× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f1ca06ec966ac4e7ec1880ed081a0af2e3d3cbdc1e4ffeb387e8bc79456b3441
File name: IObit-Undelete.exe
Detection ratio: 1 / 67
Analysis date: 2018-11-07 11:01:18 UTC ( 2 months, 1 week ago ) View latest
Antivirus Result Update
DrWeb Program.Unwanted.1183 20181107
Ad-Aware 20181107
AegisLab 20181107
AhnLab-V3 20181106
Alibaba 20180921
ALYac 20181107
Antiy-AVL 20181107
Arcabit 20181107
Avast 20181107
Avast-Mobile 20181107
AVG 20181107
Avira (no cloud) 20181107
Babable 20180918
Baidu 20181107
BitDefender 20181107
Bkav 20181107
CAT-QuickHeal 20181105
ClamAV 20181107
CMC 20181107
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181107
Cyren 20181107
eGambit 20181107
Emsisoft 20181107
Endgame 20180730
ESET-NOD32 20181107
F-Prot 20181107
F-Secure 20181107
Fortinet 20181107
GData 20181107
Ikarus 20181107
Sophos ML 20180717
Jiangmin 20181107
K7AntiVirus 20181107
K7GW 20181107
Kaspersky 20181107
Kingsoft 20181107
Malwarebytes 20181107
MAX 20181107
McAfee 20181107
McAfee-GW-Edition 20181107
Microsoft 20181107
eScan 20181107
NANO-Antivirus 20181107
Palo Alto Networks (Known Signatures) 20181107
Panda 20181106
Qihoo-360 20181107
Rising 20181107
SentinelOne (Static ML) 20181011
Sophos AV 20181107
SUPERAntiSpyware 20181107
Symantec 20181107
Symantec Mobile Insight 20181105
TACHYON 20181107
Tencent 20181107
TheHacker 20181107
TrendMicro 20181107
TrendMicro-HouseCall 20181107
Trustlook 20181107
VBA32 20181106
VIPRE 20181107
ViRobot 20181107
Webroot 20181107
Yandex 20181106
Zillya 20181106
ZoneAlarm by Check Point 20181107
Zoner 20181107
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright© 2005-2016

