× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f4ac7cab3f52ac743833827708de02fdaf9e2df4e9eb9cb0ce45a4566dd495cd
File name: setup_m
Detection ratio: 0 / 57
Analysis date: 2015-03-24 13:58:31 UTC ( 4 years ago )
Antivirus Result Update
Ad-Aware 20150324
AegisLab 20150324
Yandex 20150322
AhnLab-V3 20150324
Alibaba 20150324
ALYac 20150324
Antiy-AVL 20150324
Avast 20150324
AVG 20150324
Avira (no cloud) 20150324
AVware 20150324
Baidu-International 20150324
BitDefender 20150324
Bkav 20150323
ByteHero 20150324
CAT-QuickHeal 20150324
ClamAV 20150324
CMC 20150324
Comodo 20150324
Cyren 20150324
DrWeb 20150324
Emsisoft 20150324
ESET-NOD32 20150324
F-Prot 20150324
F-Secure 20150324
Fortinet 20150324
GData 20150324
Ikarus 20150324
Jiangmin 20150323
K7AntiVirus 20150324
K7GW 20150324
Kaspersky 20150324
Kingsoft 20150324
Malwarebytes 20150324
McAfee 20150324
McAfee-GW-Edition 20150323
Microsoft 20150324
eScan 20150324
NANO-Antivirus 20150324
Norman 20150324
nProtect 20150324
Panda 20150324
Qihoo-360 20150324
Rising 20150324
Sophos AV 20150324
SUPERAntiSpyware 20150323
Symantec 20150324
Tencent 20150324
TheHacker 20150323
TotalDefense 20150324
TrendMicro 20150324
TrendMicro-HouseCall 20150324
VBA32 20150322
VIPRE 20150324
ViRobot 20150324
Zillya 20150324
Zoner 20150323
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 2003 Liberalsoft. All rights reserved.

Publisher Liberalsoft
Product Liberalsoft LiberalInstaller
Original name setup.exe
Internal name setup_m
File version 1.2.2.810
Description LiberalInstaller Include Application(s)
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0007FF00
Number of sections 3
PE sections
PE imports
LoadLibraryA
ExitProcess
GetProcAddress
ImageList_DrawEx
CoInitialize
LoadTypeLib
SHGetMalloc
Number of PE resources by type
RT_BITMAP 21
RT_RCDATA 14
RT_STRING 13
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_ICON 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 62
JAPANESE DEFAULT 7
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
2.25

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.2.2.810

UninitializedDataSize
364544

LanguageCode
Japanese

FileFlagsMask
0x003f

CharacterSet
Windows, Japan (Shift - JIS X-0208)

InitializedDataSize
12288

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
Copyright 2003 Liberalsoft. All rights reserved.

FileVersion
1.2.2.810

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
setup_m

ProductVersion
1.0.0.0

FileDescription
LiberalInstaller Include Application(s)

OSVersion
1.0

OriginalFilename
setup.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Liberalsoft

CodeSize
159744

ProductName
Liberalsoft LiberalInstaller

ProductVersionNumber
1.2.2.810

EntryPoint
0x7ff00

ObjectFileType
Executable application

File identification
MD5 f51672660bb6179e11ed6aee08ff0e8d
SHA1 3a45b24cb85b73a727bae9d0e166227407e43203
SHA256 f4ac7cab3f52ac743833827708de02fdaf9e2df4e9eb9cb0ce45a4566dd495cd
ssdeep
98304:wtegUeFZ1C8fbWRPT/3CQwCNhdF0ySo2R6:MeghFmKb2/3fhNhtSo/

authentihash a9bd0f8df4122ae820181ac584e2cf81eef4c5cd0581b53ae46767348ede8878
imphash 7e957f07e5a0fcf641c7ab2c573b10f6
File size 3.8 MB ( 4019334 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (41.1%)
Win32 EXE Yoda's Crypter (35.7%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Win16/32 Executable Delphi generic (2.7%)
Tags
peexe upx

VirusTotal metadata
First submission 2007-01-24 08:13:06 UTC ( 12 years, 2 months ago )
Last submission 2013-03-21 14:59:26 UTC ( 6 years ago )
File names hsp30.exe
756321
@_Documents and Settings@_user@_Plocha@_b@_hsp30.exe
f51672660bb6179e11ed6aee08ff0e8d.3a45b24cb85b73a727bae9d0e166227407e43203
@_Documents and Settings@_user@_Plocha@_a@_hsp30.exe
1174837
f51672660bb6179e11ed6aee08ff0e8d_INFD709.tmp
f51672660bb6179e11ed6aee08ff0e8d
f51672660bb6179e11ed6aee08ff0e8d
setup.exe
setup_m
file-1837100_exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!