× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f99a5498e4d93a9860e8638f6e1cb3576d593ff9068bf114fce1cea0a240ef71
File name: bytefence-installer_3.8.0.exe
Detection ratio: 3 / 60
Analysis date: 2017-04-20 17:32:13 UTC ( 5 months ago ) View latest
Antivirus Result Update
Malwarebytes PUP.Optional.ByteFence 20170420
Tencent Net.Risk.Adware.Tcwc 20170420
TrendMicro-HouseCall Suspicious_GEN.F47V0409 20170420
Ad-Aware 20170420
AegisLab 20170420
AhnLab-V3 20170420
Alibaba 20170420
ALYac 20170420
Antiy-AVL 20170420
Arcabit 20170420
Avast 20170420
AVG 20170420
Avira (no cloud) 20170420
AVware 20170420
Baidu 20170420
BitDefender 20170420
CAT-QuickHeal 20170420
ClamAV 20170420
CMC 20170420
Comodo 20170420
CrowdStrike Falcon (ML) 20170420
Cyren 20170420
DrWeb 20170420
Emsisoft 20170420
Endgame 20170419
ESET-NOD32 20170420
F-Prot 20170420
F-Secure 20170420
Fortinet 20170420
GData 20170420
Ikarus 20170420
Sophos ML 20170413
Jiangmin 20170420
K7AntiVirus 20170420
K7GW 20170420
Kaspersky 20170420
Kingsoft 20170420
McAfee 20170420
McAfee-GW-Edition 20170420
Microsoft 20170420
eScan 20170420
NANO-Antivirus 20170420
nProtect 20170420
Palo Alto Networks (Known Signatures) 20170420
Panda 20170420
Qihoo-360 20170420
Rising None
SentinelOne (Static ML) 20170330
Sophos AV 20170420
SUPERAntiSpyware 20170420
Symantec 20170420
Symantec Mobile Insight 20170414
TheHacker 20170420
TrendMicro 20170420
Trustlook 20170420
VBA32 20170420
VIPRE 20170420
ViRobot 20170420
Webroot 20170420
WhiteArmor 20170409
Yandex 20170420
Zillya 20170418
ZoneAlarm by Check Point 20170420
Zoner 20170420
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2017 Byte Technologies LLC

Product ByteFence Anti-Malware
File version 3.8.0.5
Description ByteFence Anti-Malware Installer
Comments ByteFence Anti-Malware
Signature verification Signed file, verified signature
Signing date 2:15 PM 4/3/2017
Signers
[+] Byte Technologies LLC
Status Valid
Issuer DigiCert SHA2 Assured ID Code Signing CA
Valid from 1:00 AM 5/12/2016
Valid to 1:00 PM 8/1/2018
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 00EB6B4ED3A7BF72F36825DB3589C7A34845EBBD
Serial number 0C ED 26 3A 6D 4A 1B FB 5C DA AA F3 AE 72 F8 AC
[+] DigiCert SHA2 Assured ID Code Signing CA
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 PM 10/22/2013
Valid to 1:00 PM 10/22/2028
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 92C1588E85AF2201CE7915E8538B492F605B80C6
Serial number 04 09 18 1B 5F D5 BB 66 75 53 43 B5 6F 95 50 08
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT NSIS, UTF-8
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-04-02 03:20:05
Entry Point 0x000030FB
Number of sections 5
PE sections
Overlays
MD5 0c05973fab8fd3d515ca32a452e58ec7
File type data
Offset 59392
Size 6930704
Entropy 8.00
PE imports
RegDeleteKeyA
RegCloseKey
RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SelectObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetBkColor
DeleteObject
SetTextColor
GetLastError
ReadFile
lstrlenA
lstrcmpiA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
GetTickCount
SetFileTime
GlobalUnlock
GetModuleFileNameA
RemoveDirectoryA
GetShortPathNameA
GetCurrentProcess
LoadLibraryExA
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GlobalLock
SetFileAttributesA
GetModuleHandleA
GetTempPathA
CreateThread
GetFileAttributesA
SetFilePointer
lstrcmpA
FindFirstFileA
WriteFile
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
GetSystemDirectoryA
GetDiskFreeSpaceA
ExpandEnvironmentStringsA
GetFullPathNameA
FreeLibrary
MoveFileA
CreateProcessA
GlobalAlloc
SearchPathA
FindClose
Sleep
CreateFileA
ExitProcess
GetVersion
GetProcAddress
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
SHFileOperationA
CharPrevA
GetMessagePos
EndPaint
SystemParametersInfoA
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
GetClassInfoA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
ScreenToClient
SetDlgItemTextA
MessageBoxIndirectA
LoadImageA
GetDlgItemTextA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
FindWindowExA
DrawTextA
CreatePopupMenu
wsprintfA
DialogBoxParamA
SetClipboardData
IsWindowVisible
SendMessageA
CloseClipboard
GetClientRect
SetTimer
GetDlgItem
CreateDialogParamA
SetWindowTextA
EnableMenuItem
RegisterClassA
InvalidateRect
GetWindowLongA
SendMessageTimeoutA
CreateWindowExA
LoadCursorA
TrackPopupMenu
DestroyWindow
FillRect
ShowWindow
CharNextA
CallWindowProcA
GetSystemMenu
EmptyClipboard
EnableWindow
SetForegroundWindow
OpenClipboard
ExitWindowsEx
SetCursor
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_DIALOG 5
RT_ICON 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 11
NEUTRAL 1
PE resources
ExifTool file metadata
LegalTrademarks
ByteFence Anti-Malware is a trademark of Byte Technologies LLC

UninitializedDataSize
1024

Comments
ByteFence Anti-Malware

LinkerVersion
6.0

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
3.8.0.5

LanguageCode
Neutral

FileFlagsMask
0x0000

CharacterSet
Windows, Latin1

InitializedDataSize
120320

EntryPoint
0x30fb

MIMEType
application/octet-stream

LegalCopyright
Copyright 2017 Byte Technologies LLC

FileVersion
3.8.0.5

TimeStamp
2016:04:02 04:20:05+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

ProductVersion
3.8.0.5

FileDescription
ByteFence Anti-Malware Installer

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Byte Technologies LLC

CodeSize
23552

ProductName
ByteFence Anti-Malware

ProductVersionNumber
3.8.0.5

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
Compressed bundles
File identification
MD5 cfaefe71fa4e1d87c5c38e0b06a35ba5
SHA1 8cb4615d8047aece48453dde126443743b6528f5
SHA256 f99a5498e4d93a9860e8638f6e1cb3576d593ff9068bf114fce1cea0a240ef71
ssdeep
196608:3djv/leuyJ73v6gnz1gKxnzx21Mh7sVLFymjcQYz21Gax:3djvt831rAq7FHH21G0

authentihash 2d8b4eb46cf126c0be90672bdc71d62307497125d1af104215392c71d53921b5
imphash b76363e9cb88bf9390860da8e50999d2
File size 6.7 MB ( 6990096 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
nsis peexe signed overlay

VirusTotal metadata
First submission 2017-04-08 20:34:33 UTC ( 5 months, 2 weeks ago )
Last submission 2017-07-02 09:28:47 UTC ( 2 months, 3 weeks ago )
File names B
bytefence-installer_3.8.0 (2).exe
bytefence-installer_3.8.0.exe
bytefence-installer_3.8.0.exe
bytefence-installer_3.8.0.exe
bytefence-installer_3.8.0.exe
bytefence-installer_3.8.0.exe
bytefence-installer_3.8.0.exe
bytefence-installer_3.8.0.exe
bytefence-installer_3.8.0.exe
bytefence-installer_3.8.0.exe
bytefence-installer_3.8.0.exe
bytefence-installer_3.8.0.exe
bytefence-installer_3.8.0 (1).exe
bytefence-installer_3.8.0.exe
1012055
bytefence-installer.exe
bytefence-installer_3.8.0.exe
F99A5498E4D93A9860E8638F6E1CB3576D593FF9068BF114FCE1CEA0A240EF71
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Deleted files
Created mutexes
Runtime DLLs
UDP communications