× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f683617d1b78bb803bbb8eccdf6ee1d1808723f2c50a8caaf645e4ef9a355980
File name: MailbirdInstaller.exe
Detection ratio: 0 / 67
Analysis date: 2017-11-18 14:35:22 UTC ( 1 year, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware 20171118
AegisLab 20171118
AhnLab-V3 20171118
Alibaba 20170911
ALYac 20171118
Antiy-AVL 20171118
Arcabit 20171117
Avast 20171118
Avast-Mobile 20171117
AVG 20171118
Avira (no cloud) 20171118
AVware 20171118
Baidu 20171117
BitDefender 20171118
Bkav 20171118
CAT-QuickHeal 20171118
ClamAV 20171118
CMC 20171117
Comodo 20171118
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20171118
Cyren 20171118
DrWeb 20171118
eGambit 20171118
Emsisoft 20171118
Endgame 20171024
ESET-NOD32 20171118
F-Prot 20171118
F-Secure 20171118
Fortinet 20171118
GData 20171118
Ikarus 20171118
Sophos ML 20170914
Jiangmin 20171117
K7AntiVirus 20171117
K7GW 20171118
Kaspersky 20171118
Kingsoft 20171118
Malwarebytes 20171118
MAX 20171118
McAfee 20171118
McAfee-GW-Edition 20171118
Microsoft 20171118
eScan 20171118
NANO-Antivirus 20171118
nProtect 20171118
Palo Alto Networks (Known Signatures) 20171118
Panda 20171118
Qihoo-360 20171118
Rising 20171118
SentinelOne (Static ML) 20171113
Sophos AV 20171118
SUPERAntiSpyware 20171118
Symantec 20171117
Symantec Mobile Insight 20171117
Tencent 20171118
TheHacker 20171117
TrendMicro 20171118
TrendMicro-HouseCall 20171118
Trustlook 20171118
VBA32 20171117
VIPRE 20171118
ViRobot 20171118
Webroot 20171118
WhiteArmor 20171104
Yandex 20171118
Zillya 20171117
ZoneAlarm by Check Point 20171118
Zoner 20171118
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
2015

