× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fdb63a9bf16a3bc133a2b3d421ba657d4b8bf2c4e135edecd7d10d006cf0c5bb
Detection ratio: 2 / 68
Analysis date: 2018-06-21 05:36:01 UTC ( 9 months ago ) View latest
Antivirus Result Update
Bkav W32.eHeur.Malware03 20180620
CMC Trojan-Downloader.Win32.SetupFactory!O 20180621
Ad-Aware 20180621
AegisLab 20180621
AhnLab-V3 20180621
Alibaba 20180620
ALYac 20180621
Antiy-AVL 20180621
Arcabit 20180621
Avast 20180621
Avast-Mobile 20180620
AVG 20180621
Avira (no cloud) 20180620
AVware 20180621
Babable 20180406
Baidu 20180620
BitDefender 20180621
CAT-QuickHeal 20180620
ClamAV 20180621
Comodo 20180621
CrowdStrike Falcon (ML) 20180530
Cybereason 20180225
Cylance 20180621
Cyren 20180621
DrWeb 20180621
eGambit 20180621
Emsisoft 20180621
Endgame 20180612
ESET-NOD32 20180621
F-Prot 20180621
F-Secure 20180621
Fortinet 20180621
GData 20180621
Ikarus 20180620
Sophos ML 20180601
Jiangmin 20180621
K7AntiVirus 20180620
K7GW 20180621
Kaspersky 20180621
Kingsoft 20180621
Malwarebytes 20180621
MAX 20180621
McAfee 20180621
McAfee-GW-Edition 20180621
Microsoft 20180621
eScan 20180621
NANO-Antivirus 20180621
Palo Alto Networks (Known Signatures) 20180621
Panda 20180620
Qihoo-360 20180621
Rising 20180621
SentinelOne (Static ML) 20180618
Sophos AV 20180621
SUPERAntiSpyware 20180621
Symantec 20180621
Symantec Mobile Insight 20180619
TACHYON 20180621
Tencent 20180621
TheHacker 20180621
TotalDefense 20180620
TrendMicro 20180621
TrendMicro-HouseCall 20180621
Trustlook 20180621
VBA32 20180620
VIPRE 20180621
ViRobot 20180621
Webroot 20180621
Yandex 20180620
Zillya 20180620
ZoneAlarm by Check Point 20180621
Zoner 20180620
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Setup Engine Copyright © 2004 Indigo Rose Corporation

Product Setup Factory 7.0 Runtime
Original name suf70_launch.exe
Internal name suf70_launch
File version 7.0.1.0
Description Setup Application
Comments Created with Setup Factory 7.0
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-10-13 15:10:17
Entry Point 0x00001D9D
Number of sections 4
PE sections
Overlays
MD5 d3ee8ace786a35ddbf18e709e9b6097b
File type data
Offset 69632
Size 1926199
Entropy 7.91
PE imports
GetLastError
GetEnvironmentVariableA
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
GetStartupInfoA
LoadLibraryA
lstrlenA
GetFileAttributesA
GetExitCodeProcess
LCMapStringA
HeapReAlloc
HeapDestroy
ExitProcess
TlsAlloc
GetVersionExA
GetEnvironmentStringsW
GetTempPathA
RemoveDirectoryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
GetCurrentProcess
_lwrite
GetEnvironmentStrings
lstrcatA
CreateDirectoryA
DeleteFileA
GetCurrentDirectoryA
UnhandledExceptionFilter
InterlockedDecrement
_llseek
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
_lread
GetModuleHandleA
_lclose
WideCharToMultiByte
lstrcmpiA
GetStringTypeA
_lcreat
lstrcpyA
_lopen
CloseHandle
GetACP
GetDiskFreeSpaceA
GetStringTypeW
GetCurrentThreadId
GetOEMCP
TerminateProcess
CreateProcessA
SetHandleCount
InitializeCriticalSection
HeapCreate
WriteFile
VirtualFree
TlsGetValue
GetFileType
MultiByteToWideChar
TlsSetValue
HeapAlloc
GetVersion
InterlockedIncrement
VirtualAlloc
SetCurrentDirectoryA
SetLastError
LeaveCriticalSection
wsprintfA
LoadCursorA
DispatchMessageA
MessageBoxA
PeekMessageA
MsgWaitForMultipleObjects
TranslateMessage
SetCursor
Number of PE resources by type
RT_ICON 9
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 11
PE resources
ExifTool file metadata
LegalTrademarks
Setup Factory is a trademark of Indigo Rose Corporation.

SubsystemVersion
4.0

Comments
Created with Setup Factory 7.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.0.1.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Setup Application

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
49152

EntryPoint
0x1d9d

OriginalFileName
suf70_launch.exe

MIMEType
application/octet-stream

LegalCopyright
Setup Engine Copyright 2004 Indigo Rose Corporation

FileVersion
7.0.1.0

TimeStamp
2004:10:13 16:10:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
suf70_launch

ProductVersion
7.0.1.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
20480

ProductName
Setup Factory 7.0 Runtime

ProductVersionNumber
7.0.1.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 7cc6619b3c6814204a76f4a314b72677
SHA1 0ecd883078331b570b9fd488b887db40619964e6
SHA256 fdb63a9bf16a3bc133a2b3d421ba657d4b8bf2c4e135edecd7d10d006cf0c5bb
ssdeep
24576:esSzlEqF+hVcO+P4/0wgCbnCfUfv8FWwsAcZo+GfeX6R9R+zu39Q5Zz49YHWwhSf:wl8eO+PdwZ0c7Amov0gAC+sHwhl

authentihash 4790510afe265f3b3559102f0d8cdabe20cf76aec7f7d2ad1f39264d7dcb0f4e
imphash a24e57cfb1e35030a9b4252bf1fa8b4b
File size 1.9 MB ( 1995831 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (19.6%)
Win64 Executable (generic) (17.3%)
UPX compressed Win32 Executable (16.9%)
Win32 EXE Yoda's Crypter (16.6%)
Microsoft Visual C++ compiled executable (generic) (10.3%)
Tags
peexe armadillo overlay

VirusTotal metadata
First submission 2007-05-08 15:40:54 UTC ( 11 years, 10 months ago )
Last submission 2019-02-19 09:58:06 UTC ( 1 month ago )
File names aa
YoutubeEXE_Setup.exe
FP4ht36Ni.7z
YoutubeEXE_Setup.exe
FDB63A9BF16A3BC133A2B3D421BA657D4B8BF2C4E135EDECD7D10D006CF0C5BB
suf70_launch.exe
suf70_launch
304792-YoutubeEXE_Setup.exe
YoutubeEXE_Setup.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.