Product IObit Undelete
Original name IObit
File version 1.0.0.369
Description IObit Undelete
Comments IObit Undelete
Signature verification Signed file, verified signature
Signing date 4:24 AM 8/12/2016
Signers
[+] IObit Information Technology
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Symantec Class 3 SHA256 Code Signing CA
Valid from 1:00 AM 12/23/2015
Valid to 12:59 AM 3/24/2018
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 72E43BDF20C3532371DD5A0A4BB27E0B3DA44248
Serial number 45 4A 6C D2 E1 E6 3C A9 D5 42 DF DA B5 18 FE D9
[+] Symantec Class 3 SHA256 Code Signing CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 12/10/2013
Valid to 12:59 AM 12/10/2023
Valid usage Client Auth, Code Signing
Algorithm sha256RSA
Thumbprint 007790F6561DAD89B0BCD85585762495E358F8A5
Serial number 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-11 09:12:40
Entry Point 0x001B0170
Number of sections 10
PE sections
Overlays
MD5 50cabd4421b3a7a074ffd096db9423ca
File type data
Offset 2494976
Size 13088
Entropy 7.35
PE imports
SetSecurityDescriptorDacl
RegCreateKeyExW
RegFlushKey
RegCloseKey
GetUserNameA
FreeSid
RegQueryInfoKeyW
RegQueryValueExA
RegOpenKeyExW
InitializeSecurityDescriptor
RegSetValueExA
RegEnumKeyA
RegDeleteValueA
AllocateAndInitializeSid
RegCreateKeyExA
RegOpenKeyExA
GetUserNameW
RegQueryValueExW
ImageList_BeginDrag
ImageList_GetImageCount
ImageList_SetBkColor
ImageList_Replace
FlatSB_SetScrollInfo
InitCommonControls
ImageList_SetImageCount
FlatSB_GetScrollInfo
ImageList_GetDragImage
FlatSB_SetScrollProp
ImageList_Create
ImageList_DragMove
ImageList_DrawEx
ImageList_SetIconSize
ImageList_Write
ImageList_Read
ImageList_Destroy
_TrackMouseEvent
ImageList_Draw
ImageList_GetIconSize
ImageList_DragLeave
ImageList_GetBkColor
FlatSB_SetScrollPos
ImageList_DragEnter
ImageList_Add
InitializeFlatSB
FlatSB_GetScrollPos
ImageList_DragShowNolock
ImageList_Remove
ImageList_EndDrag
GetSaveFileNameA
PrintDlgW
GetTextMetricsW
SetMapMode
GetWindowOrgEx
ResizePalette
SetTextAlign
GetPaletteEntries
CombineRgn
GetViewportOrgEx
GetObjectType
CopyEnhMetaFileW
SetPixel
EndDoc
IntersectClipRect
StretchDIBits
CreatePalette
CreateDIBitmap
GetDIBits
GetEnhMetaFileBits
GetDCOrgEx
StretchBlt
GetTextFaceA
SetBkColor
SetWinMetaFileBits
GetDIBColorTable
DeleteEnhMetaFile
GetSystemPaletteEntries
SetStretchBltMode
GetCurrentPositionEx
TextOutA
CreateRectRgnIndirect
GetPixel
GetBrushOrgEx
ExcludeClipRect
SetBkMode
BitBlt
CreateFontA
SetAbortProc
FrameRgn
CreateBrushIndirect
SelectPalette
SetROP2
EndPage
GetNearestPaletteIndex
SetDIBColorTable
DeleteObject
CreatePenIndirect
PatBlt
CreatePen
GetClipBox
Rectangle
GetDeviceCaps
LineTo
DeleteDC
CreateFontIndirectW
StartPage
GetObjectW
CreateDCW
RealizePalette
SetEnhMetaFileBits
CreateBitmap
RectVisible
GetStockObject
PlayEnhMetaFile
UnrealizeObject
GdiFlush
SelectClipRgn
GetTextAlign
GetTextExtentPoint32A
GetWinMetaFileBits
GetEnhMetaFileHeader
SetWindowOrgEx
GetClipRgn
GetTextExtentPoint32W
Polygon
CreateHalftonePalette
GetRgnBox
SaveDC
CreateICW
MaskBlt
GetEnhMetaFilePaletteEntries
RestoreDC
GetBitmapBits
GetTextExtentExPointW
CreateDIBSection
SetTextColor
GetCurrentObject
MoveToEx
SetViewportOrgEx
ExtTextOutW
CreateRoundRectRgn
CreateCompatibleDC
CreateFontW
SetBrushOrgEx
CreateRectRgn
SelectObject
StartDocA
CreateCompatibleBitmap
CreateSolidBrush
Polyline
StartDocW
Ellipse
SetThreadLocale
GetStdHandle
GetDriveTypeW
ReleaseMutex
FileTimeToSystemTime
CreateFileMappingA
GetOverlappedResult
WaitForSingleObject
FindNextFileA
HeapDestroy
SignalObjectAndWait
GetFileAttributesW
DuplicateHandle
GetLocalTime
HeapAlloc
GetCurrentProcess
FileTimeToDosDateTime
OpenFileMappingW
GetLocaleInfoA
LocalAlloc
GetVolumeInformationW
ExpandEnvironmentStringsA
OpenFileMappingA
SetErrorMode
GetThreadContext
GetLocaleInfoW
GetFileTime
GetTempPathA
WideCharToMultiByte
GetFileAttributesA
GetDiskFreeSpaceW
InterlockedExchange
WriteFile
GetDiskFreeSpaceA
GetThreadPriority
SetFileAttributesA
SetEvent
LocalFree
FormatMessageW
ResumeThread
InitializeCriticalSection
OutputDebugStringW
GlobalHandle
GetLogicalDriveStringsW
FindClose
TlsGetValue
MoveFileW
SetFileAttributesW
GetCurrentThread
GetEnvironmentVariableW
SetLastError
GetSystemTime
DeviceIoControl
InterlockedDecrement
GlobalFindAtomW
WriteProcessMemory
LoadResource
GetModuleFileNameW
Beep
CopyFileA
ExitProcess
RemoveDirectoryA
RaiseException
EnumCalendarInfoA
GetPriorityClass
LoadLibraryExA
SetThreadPriority
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
FlushInstructionCache
GetPrivateProfileStringW
FormatMessageA
CreateRemoteThread
CreateMutexA
GetModuleHandleA
GlobalMemoryStatus
GlobalAddAtomW
CreateThread
GetSystemDirectoryW
DeleteCriticalSection
GetExitCodeThread
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
ExitThread
WaitForMultipleObjectsEx
TerminateProcess
VirtualQuery
LocalFileTimeToFileTime
VirtualQueryEx
CreateEventW
SetEndOfFile
GetVersion
InterlockedIncrement
HeapFree
EnterCriticalSection
TerminateThread
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
VirtualProtect
GetVersionExA
FindFirstFileA
RtlUnwind
CopyFileW
GlobalSize