Product Mailbird
File version 1.0.0.0
Description Mailbird Installer
Signature verification Signed file, verified signature
Signing date 11:49 AM 9/26/2017
Signers
[+] Mailbird, Inc.
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer COMODO RSA Code Signing CA
Valid from 1:00 AM 5/23/2016
Valid to 12:59 AM 5/24/2018
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 2DF4C7D10042DDC085E46E971AB91382778A369C
Serial number 25 A0 5B F8 3D A7 04 EC 07 E5 24 3E EB 17 61 20
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 5/9/2013
Valid to 12:59 AM 5/9/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 1/19/2010
Valid to 12:59 AM 1/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] COMODO SHA-1 Time Stamping Signer
Status Valid
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 12/31/2015
Valid to 7:40 PM 7/9/2019
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 03A5B14663EB12023091B84A6D6A68BC871DE66B
Serial number 16 88 F0 39 25 5E 63 8E 69 14 39 07 E6 33 0B
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
Packers identified
F-PROT CAB, UTF-8
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-08-24 15:55:59
Entry Point 0x0008DE63
Number of sections 4
PE sections
Overlays
MD5 1e7eb3aed2b8e24598a30f6be4bab893
File type data
Offset 1929216
Size 5336
Entropy 7.43
PE imports
GetTokenInformation
RegCloseKey
OpenProcessToken
FreeSid
DuplicateToken
AllocateAndInitializeSid
CheckTokenMembership
AdjustTokenPrivileges
LookupPrivilegeValueW
Ord(17)
_TrackMouseEvent
CreateDIBPatternBrushPt
SetGraphicsMode
PlayMetaFileRecord
GetWindowExtEx
PolylineTo
PatBlt
PlayMetaFile
CreatePen
GetCurrentPositionEx
SaveDC
CreateRectRgn
SetTextAlign
OffsetClipRgn
SetColorAdjustment
CreateRectRgnIndirect
CombineRgn
GetClipBox
ModifyWorldTransform
GetClipRgn
GetObjectType
SelectObject
Rectangle
SetMapMode
PolyDraw
ExcludeClipRect
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetBkMode
SetMapperFlags
EnumMetaFile
SetPixel
SetWorldTransform
GetPixel
SetWindowOrgEx
DeleteObject
IntersectClipRect
BitBlt
CreateHatchBrush
OffsetWindowOrgEx
CreatePatternBrush
GetDeviceCaps
GetCurrentObject
RectVisible
CreateBitmap
Escape
GetStockObject
SetViewportOrgEx
SelectPalette
GetViewportExtEx
PtVisible
SetArcDirection
ExtSelectClipRgn
ScaleViewportExtEx
GetDCOrgEx
CreateCompatibleDC
PolyBezierTo
StretchDIBits
SetStretchBltMode
ScaleWindowExtEx
SetROP2
SetTextColor
ArcTo
SetViewportExtEx
LineTo
SetPolyFillMode
MoveToEx
CreateCompatibleBitmap
SetWindowExtEx
SetTextJustification
CreateSolidBrush
DPtoLP
ExtCreatePen
GetMapMode
SetBkColor
SetTextCharacterExtra
GetBkColor
SetRectRgn
SelectClipPath
SelectClipRgn
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
WaitForSingleObject
GetDriveTypeA
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
UnhandledExceptionFilter
SetErrorMode
SetStdHandle
GetFileTime
GetTempPathA
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetFullPathNameA
GetExitCodeProcess
LocalFree
MoveFileA
ResumeThread
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
TlsGetValue
FormatMessageA
SetLastError
CopyFileA
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
EnumSystemLocalesA
EnumResourceLanguagesW
SetConsoleCtrlHandler
GetSystemDefaultLCID
InterlockedDecrement
FatalAppExitA
GetModuleHandleA
CreateThread
SetUnhandledExceptionFilter
ConvertDefaultLocale
MulDiv
GetDateFormatA
GetSystemDirectoryA
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetVersion
InterlockedIncrement
SetCurrentDirectoryA
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
ExitThread
GlobalSize
GetStartupInfoA
UnlockFile
SystemTimeToFileTime
GetFileSize
DeleteFileA
GetWindowsDirectoryA
SetEvent
GetUserDefaultLCID
GetProcessHeap
GlobalReAlloc
lstrcmpA
CompareStringA
GetTempFileNameA
IsValidLocale
DuplicateHandle
GlobalLock
GetTimeZoneInformation
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
DosDateTimeToFileTime
GlobalDeleteAtom
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetThreadLocale
GlobalUnlock
LockFile
FileTimeToLocalFileTime
SizeofResource
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
GetCurrentDirectoryA
HeapSize
GetCommandLineA
InterlockedCompareExchange
GetCurrentThread
SuspendThread
RaiseException
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
GetACP
GetCurrentThreadId
FreeResource
GetEnvironmentStrings
HeapCreate
VirtualFree
Sleep
SetThreadPriority
FindResourceA
VirtualAlloc
GetOEMCP
GetTimeFormatA
SysStringLen
SysStringByteLen
VarBstrFromDec
VarDecFromStr
SafeArrayDestroyData
SafeArrayCreate
SafeArrayAllocDescriptor
VariantCopy
SafeArrayGetElemsize
VariantInit
SafeArrayAllocData
SafeArrayDestroyDescriptor
SafeArrayAccessData
SafeArrayGetLBound
VarBstrFromDate
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayGetUBound
SysFreeString
SysAllocStringByteLen
SafeArrayLock
VariantChangeType
SafeArrayGetElement
SafeArrayPtrOfIndex
VarBstrFromCy
VarCyFromStr
SafeArrayRedim
SafeArrayCopy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocStringLen
VariantClear
SysReAllocStringLen
VarDateFromStr
SafeArrayGetDim
SafeArrayPutElement
SHGetMalloc
DragFinish
PathFindFileNameW
PathIsUNCW
PathFindExtensionW
PathStripToRootW
PathCombineW
PathRemoveExtensionW
SetFocus
GetMessagePos
RedrawWindow
SetMenuItemBitmaps
MoveWindow
DestroyMenu
PostQuitMessage
GetForegroundWindow
SetWindowPos
SetScrollPos
IsWindow
EndPaint
ScrollWindowEx
WindowFromPoint
DrawIcon
GetMessageTime
SetActiveWindow
GetMenuItemID
GetCursorPos
ReleaseDC
GetDlgCtrlID
GetMenu
UnregisterClassA
GetClientRect
GetNextDlgTabItem
CallNextHookEx
ClientToScreen
GetTopWindow
LockWindowUpdate
GetActiveWindow
DestroyWindow
GetParent
UpdateWindow
EqualRect
CheckRadioButton
ShowWindow
GetDesktopWindow
SetWindowPlacement
TranslateMessage
IsWindowEnabled
GetWindow
GetDlgItemInt
SetParent
ScrollWindow
GetWindowPlacement
EnableMenuItem
TrackPopupMenuEx
GetSubMenu
GetDCEx
ShowOwnedPopups
FillRect
CopyRect
GetSysColorBrush
GetDialogBaseUnits
PtInRect
IsChild
MapWindowPoints
BeginPaint
OffsetRect
GetScrollPos
KillTimer
SendDlgItemMessageA
GetSystemMetrics
IsIconic
SetScrollRange
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
GetScrollRange
InvalidateRect
EndDialog
WaitMessage
CreatePopupMenu
CheckMenuItem
DrawFocusRect
GetLastActivePopup
SetTimer
GetDlgItem
GetMenuCheckMarkDimensions
BringWindowToTop
ScreenToClient
TrackPopupMenu
GetMenuItemCount
IsDlgButtonChecked
CheckDlgButton
SetDlgItemInt
GetSystemMenu
ReuseDDElParam
GetDC
SetForegroundWindow
ExitWindowsEx
IntersectRect
GetScrollInfo
GetCapture
RemoveMenu
GetWindowThreadProcessId
DeferWindowPos
ShowScrollBar
GetMenuState
UnhookWindowsHookEx
SetRectEmpty
GetWindowDC
AdjustWindowRectEx
GetSysColor
SetScrollInfo
GetKeyState
EndDeferWindowPos
SystemParametersInfoA
DestroyIcon
IsWindowVisible
UnpackDDElParam
UnionRect
SetRect
DeleteMenu
BeginDeferWindowPos
ValidateRect
IsRectEmpty
GetFocus
SetMenu
SetCursor
ClosePrinter
Ord(205)
Ord(45)
Ord(159)
Ord(70)
Ord(92)
Ord(118)
Ord(32)
Ord(8)
Ord(160)
ReadClassStg
CLSIDFromString
OleRegGetUserType
CoTaskMemAlloc
StringFromCLSID
ReleaseStgMedium
CoCreateGuid
SetConvertStg
CoCreateInstance
WriteClassStg
CreateBindCtx
CoDisconnectObject
ReadFmtUserTypeStg
OleDuplicateData
IIDFromString
CoTaskMemFree
CoTreatAsClass
StringFromGUID2
WriteFmtUserTypeStg
URLDownloadToFileW
Number of PE resources by type
RT_CURSOR 17
RT_GROUP_CURSOR 16
RT_STRING 13
RT_DIALOG 6
RT_ICON 6
CUSTOM 3
RT_BITMAP 2
RES_CAB 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ITALIAN 48
NEUTRAL 19
PE resources
Debug information
ExifTool file metadata
LegalTrademarks
All Rights Reserved

