× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f0685fe2c2d01b92596b7f2ae470d1ff554d61b751b577039a6fac42e3bcb44f
File name: ProfileViewersSetup.exe
Detection ratio: 21 / 47
Analysis date: 2013-07-03 08:08:35 UTC ( 5 years, 8 months ago ) View latest
Antivirus Result Update
BitDefender Trojan.Generic.9240176 20130701
DrWeb Trojan.AVKill.30538 20130703
Emsisoft Trojan.Generic.9240176 (B) 20130703
ESET-NOD32 JS/TrojanClicker.Agent.NDL 20130702
F-Secure Trojan.Script.488220 20130703
Fortinet JS/JSRedir.DO!tr 20130703
GData Trojan.Generic.9240176 20130703
Ikarus Trojan.SuspectCRC 20130703
K7AntiVirus Riskware 20130702
K7GW Riskware 20130702
Kingsoft Win32.Troj.ADClicker.(kcloud) 20130506
Malwarebytes Spyware.Password 20130703
McAfee Artemis!32A0122C91E2 20130703
McAfee-GW-Edition Artemis!32A0122C91E2 20130703
NANO-Antivirus Trojan.Win32.AVKill.bvhmmq 20130703
Norman Troj_Generic.MHSGJ 20130703
nProtect Trojan.Generic.9240176 20130703
Panda Suspicious file 20130703
Sophos AV Mal/Generic-S 20130703
TrendMicro-HouseCall TROJ_GEN.R047H01FO13 20130703
VIPRE Trojan.Win32.Clicker!BT 20130703
Yandex 20130702
AhnLab-V3 20130703
AntiVir 20130703
Antiy-AVL 20130702
Avast 20130703
AVG 20130702
ByteHero 20130613
CAT-QuickHeal 20130703
ClamAV 20130702
Commtouch 20130703
Comodo 20130703
eSafe 20130701
F-Prot 20130703
Jiangmin 20130703
Kaspersky 20130703
Microsoft 20130703
eScan 20130702
PCTools 20130703
Rising 20130703
SUPERAntiSpyware 20130703
Symantec 20130703
TheHacker 20130630
TotalDefense 20130702
TrendMicro 20130703
VBA32 20130702
ViRobot 20130703
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Facebook

Product Page loaded installer
Original name setup.exe
Internal name setup.exe
File version 4.1.2.5
Description Deploy Page loaded browsers extension
Signature verification Signed file, verified signature
Signing date 4:21 PM 6/18/2013
Signers
[+] rinim
Status The certificate or certificate chain is based on an untrusted root.
Issuer rinim
Valid from 11:00 PM 12/31/2012
Valid to 11:00 PM 12/31/2018
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint D263125E4A1F1CE739D0F8D3297542BB73FEB405
Serial number 3D 93 94 A4 D3 EC 5E 8A 45 B5 17 1E 76 F8 19 9A
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-29 18:03:41
Entry Point 0x0001F3A0
Number of sections 9
PE sections
Overlays
MD5 50c56cfca21a9fa6083f6a7d7260bec3
File type data
Offset 342016
Size 2752
Entropy 7.38
PE imports
SHGetFolderPathA
RegFlushKey
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetSystemInfo
lstrlenA
GetFileAttributesA
WaitForSingleObject
FreeLibrary
QueryPerformanceCounter
CopyFileA
GetTickCount
GetThreadLocale
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
GetLocalTime
WritePrivateProfileStringA
DeleteCriticalSection
GetStartupInfoA
GetDateFormatA
LoadLibraryExA
SizeofResource
GetPrivateProfileStringA
GetLocaleInfoA
GetFileSize
CreateDirectoryA
LockResource
IsDBCSLeadByte
DeleteFileA
GetWindowsDirectoryA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
EnumCalendarInfoA
GetCPInfo
GetCommandLineA
GetProcAddress
FormatMessageA
GetFullPathNameA
SetFilePointer
GetTempPathA
RaiseException
CompareStringA
CloseHandle
WideCharToMultiByte
GetModuleHandleA
FindFirstFileA
WriteFile
GetCurrentProcess
ReadFile
ResetEvent
lstrcpynA
GetSystemDirectoryA
GetACP
GetDiskFreeSpaceA
FreeResource
SetFileAttributesA
SetEvent
FindResourceA
CreateProcessA
GetExitCodeProcess
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
CreateEventA
FindClose
InterlockedDecrement
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
LocalAlloc
InterlockedIncrement
StringFromCLSID
CoTaskMemFree
CoCreateGuid
VariantChangeType
SafeArrayGetLBound
SafeArrayPtrOfIndex
SysAllocStringLen
VariantClear
SafeArrayCreate
SysReAllocStringLen
SafeArrayGetUBound
VariantCopy
SysFreeString
VariantInit
ShellExecuteExA
CharPrevA
MapVirtualKeyA
keybd_event
FindWindowA
GetSystemMetrics
DispatchMessageA
VkKeyScanA
CharUpperBuffA
MessageBoxA
PeekMessageA
TranslateMessage
GetWindow
SetKeyboardState
GetKeyState
LoadStringA
SendMessageA
GetKeyboardState
CharNextA
WaitForInputIdle
MsgWaitForMultipleObjects
GetWindowTextA
CharToOemA
GetKeyboardType
IsDialogMessageA
DestroyWindow
Number of PE resources by type
RT_STRING 8
RT_RCDATA 5
RT_ICON 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 13
ENGLISH US 5
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
225280

ImageVersion
0.0

ProductName
Page loaded installer

FileVersionNumber
4.1.2.5

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Deploy Page loaded browsers extension

CharacterSet
Windows, Latin1

LinkerVersion
2.25

FileTypeExtension
exe

OriginalFileName
setup.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
4.1.2.5

TimeStamp
2013:03:29 19:03:41+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
setup.exe

ProductVersion
4.1.2.5

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

LegalCopyright
Facebook

MachineType
Intel 386 or later, and compatibles

CodeSize
124416

FileSubtype
0

ProductVersionNumber
4.1.2.5

EntryPoint
0x1f3a0

ObjectFileType
Executable application

File identification
MD5 32a0122c91e2d9db019e2f7fee7392bc
SHA1 fa87615c53d831b5cf8767690ad115f5a2fcba2f
SHA256 f0685fe2c2d01b92596b7f2ae470d1ff554d61b751b577039a6fac42e3bcb44f
ssdeep
6144:zvrvJbJYWoGBTEjji3Jwc8yna55uvDybzJs/OdFG+I0Qb5:zLwWoGVEjQJwc8wvmJs2/M0Qb5

authentihash e99eddfefe71baea0bdea237db620ae62469bcb780238de3cf0b13f7cf6b1f09
imphash 73747b911244725f88ce26d959287999
File size 336.7 KB ( 344768 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Delphi generic (37.4%)
Windows screen saver (34.5%)
Win32 Executable (generic) (11.9%)
Win16/32 Executable Delphi generic (5.4%)
Generic Win/DOS Executable (5.2%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2013-06-24 09:11:41 UTC ( 5 years, 8 months ago )
Last submission 2013-11-19 21:29:12 UTC ( 5 years, 4 months ago )
File names profileviewerssetup.exe
ProfileViewersSetup (1).exe
ProfileViewersSetup.exe
vt-upload-qJfWZ
vti-rescan
fffffff.exe
setup.exe
file-5670411_exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Runtime DLLs