× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f8151fcef0d692d929e0729772b93b7f1887a3d9399733670cb266ec98c2b2de
File name: avast_free_antivirus_setup.exe
Detection ratio: 0 / 69
Analysis date: 2019-02-17 19:43:35 UTC ( 1 month ago ) View latest
Antivirus Result Update
Acronis 20190213
Ad-Aware 20190217
AegisLab 20190217
AhnLab-V3 20190217
Alibaba 20180921
ALYac 20190217
Antiy-AVL 20190217
Arcabit 20190217
Avast 20190217
Avast-Mobile 20190217
AVG 20190217
Avira (no cloud) 20190217
Babable 20180918
Baidu 20190215
BitDefender 20190217
Bkav 20190216
CAT-QuickHeal 20190217
ClamAV 20190217
CMC 20190217
Comodo 20190217
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cylance 20190217
Cyren 20190217
DrWeb 20190217
eGambit 20190217
Emsisoft 20190217
Endgame 20190215
ESET-NOD32 20190217
F-Prot 20190217
F-Secure 20190217
Fortinet 20190217
GData 20190217
Ikarus 20190217
Sophos ML 20181128
Jiangmin 20190217
K7AntiVirus 20190217
K7GW 20190217
Kaspersky 20190217
Kingsoft 20190217
Malwarebytes 20190217
MAX 20190217
McAfee 20190217
McAfee-GW-Edition 20190217
Microsoft 20190217
eScan 20190217
NANO-Antivirus 20190217
Palo Alto Networks (Known Signatures) 20190217
Panda 20190217
Qihoo-360 20190217
Rising 20190217
SentinelOne (Static ML) 20190203
Sophos AV 20190217
SUPERAntiSpyware 20190213
Symantec 20190217
Symantec Mobile Insight 20190207
TACHYON 20190217
Tencent 20190217
TheHacker 20190217
Trapmine 20190123
TrendMicro 20190217
TrendMicro-HouseCall 20190217
Trustlook 20190217
VBA32 20190215
ViRobot 20190217
Webroot 20190217
Yandex 20190215
Zillya 20190215
ZoneAlarm by Check Point 20190217
Zoner 20190217
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (c) 2014 AVAST Software

Product Avast Antivirus
Original name SfxInst.exe
Internal name SfxInst
File version 12.3.3154.0
Description avast! Antivirus Installer
Comments avast! Antivirus
Signature verification Signed file, verified signature
Signing date 9:50 AM 8/19/2016
Signers
[+] AVAST Software a.s.
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer DigiCert High Assurance Code Signing CA-1
Valid from 11:00 PM 07/11/2013
Valid to 11:00 AM 09/14/2016
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 181E2AE5727DE60F52EF26D90BC6919481601793
Serial number 0E F5 EC A7 BD 31 CF C3 A7 F8 E6 25 9B 42 33 59
[+] DigiCert High Assurance Code Signing CA-1
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 12:00 PM 02/11/2011
Valid to 12:00 PM 02/10/2026
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint E308F829DC77E80AF15EDD4151EA47C59399AB46
Serial number 02 C4 D1 E5 8A 4A 68 0C 56 8D A3 04 7E 7E 4D 5F
[+] DigiCert
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 12:00 AM 11/10/2006
Valid to 12:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
Serial number 02 AC 5C 26 6A 0B 40 9B 8F 0B 79 F2 AE 46 25 77
Counter signers
[+] DigiCert Timestamp Responder
Status Valid
Issuer DigiCert Assured ID CA-1
Valid from 11:00 PM 10/21/2014
Valid to 11:00 PM 10/21/2024
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 614D271D9102E30169822487FDE5DE00A352B01D
Serial number 03 01 9A 02 3A FF 58 B1 6B D6 D5 EA E6 17 F0 66
[+] DigiCert Assured ID CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 12:00 AM 11/10/2006
Valid to 12:00 AM 11/10/2021
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing
Algorithm sha1RSA
Thumbrint 19A09B5A36F4DD99727DF783C17A51231A56C117
Serial number 06 FD F9 03 96 03 AD EA 00 0A EB 3F 27 BB BA 1B
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 12:00 AM 11/10/2006
Valid to 12:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbrint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-18 14:03:24
Entry Point 0x000377F0
Number of sections 6
PE sections
Overlays
MD5 f7f2c3ca332c01de7a195d4600d4955e
File type data
Offset 1235456
Size 5099392
Entropy 8.00
PE imports
GetVolumePathNameW
GetStdHandle
FileTimeToSystemTime
WaitForSingleObject
HeapDestroy
EncodePointer
CreateTimerQueue
GetFileAttributesW
GetExitCodeProcess
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
EnumSystemLocalesW
ExitProcess
FreeEnvironmentStringsW
InitializeSListHead
InterlockedPopEntrySList
GetLocaleInfoW
SetStdHandle
GetFileTime
WideCharToMultiByte
LoadLibraryW
InterlockedExchange
WriteFile
GetTimeZoneInformation
GetSystemTimeAsFileTime
SetThreadAffinityMask
GetThreadTimes
GlobalMemoryStatusEx
HeapReAlloc
GetStringTypeW
QueryDepthSList
GetThreadPriority
FreeLibrary
LocalFree
FormatMessageW
ResumeThread
FreeLibraryAndExitThread
InitializeCriticalSection
OutputDebugStringW
FindClose
InterlockedDecrement
QueryDosDeviceW
FormatMessageA
SetFileAttributesW
QueueUserWorkItem
SignalObjectAndWait
GetEnvironmentVariableW
SetLastError
DeviceIoControl
TlsGetValue
GetUserDefaultLangID
LoadResource
RemoveDirectoryW
TryEnterCriticalSection
IsDebuggerPresent
HeapAlloc
QueryPerformanceFrequency
TzSpecificLocalTimeToSystemTime
LoadLibraryExA
SetThreadPriority
GetUserDefaultLCID
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
DeleteTimerQueueTimer
GetPrivateProfileStringW
RegisterWaitForSingleObject
LockFileEx
CreateThread
SetEnvironmentVariableW
MoveFileExW
GetSystemDirectoryW
GetExitCodeThread
CreateSemaphoreW
GetVolumeNameForVolumeMountPointW
IsProcessorFeaturePresent
GetSystemTimes
ExitThread
DecodePointer
SetEnvironmentVariableA
TerminateProcess
SetUnhandledExceptionFilter
GetModuleHandleExW
GlobalAlloc
GetDiskFreeSpaceExW
SetEndOfFile
GetVersion
LeaveCriticalSection
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
TerminateThread
lstrcmpiA
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
RtlUnwind
GetWindowsDirectoryW
ChangeTimerQueueTimer
GetFileSize
WriteProcessMemory
WaitForMultipleObjects
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CreateFileMappingW
CompareStringW
GetFileSizeEx
GetModuleFileNameW
ExpandEnvironmentStringsW
FindNextFileW
CreateHardLinkW
CreateTimerQueueTimer
FindFirstFileW
IsValidLocale
DuplicateHandle
FindFirstFileExW
GlobalLock
ReadConsoleW
GetProcessAffinityMask
CreateEventW
CreateFileW
CreateEventA
GetFileType
TlsSetValue
GetCurrentThreadId
InterlockedIncrement
GetNativeSystemInfo
GetLastError
IsValidCodePage
InterlockedPushEntrySList
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
GetSystemInfo
GlobalFree
GetConsoleCP
UnregisterWaitEx
GetEnvironmentStringsW
GlobalUnlock
WaitForSingleObjectEx
VirtualFree
InterlockedFlushSList
SwitchToThread
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
ReleaseSemaphore
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
UnlockFileEx
GetACP
GetModuleHandleW
FreeResource
GetFileAttributesExW
GetLogicalProcessorInformation
GetNumaHighestNodeNumber
UnregisterWait
UnmapViewOfFile
FindResourceW
VirtualQuery
CreateProcessW
Sleep
WriteConsoleW
VirtualAlloc
GetOEMCP
ResetEvent
Number of PE resources by type
RT_ICON 10
RT_GROUP_ICON 1
RT_VERSION 1
FILE 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 12
ENGLISH US 1
CZECH DEFAULT 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