SubsystemVersion
4.0

InitializedDataSize
1069056

ImageVersion
0.0

ProductName
Mailbird

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.0

TimeStamp
2012:08:24 16:55:59+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0.0

FileDescription
Mailbird Installer

OSVersion
4.0

FileOS
Win32

LegalCopyright
2015

MachineType
Intel 386 or later, and compatibles

CompanyName
Mailbird

CodeSize
856064

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x8de63

ObjectFileType
Dynamic link library

Execution parents
File identification
MD5 2cc6d5014511e87fc299fa2ad595e7c5
SHA1 ed6dc8aacd5a90006ec0ac2512aa1b8deccacc29
SHA256 f683617d1b78bb803bbb8eccdf6ee1d1808723f2c50a8caaf645e4ef9a355980
ssdeep
49152:/HhkqgYa3/zb1vjavbUZ/VVudlwqubOMva8/+:/G0aPNmoEcqub1+

authentihash a0227410017cdbd93fd8e6a8de1bad55c4a487e01d73694a5f2773f007bf7c51
imphash dd36dcd7cada80ac3b77c9611fa1f175
File size 1.8 MB ( 1934552 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (37.8%)
Win64 Executable (generic) (33.4%)
Windows screen saver (15.8%)
Win32 Executable (generic) (5.4%)
OS/2 Executable (generic) (2.4%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2017-09-26 19:51:22 UTC ( 1 year, 4 months ago )
Last submission 2018-05-12 00:04:15 UTC ( 9 months, 1 week ago )
File names 1023809
MailbirdInstaller.exe
MailbirdInstaller.exe
MailbirdInstaller.exe
MailbirdInstaller.exe
MailbirdInstaller.exe
MailbirdInstaller.exe
MailbirdInstaller.exe
MailbirdInstaller.exe
MailbirdInstaller.exe
mailbird-installer-2.4.24.0.exe
MailbirdInstaller.exe
MailbirdInstaller.exe
MailbirdInstaller.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications