Antivirus scan for 039746854c21ca23a9430d41d62289c678a40e6cab2dd542db76e25fc7e88e93 at 2018-12-01 13:19:23 UTC

Antivirus	Résultat	Mise à jour
Ad-Aware		20181201
AegisLab		20181201
AhnLab-V3		20181201
Alibaba		20180921
ALYac		20181201
Antiy-AVL		20181201
Arcabit		20181201
Avast		20181201
Avast-Mobile		20181201
AVG		20181201
Avira (no cloud)		20181201
Babable		20180918
Baidu		20181130
BitDefender		20181201
Bkav		20181129
CAT-QuickHeal		20181201
ClamAV		20181201
CMC		20181201
Comodo		20181201
CrowdStrike Falcon (ML)		20181022
Cybereason		20180225
Cylance		20181201
Cyren		20181201
DrWeb		20181201
Emsisoft		20181201
Endgame		20181108
ESET-NOD32		20181201
F-Prot		20181201
F-Secure		20181201
Fortinet		20181201
GData		20181201
Sophos ML		20181128
Jiangmin		20181201
K7AntiVirus		20181201
K7GW		20181201
Kaspersky		20181201
Kingsoft		20181201
Malwarebytes		20181201
MAX		20181201
McAfee		20181201
McAfee-GW-Edition		20181201
Microsoft		20181203
eScan		20181201
NANO-Antivirus		20181201
Palo Alto Networks (Known Signatures)		20181201
Panda		20181201
Qihoo-360		20181201
Rising		20181201
SentinelOne (Static ML)		20181011
Sophos AV		20181201
SUPERAntiSpyware		20181128
Symantec		20181201
Symantec Mobile Insight		20181121
TACHYON		20181201
Tencent		20181201
TheHacker		20181129
Trapmine		20181128
TrendMicro		20181203
TrendMicro-HouseCall		20181201
Trustlook		20181201
VBA32		20181130
VIPRE		20181203
ViRobot		20181201
Webroot		20181201
Yandex		20181130
Zillya		20181130
ZoneAlarm by Check Point		20181201
Zoner		20181201

The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.

Authenticode signature block and FileVersionInfo properties

Signature verification Signed file, verified signature

Signing date 2:17 PM 12/1/2018

Signers

[+] LEBLOND JACQUES

[+] GlobalSign Extended Validation CodeSigning CA - SHA256 - G3

[+] GlobalSign Root CA - R3

Counter signers

[+] GlobalSign TSA for Advanced - G2

[+] GlobalSign Timestamping CA - SHA256 - G2

[+] GlobalSign Root CA - R3

Packers identified

F-PROT NSIS

PE header basic information

Target machine Intel 386 or later processors and compatible processors

Compilation timestamp 2015-12-27 05:38:52

Entry Point 0x0000324F

Number of sections 5

PE sections

Name Virtual address Virtual size Raw size Entropy MD5

.text 4096 23626 24064 6.41 dc6169c882205c7b23cb58dc4b63f780

.rdata 28672 4446 4608 5.14 7bfb248cadc702f29108b250c44a0ae8

.data 36864 110712 1536 4.23 4ec417bc885907f94e54e3304e00666b

.ndata 151552 36864 0 0.00 d41d8cd98f00b204e9800998ecf8427e

.rsrc 188416 94272 94720 7.17 2ccda51a29cf56901580a775e3b31911

Overlays

MD5 3c7281b3aa6f854d90a09ded4ec3ad4e

File type data

Offset 125952

Size 35971720

Entropy 8.00

PE imports

Number of PE resources by type

RT_ICON 6

RT_DIALOG 6

RT_MANIFEST 1

RT_GROUP_ICON 1

Number of PE resources by language

ENGLISH US 14

PE resources

18466509968c3c0bf92ba410fea075def2b257a5a799a113cbc60f13e75f4b01 data

3c019005f29293a49cbc85bf498acce425a00d64bcbed93082ef41c9c0d840da data

48a113bb3db9a42bc3a9eb35e060c70159e48ce71e792fc7e0328022f0bf8609 data

4a55bd714f5d50cd8eabba10e57f0618f1842717dcfa582d73a917b1933cd1d4 data

5a1f884660f2684aba250e342dae43446540cfb0e32d62fa4c75fe65745af525 data

64165a7423f01280a2058691ed0fa5638f1043d204f81d65d8da881bc834568f data

954b55f16172d4bbd97a3ff6dc92730590d9df1944d731d32abb32b8aa5aebfc ASCII text

955f6818e43fcfc60f1fc31cca4bf1418545e7202d79ec778833eda5e209830f image/x-png

9dfacbe444e14cd17c5956afa713f043c2b1150d37868af1661b5bb848fee3f5 data

a7e5ea849cb343e9b58de221aeb25c9dd4a3748070bfba879a30c4265fc39023 data

ExifTool file metadata

MIMEType

application/octet-stream

Subsystem

Windows GUI

SubsystemVersion

4.0

MachineType

Intel 386 or later, and compatibles

TimeStamp

2015:12:27 06:38:52+01:00

FileType

Win32 EXE

PEType

PE32

CodeSize

24064

LinkerVersion

6.0

FileTypeExtension

exe

InitializedDataSize

120320

ImageFileCharacteristics

No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint

0x324f

OSVersion

4.0

ImageVersion

6.0

UninitializedDataSize

1024

File identification

MD5 8c4210e3436856947548a26fec53ee97

SHA1 c0ef19e7f4ffc41a47f3043c403e9f8f6498d3a1

SHA256 039746854c21ca23a9430d41d62289c678a40e6cab2dd542db76e25fc7e88e93

ssdeep

786432:hS52M9/96NuZMuoh4if78wP9djdVfaBz81YDGLx/a1zikwx3mKU/:4oM9/okquo5XLVM41YYM1Zw9mP

authentihash bd5e717e81e018fc83137715f2b304d0aabbbedc8a36dea7f0aebb5e415b97fe

imphash ab6770b0a8635b9d92a5838920cfe770

File size 34.4 MB ( 36097672 bytes )

File type Win32 EXE

Magic literal

PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID	Win32 Executable (generic) (42.7%) OS/2 Executable (generic) (19.2%) Generic Win/DOS Executable (18.9%) DOS Executable Generic (18.9%)

VirusTotal metadata

First submission 2018-12-01 13:19:23 UTC (il y a 4 mois, 3 semaines)

Last submission 2018-12-01 13:19:23 UTC (il y a 4 mois, 3 semaines)

Noms du fichier

GesFine-v7.5.87.6909-setup.exe

SHA256:	039746854c21ca23a9430d41d62289c678a40e6cab2dd542db76e25fc7e88e93
Nom du fichier :	GesFine-v7.5.87.6909-setup.exe
Ratio de détection :	0 / 67
Date d'analyse :	2018-12-01 13:19:23 UTC (il y a 4 mois, 3 semaines)

Ciphered bundle