× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: 1cec99b4b040c7e79ce3dda31d5636282abdbad0fecdf101ce168d4592490ccc
Nom du fichier : gilisoftusbstickencryption-setup.exe
Ratio de détection : 12 / 55
Date d'analyse : 2015-08-09 20:52:54 UTC (il y a 2 ans, 3 mois)
Antivirus Résultat Mise à jour
Ad-Aware Gen:Variant.Application.Jaik.8223 20150809
AhnLab-V3 PUP/Win32.DownloadAdmin 20150809
Arcabit Trojan.Application.Jaik.D201F 20150809
AVG Generic.A50 20150809
Avira (no cloud) PUA/DownloadAdmin.Gen7 20150809
BitDefender Gen:Variant.Application.Jaik.8223 20150809
Bkav HW32.Packed.DF47 20150807
DrWeb Trojan.Vittalia.322 20150809
ESET-NOD32 a variant of Win32/DownloadAdmin.M potentially unwanted 20150809
F-Secure Gen:Variant.Application.Jaik 20150807
GData Gen:Variant.Application.Jaik.8223 20150809
eScan Gen:Variant.Application.Jaik.8223 20150809
AegisLab 20150809
Yandex 20150809
Alibaba 20150803
ALYac 20150809
Antiy-AVL 20150809
Avast 20150809
AVware 20150809
Baidu-International 20150809
ByteHero 20150809
CAT-QuickHeal 20150808
ClamAV 20150808
Comodo 20150809
Cyren 20150809
Emsisoft 20150809
F-Prot 20150809
Fortinet 20150809
Ikarus 20150809
Jiangmin 20150807
K7AntiVirus 20150809
K7GW 20150809
Kaspersky 20150809
Kingsoft 20150809
Malwarebytes 20150809
McAfee 20150809
McAfee-GW-Edition 20150809
Microsoft 20150809
NANO-Antivirus 20150809
nProtect 20150807
Panda 20150809
Qihoo-360 20150809
Rising 20150809
Sophos AV 20150809
SUPERAntiSpyware 20150809
Symantec 20150809
Tencent 20150813
TheHacker 20150809
TrendMicro 20150809
TrendMicro-HouseCall 20150809
VBA32 20150809
VIPRE 20150809
ViRobot 20150809
Zillya 20150808
Zoner 20150809
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2015

Publisher GMT+2
Product Nimble Professional Installer Setup
Original name setup.exe
Internal name setup.exe
File version 2.0.6.5413
Description Nimble Professional Installer Setup
Signature verification Signed file, verified signature
Signers
[+] GMT+2
Status Valid
Issuer None
Valid from 1:00 AM 7/6/2015
Valid to 12:59 AM 7/6/2016
Valid usage Code Signing
Algorithm SHA1
Thumbprint FFF5DFEDC2C52FB4972DA8AB6E575BAD63A9845B
Serial number 49 2E 66 E1 2C BD 1A A4 86 67 61 2F 75 7C F6 61
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer None
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer None
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm SHA1
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-08-16 02:44:30
Entry Point 0x0000D022
Number of sections 6
PE sections
Overlays
MD5 6ae906f31cd71c406a133ffbc938c4bc
File type data
Offset 893952
Size 6248
Entropy 7.37
PE imports
SelectObject
EnumObjects
CreateFontA
CreateFontIndirectA
CreateBitmap
DeleteObject
GetLastError
GetStdHandle
CreateFileMappingA
GetFileAttributesA
WaitForSingleObject
FreeLibrary
QueryPerformanceCounter
ExitProcess
OutputDebugStringA
FlushFileBuffers
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
GetStartupInfoA
GetCurrentProcessId
CreateDirectoryA
DeleteFileA
GetCurrentDirectoryA
UnhandledExceptionFilter
SetErrorMode
MultiByteToWideChar
ExpandEnvironmentStringsA
GetCommandLineA
GetProcAddress
InterlockedCompareExchange
GetFullPathNameA
lstrcmpiA
MapViewOfFile
GetModuleHandleA
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
lstrcpynA
DuplicateHandle
GetCurrentThreadId
SetEnvironmentVariableA
ReadConsoleA
GetExitCodeProcess
LocalFree
TerminateProcess
ResumeThread
CreateProcessA
WriteConsoleA
GetEnvironmentVariableA
Sleep
FormatMessageA
CreateFileA
GetTickCount
GetVersion
SetCurrentDirectoryA
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteExA
SHFileOperationA
GetWindowLongA
CreateWindowExA
SendMessageW
GetMessageA
DispatchMessageA
EndPaint
BeginPaint
PostMessageA
TranslateMessage
SendMessageA
DrawTextA
DrawTextW
ShowWindow
RegisterClassA
GetDC
GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError
rand
malloc
__p__fmode
realloc
memset
_time64
_cexit
?terminate@@YAXXZ
memcpy
_amsg_exit
exit
_XcptFilter
_snprintf
__setusermatherr
_acmdln
srand
_ismbblead
_exit
__p__commode
free
atoi
__getmainargs
_initterm
__argv
_pgmptr
memmove
__argc
_controlfp
__set_app_type
CoInitializeEx
CoCreateInstance
CoTaskMemFree
OleInitialize
Number of PE resources by type
RT_ICON 4
TYPELIB 1
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 8
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
842240

ImageVersion
0.0

ProductName
Nimble Professional Installer Setup

FileVersionNumber
2.0.6.5413

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
setup.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.0.6.5413

TimeStamp
2014:08:16 03:44:30+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
setup.exe

ProductVersion
2.0.6.5413

FileDescription
Nimble Professional Installer Setup

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) 2015

MachineType
Intel 386 or later, and compatibles

CompanyName
Nimble Professional Installer Setup

CodeSize
54784

FileSubtype
0

ProductVersionNumber
2.0.6.5413

EntryPoint
0xd022

ObjectFileType
Executable application

File identification
MD5 ee1a29d5eac9c552ede441000df35fb6
SHA1 0104d26bad2201f2a2fe0aeb5e3779408bf87072
SHA256 1cec99b4b040c7e79ce3dda31d5636282abdbad0fecdf101ce168d4592490ccc
ssdeep
12288:ybF9ZHtgq2f19dUxHBFd9UMDnHU8fFi9UhGosd/pUHyizwxu+cduoHhDekE9IhER:yzZ9C1idnz/hmd/0ycw1cduoIkpKR

authentihash 6c8529ccecb3464e3e81977145a93e7546b19458c07d35d9aa00427d8504e36c
imphash 043a2331667ec5ec389e63cebfab219e
File size 879.1 KB ( 900200 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows screen saver (46.4%)
Win32 Dynamic Link Library (generic) (23.3%)
Win32 Executable (generic) (15.9%)
Generic Win/DOS Executable (7.1%)
DOS Executable Generic (7.0%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2015-08-09 20:52:54 UTC (il y a 2 ans, 3 mois)
Last submission 2015-08-09 20:52:54 UTC (il y a 2 ans, 3 mois)
Noms du fichier setup.exe
gilisoftusbstickencryption-setup.exe
Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Opened mutexes
Runtime DLLs