Comments
avast! Antivirus

LinkerVersion
14.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
12.3.3154.0

LanguageCode
Neutral

FileFlagsMask
0x0017

FileDescription
avast! Antivirus Installer

ImageFileCharacteristics
Executable, Large address aware, 32-bit, Net run from swap

CharacterSet
Unicode

InitializedDataSize
462848

EntryPoint
0x377f0

OriginalFileName
SfxInst.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 2014 AVAST Software

FileVersion
12.3.3154.0

TimeStamp
2016:08:18 16:03:24+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
SfxInst

ProductVersion
12.3.3154.0

UninitializedDataSize
0

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
AVAST Software

CodeSize
783360

ProductName
Avast Antivirus

ProductVersionNumber
12.3.3154.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 5534cd89ef44a72507dad0f422de8d87
SHA1 af69f98abd5485946f01e9faeb25faa0f8f59d35
SHA256 f8151fcef0d692d929e0729772b93b7f1887a3d9399733670cb266ec98c2b2de
ssdeep
196608:PYnFEWT/g98HAG7PyrVZgT+YTOEJH+XLWrl:PYnWWs98YVA++Jd+7WJ

authentihash b781b682fd404b694c765dbcda3427e774e236fd89e99dfa6d65d8dbe385767c
imphash 345bb5228cde9b5ee015aaafd89b3349
File size 6.0 MB ( 6334848 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2016-08-19 11:10:20 UTC ( 2 years, 7 months ago )
Last submission 2019-03-22 22:53:52 UTC ( 11 hours, 33 minutes ago )
File names avast_free_antivirus_setup_online_f0j.exe
avast_free_antivirus_setup_online-2017.exe
avast_free_antivirus_setup_online_j0i.exe
avast_free_antivirus_setup_online.exe
avast_free_antivirus_setup_online_s0j.exe
avast_free_antivirus_setup_online_b0l.exe
AvastSetup.exe
919611
avast_free_antivirus_setup_online_f0k.exe
xxx avast_free_antivirus_setup.exe
avast_free_antivirus_setup_online_b0h.exe
avast_free_antivirus_setup_online_j0k.exe
avast_free_antivirus_setup_online (2).exe
myfile.exe
avast_free_antivirus_setup_12.3.3154.0.exe
avast_free_antivirus_setup.exe
avast_free_antivirus_setup_17.3.3442.exe
avast_free_antivirus_setup_online_b0k.exe
avast_free_antivirus_setup.exe
avast_free_antivirus_setup_online_c0h.exe
어베스트.exe
avast_free_antivirus_setup_online (4).exe
antivirus
avast_free_antivirus_setup_online_p0b.exe
avast_free_antivirus_setup_online_j0b.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
HTTP requests
DNS requests
TCP connections
UDP communications