GetStartupInfoA
GetFileSize
OpenProcess
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetDateFormatW
ReadProcessMemory
CreateDirectoryW
DeleteFileW
GetProcAddress
CreateFileMappingW
GetProfileStringW
CompareStringW
lstrcpyW
GlobalReAlloc
lstrcmpA
FindNextFileW
ResetEvent
GetComputerNameA
FindFirstFileW
IsValidLocale
lstrcmpW
GlobalLock
SuspendThread
GetModuleFileNameA
LocalSize
CreateFileW
GetFileType
TlsSetValue
CreateFileA
GetCurrentThreadId
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
GlobalDeleteAtom
HeapCreate
GetSystemInfo
GlobalFree
GetThreadLocale
GlobalUnlock
GlobalAlloc
lstrlenW
CreateProcessW
SwitchToThread
SizeofResource
CompareFileTime
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
GetCPInfo
GetCommandLineA
InterlockedCompareExchange
WritePrivateProfileStringW
lstrcpynW
QueryPerformanceFrequency
MapViewOfFile
SetFilePointer
GetFullPathNameW
ReadFile
InterlockedExchangeAdd
CloseHandle
GetACP
GetModuleHandleW
FreeResource
FileTimeToLocalFileTime
CreatePipe
CreateProcessA
UnmapViewOfFile
FindResourceW
VirtualFree
Sleep
IsBadReadPtr
FindResourceA
VirtualAlloc
CompareStringA
TransparentBlt
AlphaBlend
CreateStreamOnHGlobal
OleUninitialize
CoUninitialize
CoInitialize
OleInitialize
CoCreateInstance
CoTaskMemAlloc
CreateErrorInfo
VariantChangeType
SafeArrayGetLBound
SafeArrayPtrOfIndex
SysAllocStringLen
VariantClear
SafeArrayCreate
SysReAllocStringLen
SafeArrayGetUBound
VariantInit
VariantCopy
GetErrorInfo
SysFreeString
SetErrorInfo
ShellExecuteExA
SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFileInfoW
SHGetDesktopFolder
SHGetPathFromIDListA
SHGetSpecialFolderPathW
SHGetMalloc
ShellExecuteA
MapWindowPoints
GetMessagePos
SetWindowRgn
RedrawWindow
LoadBitmapW
EnableScrollBar
DestroyMenu
PostQuitMessage
GetForegroundWindow
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
WindowFromPoint
DrawIcon
CharUpperBuffW
SetMenuItemInfoW
SetActiveWindow
GetMenuItemID
GetCursorPos
ReleaseDC
GetMenuStringW
SendMessageW
IsDialogMessageW
SendMessageA
UnregisterClassW
GetClientRect
GetMenuItemInfoW
DefMDIChildProcW
DrawTextW
SetScrollPos
CallNextHookEx
IsClipboardFormatAvailable
GetSysColor
GetKeyboardState
ClientToScreen
GetTopWindow
GetWindowTextW
EnumClipboardFormats
LoadImageA
MsgWaitForMultipleObjects
ScrollWindow
GetWindowTextA
PtInRect
GetMessageA
GetParent
UpdateWindow
GetPropW
EqualRect
SetClassLongW
EnumWindows
GetMessageW
ShowWindow
DrawFrameControl
SetPropW
GetDesktopWindow
PeekMessageW
TranslateMDISysAccel
InsertMenuItemW
SetWindowPlacement
LockWindowUpdate
PeekMessageA
ChildWindowFromPoint
TranslateMessage
IsWindowEnabled
GetWindow
ActivateKeyboardLayout
RegisterClassW
GetIconInfo
SetParent
SetClipboardData
IsZoomed
GetWindowPlacement
LoadStringW
GetKeyboardLayoutList
DrawMenuBar
IsIconic
RegisterClassA
GetDCEx
GetSubMenu
SetTimer
GetActiveWindow
ShowOwnedPopups
FlashWindow
EnumThreadWindows
GetSysColorBrush
IsWindowUnicode
CreateWindowExW
GetWindowLongW
GetUpdateRect
CharNextW
IsChild
IsDialogMessageA
SetFocus
RegisterWindowMessageW
DrawEdge
SetCapture
BeginPaint
OffsetRect
DefWindowProcW
GetScrollPos
GetKeyboardLayoutNameW
KillTimer
MapVirtualKeyW
DefWindowProcA
GetClipboardData
GetSystemMetrics
SetWindowLongW
SetScrollRange
GetWindowRect
InflateRect
PostMessageA
ReleaseCapture
EnumChildWindows
GetScrollRange
CharLowerW
SetWindowLongA
PostMessageW
GetKeyNameTextW
CharToOemW
DrawTextExW
WaitMessage
SetWindowTextA
ShowCaret
DrawFocusRect
GetClassLongW
GetLastActivePopup
DrawIconEx
SetWindowTextW
CreateWindowExA
RemovePropW
CharLowerBuffW
BringWindowToTop
GetSystemMenu
ScreenToClient
TrackPopupMenu
PostThreadMessageW
GetMenuItemCount
AttachThreadInput
BeginDeferWindowPos
GetMenuState
SetWindowsHookExW
LoadCursorW
LoadIconW
FindWindowExW
GetDC
InsertMenuW
FillRect
SetForegroundWindow
PostThreadMessageA
OpenClipboard
EmptyClipboard
GetScrollBarInfo
DrawTextA
IntersectRect
GetScrollInfo
HideCaret
GetKeyboardLayout
FindWindowW
GetCapture
CreatePopupMenu
MessageBeep
RemoveMenu
GetWindowThreadProcessId
DeferWindowPos
ShowScrollBar
MessageBoxW
GetMenu
DestroyIcon
UnhookWindowsHookEx
LoadKeyboardLayoutW
MessageBoxA
GetClassNameA
GetWindowDC
DestroyCursor
AdjustWindowRectEx
MsgWaitForMultipleObjectsEx
RegisterClipboardFormatW
SetScrollInfo
GetKeyState
EndDeferWindowPos
EnableMenuItem
DefFrameProcW
IsWindowVisible
SystemParametersInfoW
DispatchMessageW
FrameRect
SetRect
DeleteMenu
InvalidateRect
SendMessageTimeoutA
CreateIcon
CallWindowProcW
GetClassNameW
DestroyWindow
GetClassInfoW
GetCursor
GetFocus
CreateMenu
EnableWindow
CloseClipboard
CheckMenuItem
GetKeyboardType
SetMenu
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA
timeGetTime
ClosePrinter
DocumentPropertiesW
EnumPrintersW
OpenPrinterW
setsockopt
bind
socket
recvfrom
inet_addr
send
WSACleanup
WSAStartup
gethostbyname
connect
sendto
closesocket
htons
recv
select
PE exports
Number of PE resources by type
RT_BITMAP 48
RT_STRING 26
RT_RCDATA 14
RT_GROUP_CURSOR 8
RT_CURSOR 8
RT_ICON 6
RT_DIALOG 2
MAD 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 63
NEUTRAL 54
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
IObit Undelete

