× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f2b8c636158782f1cfda772fa6c60394c2babdc4456bb217e4b49d619c86acb9
File name: copyq-2.1.0-setup.exe
Detection ratio: 1 / 52
Analysis date: 2014-05-09 10:02:38 UTC ( 1 year ago ) View latest
Antivirus Result Update
CMC RiskTool.Win32.CloseApp!O 20140506
AVG 20140509
Ad-Aware 20140509
AegisLab 20140509
Agnitum 20140508
AhnLab-V3 20140509
AntiVir 20140509
Antiy-AVL 20140509
Avast 20140509
Baidu-International 20140509
BitDefender 20140509
Bkav 20140507
ByteHero 20140509
CAT-QuickHeal 20140508
ClamAV 20140509
Commtouch 20140509
Comodo 20140509
DrWeb 20140509
ESET-NOD32 20140509
Emsisoft 20140509
F-Prot 20140509
F-Secure 20140509
Fortinet 20140509
GData 20140509
Ikarus 20140509
Jiangmin 20140509
K7AntiVirus 20140508
K7GW 20140508
Kaspersky 20140509
Kingsoft 20140509
Malwarebytes 20140509
McAfee 20140509
McAfee-GW-Edition 20140508
MicroWorld-eScan 20140509
Microsoft 20140509
NANO-Antivirus 20140509
Norman 20140509
Panda 20140509
Qihoo-360 20140509
Rising 20140507
SUPERAntiSpyware 20140509
Sophos 20140509
Symantec 20140509
TheHacker 20140508
TotalDefense 20140509
TrendMicro 20140509
TrendMicro-HouseCall 20140509
VBA32 20140507
VIPRE 20140509
ViRobot 20140509
Zillya 20140509
nProtect 20140509
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Developer metadata
Copyright

Publisher Lukas Holecek
Product CopyQ
File version
Description CopyQ Setup
Comments This installation was built with Inno Setup.
Packers identified
F-PROT INNO, appended
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-01-30 14:21:56
Link date 3:21 PM 1/30/2013
Entry Point 0x000113BC
Number of sections 8
PE sections
PE imports
RegCloseKey
OpenProcessToken
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
InitCommonControls
GetLastError
GetStdHandle
GetUserDefaultLangID
GetSystemInfo
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetThreadLocale
VirtualProtect
GetFileAttributesW
RtlUnwind
lstrlenW
GetExitCodeProcess
CreateProcessW
GetStartupInfoA
SizeofResource
GetWindowsDirectoryW
LocalAlloc
LockResource
GetDiskFreeSpaceW
GetCommandLineW
SetErrorMode
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
EnumCalendarInfoW
GetCPInfo
DeleteFileW
GetProcAddress
InterlockedCompareExchange
GetLocaleInfoW
lstrcpynW
RaiseException
WideCharToMultiByte
RemoveDirectoryW
SetFilePointer
GetFullPathNameW
ReadFile
GetEnvironmentVariableW
InterlockedExchange
CreateDirectoryW
WriteFile
GetCurrentProcess
CloseHandle
FindFirstFileW
GetACP
GetModuleHandleW
SignalObjectAndWait
SetEvent
FormatMessageW
LoadLibraryW
CreateEventW
GetVersion
LoadResource
FindResourceW
CreateFileW
VirtualQuery
VirtualFree
FindClose
TlsGetValue
Sleep
SetEndOfFile
TlsSetValue
ExitProcess
GetCurrentThreadId
VirtualAlloc
GetFileSize
SetLastError
ResetEvent
SysReAllocStringLen
SysFreeString
SysAllocStringLen
GetSystemMetrics
SetWindowLongW
MessageBoxW
PeekMessageW
LoadStringW
MessageBoxA
CreateWindowExW
MsgWaitForMultipleObjects
TranslateMessage
CharUpperBuffW
CallWindowProcW
CharNextW
GetKeyboardType
ExitWindowsEx
DispatchMessageW
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 4
RT_RCDATA 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 9
ENGLISH US 4
DUTCH 4
ExifTool file metadata
UninitializedDataSize
0

Comments
This installation was built with Inno Setup.

LinkerVersion
2.25

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
52736

MIMEType
application/octet-stream

TimeStamp
2013:01:30 15:21:56+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

ProductVersion
2.1.0

FileDescription
CopyQ Setup

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Lukas Holecek

CodeSize
65024

ProductName
CopyQ

ProductVersionNumber
0.0.0.0

EntryPoint
0x113bc

ObjectFileType
Executable application

File identification
MD5 2a1f7a7ed4aafcd9d4a350c57c8a0ac7
SHA1 6d57d0a70a55f42241371963fa3a2808df93f045
SHA256 f2b8c636158782f1cfda772fa6c60394c2babdc4456bb217e4b49d619c86acb9
ssdeep
196608:/W3rVMNbQUYmWUzQmsfNrfgGRP0XKbCd1/mGF5rSe6e3Qt1h:+3rqN7YMQmsfyKid1/m0SBe30z

authentihash 630bd70d26af32c6eed91570ad4315b59a9e253ed838004102424c837c896dd3
imphash 48aa5c8931746a9655524f67b25a47ef
File size 8.9 MB ( 9338344 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-04-07 06:13:30 UTC ( 1 year, 1 month ago )
Last submission 2014-05-30 11:59:44 UTC ( 12 months ago )
File names 24667921
24667902
copyq-2.1.0-setup.exe
copyq-2.1.0-setup.exe
copyq-2.1.0-setup.exe
file-7050522_exe
copyq-2.1.0-setup.exe
f2b8c636158782f1cfda772fa6c60394c2babdc4456bb217e4b49d619c86acb9
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.