× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f7955bd267a55c9f19c312ad2864bc1dfbf50e670f2a32df19fbe68fdcf07e8a
File name: KlinikSoftSetup.exe
Detection ratio: 2 / 50
Analysis date: 2014-01-29 10:28:09 UTC ( 3 years, 9 months ago )
Antivirus Result Update
Comodo Heur.Suspicious 20140129
Norman Malware 20140129
Ad-Aware 20140129
Yandex 20140128
AhnLab-V3 20140128
AntiVir 20140129
Antiy-AVL 20140129
Avast 20140129
AVG 20140129
Baidu-International 20140129
BitDefender 20140129
Bkav 20140125
ByteHero 20140127
CAT-QuickHeal 20140129
ClamAV 20140129
CMC 20140122
Commtouch 20140129
DrWeb 20140129
Emsisoft 20140129
ESET-NOD32 20140129
F-Prot 20140129
F-Secure 20140129
Fortinet 20140129
GData 20140129
Ikarus 20140129
Jiangmin 20140129
K7AntiVirus 20140128
K7GW 20140128
Kaspersky 20140129
Kingsoft 20130829
Malwarebytes 20140129
McAfee 20140129
McAfee-GW-Edition 20140129
Microsoft 20140129
eScan 20140129
NANO-Antivirus 20140129
nProtect 20140129
Panda 20140128
Qihoo-360 20140127
Rising 20140129
Sophos AV 20140129
SUPERAntiSpyware 20140129
Symantec 20140129
TheHacker 20140128
TotalDefense 20140129
TrendMicro 20140129
TrendMicro-HouseCall 20140129
VBA32 20140128
VIPRE 20140129
ViRobot 20140129
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
FileVersionInfo properties
Copyright
Yüksel DEM?RC?O?LU 2005-2010

Publisher Yüksel DEM?RC?O?LU
File version 2.0.0.1363
Description KlinikSoft Hasta Bilgi Yönetim Sistemi
Comments This installation was built with Inno Setup: http://www.innosetup.com
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x000097F0
Number of sections 8
PE sections
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
CreateDirectoryA
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetLocaleInfoA
LocalAlloc
LockResource
IsDBCSLeadByte
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
CloseHandle
GetFullPathNameA
LocalFree
CreateProcessA
GetModuleFileNameA
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
FindResourceA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_ICON 8
RT_STRING 6
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 11
NEUTRAL 7
PE resources
File identification
MD5 b08fd7a59084e811db506e865dadb794
SHA1 361694ea9d57973edb1c3e25dda2964a3fc96a65
SHA256 f7955bd267a55c9f19c312ad2864bc1dfbf50e670f2a32df19fbe68fdcf07e8a
ssdeep
393216:KtvAbQ7p50eFtvrS0TH5SYWbjGFQUSPgrQkGX7rwqIyJt:K8QV5h+u5/E5UoHPXHwqIyn

File size 20.6 MB ( 21572330 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (91.1%)
Win32 Executable (generic) (3.7%)
Win16/32 Executable Delphi generic (1.7%)
Generic Win/DOS Executable (1.6%)
DOS Executable Generic (1.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-01-29 10:28:09 UTC ( 3 years, 9 months ago )
Last submission 2014-01-29 10:28:09 UTC ( 3 years, 9 months ago )
File names KlinikSoftSetup.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!