InitializedDataSize
729088

ImageVersion
0.0

ProductName
IObit Undelete

FileVersionNumber
1.0.0.369

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Windows, Latin1

LinkerVersion
2.25

FileTypeExtension
exe

OriginalFileName
IObit

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.369

TimeStamp
2016:08:11 10:12:40+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

ProductVersion
1.0.0.0

FileDescription
IObit Undelete

OSVersion
5.0

FileOS
Win32

LegalCopyright
Copyright 2005-2016

MachineType
Intel 386 or later, and compatibles

CompanyName
IObit

CodeSize
1764864

FileSubtype
0

ProductVersionNumber
1.0.0.369

EntryPoint
0x1b0170

ObjectFileType
Executable application

Execution parents
Compressed bundles
File identification
MD5 f1f4c8061def9c1bfb6bb8197776a22b
SHA1 dd9f2b29d2668ef5c8da635918d829cf114f9685
SHA256 f1ca06ec966ac4e7ec1880ed081a0af2e3d3cbdc1e4ffeb387e8bc79456b3441
ssdeep
49152:lihSjrloBvB+MGbimD6OMnUTELYQJ50O9K:UhSjrmsznTM4iq

authentihash 15ae8260838cfe5361f1973a11b5f72569479e64375c53c29dba0183e8e2b587
imphash ae1b4df7b8d07585ab4f3da5a5372e27
File size 2.4 MB ( 2508064 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID DOS Borland compiled Executable (generic) (44.2%)
Win32 Executable (generic) (19.9%)
Win16/32 Executable Delphi generic (9.1%)
OS/2 Executable (generic) (8.9%)
Generic Win/DOS Executable (8.8%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2016-08-22 02:40:37 UTC ( 2 years, 4 months ago )
Last submission 2019-01-02 00:42:56 UTC ( 2 weeks, 1 day ago )
File names IObit-Undelete.exe
IObit-Undelete.exe
IObit-Undelete (1).exe
IObit
IObit Undelete.exe
IObit-Undelete.exe
ad7d24f316aef61b8c0461d117cea8f3f6182e64
IObit-Undelete.exe
IObit-Undelete.exe
localfile~
IObit-Undelete.exe
IObit-Undelete.exe
IObit-Undelete.exe
IObit-Undelete.exe
IObit-Undelete.exe
471608261.exe
IObit-Undelete.exe
IObit-Undelete.exe
IObit-Undelete.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Deleted files
Created mutexes
Runtime DLLs
UDP communications