GdipDeleteGraphics
GdipCreateBitmapFromResource
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CoTaskMemAlloc
ProgIDFromCLSID
GetRunningObjectTable
CoTaskMemRealloc
CLSIDFromProgID
CoInitializeSecurity
CoCreateGuid
CoCreateInstance
CoTaskMemFree
StringFromGUID2
CreateItemMoniker
Number of PE resources by type
RT_STRING 25
RT_DIALOG 23
RT_ICON 11
RT_BITMAP 6
RT_GROUP_ICON 3
GIF 2
RT_MANIFEST 2
PNG 2
RT_VERSION 1
Number of PE resources by language
NEUTRAL 48
ENGLISH US 27
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
600576

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.15.2.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Setup Launcher Unicode

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
11.0

InternalBuildNumber
147420

ISInternalVersion
21.0.338

OriginalFileName
InstallShield Setup.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.15.0002

TimeStamp
2014:12:17 23:51:43+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Setup

ProductVersion
2.15.0002

SubsystemVersion
5.1

ISInternalDescription
Setup Launcher Unicode

OSVersion
5.1

EntryPoint
0xa5f7c

FileOS
Win32

LegalCopyright
Copyright (c) 2014 Flexera Software LLC. All Rights Reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Servolutions GmbH

CodeSize
962048

ProductName
BotFence

ProductVersionNumber
2.15.2.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 c38a31716580bdff5eeac56c16a12492
SHA1 3002e5c71363f6a1f4898783ae75148058a0ed56
SHA256 eeaaee167b79ba51ef33bd87b464b61d9095fc43fdffe0da6010b46b9962434e
ssdeep
98304:90kuRxzxAlEZ/ZMsdr5/bCP0YIaN0FS8z4V7VdbLLEWhjgwq+mF9T2606zn:iRxzxj/msPQkA7bQW5gwkHnFn

authentihash f9ce4a12388cd4f69eb26c4682c38086a17a530c2b85e725e9904547fb844a4e
imphash 0d45614ce1da2206df8b743dab46d7e4
File size 5.3 MB ( 5608408 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2016-02-22 19:10:32 UTC ( 3 years, 1 month ago )
Last submission 2018-07-18 14:53:26 UTC ( 8 months, 1 week ago )
File names InstallShield Setup.exe
setupbotfence.exe
Setup
setupBotFence.exe
setupbotfence.exe
setupBotFence - Copia.exe
setupBotFence.exe
setupbotfence.exe
810658
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications