× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: 71ac4000c6529e242e563c7aab3c5de8281f4e2fb4ada3f9a70d9b105d8cf67a
Nom du fichier : setup.exe
Ratio de détection : 0 / 68
Date d'analyse : 2018-01-05 16:44:23 UTC (il y a 1 an)
Antivirus Résultat Mise à jour
Ad-Aware 20171225
AegisLab 20180105
AhnLab-V3 20180105
Alibaba 20180105
ALYac 20180105
Antiy-AVL 20180105
Arcabit 20180105
Avast 20180105
Avast-Mobile 20180105
AVG 20180105
Avira (no cloud) 20180105
AVware 20180103
Baidu 20180105
BitDefender 20180105
Bkav 20180104
CAT-QuickHeal 20180105
ClamAV 20180105
CMC 20180105
Comodo 20180105
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20180105
Cyren 20180105
DrWeb 20180105
eGambit 20180105
Emsisoft 20180105
Endgame 20171130
ESET-NOD32 20180105
F-Prot 20180105
F-Secure 20180105
Fortinet 20180105
GData 20180105
Ikarus 20180105
Sophos ML 20170914
Jiangmin 20180105
K7AntiVirus 20180105
K7GW 20180105
Kaspersky 20180105
Kingsoft 20180105
Malwarebytes 20180105
MAX 20180105
McAfee 20180102
McAfee-GW-Edition 20180105
Microsoft 20180105
eScan 20180105
NANO-Antivirus 20180105
nProtect 20180105
Palo Alto Networks (Known Signatures) 20180105
Panda 20180105
Qihoo-360 20180105
Rising 20180105
SentinelOne (Static ML) 20171224
Sophos AV 20180105
SUPERAntiSpyware 20180105
Symantec 20180105
Tencent 20180105
TheHacker 20180103
TotalDefense 20180105
TrendMicro 20180105
TrendMicro-HouseCall 20180105
Trustlook 20180105
VBA32 20180105
VIPRE 20180105
ViRobot 20180105
Webroot 20180105
WhiteArmor 20171226
Yandex 20171229
Zillya 20180104
ZoneAlarm by Check Point 20180105
Zoner 20180105
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Original name setup.exe
Internal name setup.exe
File version 15.0.26621.2 built by: D15REL
Description Setup
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 5:49 PM 1/5/2018
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-06-22 02:16:29
Entry Point 0x00035267
Number of sections 5
PE sections
Overlays
MD5 520f88bc2c3dfbaadeeeacde365ae6b6
File type data
Offset 861184
Size 936
Entropy 7.05
PE imports
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
GetDeviceCaps
GetTextMetricsW
DeleteDC
CreateFontIndirectW
SelectObject
GetTextExtentPoint32W
GetStockObject
EnumFontFamiliesExW
GetObjectW
CreateCompatibleDC
DeleteObject
GetStdHandle
WaitForSingleObject
GetFileAttributesW
GetExitCodeProcess
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
UnhandledExceptionFilter
LoadLibraryExW
FreeEnvironmentStringsW
InitializeSListHead
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
FormatMessageW
GetEnvironmentVariableA
LoadResource
OutputDebugStringW
FindClose
BeginUpdateResourceW
BeginUpdateResourceA
SetLastError
InitializeCriticalSection
CopyFileW
UpdateResourceW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
UpdateResourceA
HeapSetInformation
LoadLibraryExA
EnumSystemLocalesW
TlsGetValue
MultiByteToWideChar
SetFilePointerEx
CreateThread
GetSystemDirectoryW
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
TerminateProcess
GetModuleHandleExW
GlobalAlloc
GetDiskFreeSpaceExW
SetEndOfFile
GetVersion
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
EndUpdateResourceW
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
RtlUnwind
FreeLibrary
GetWindowsDirectoryW
OpenProcess
DeleteFileA
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
GetTempFileNameW
CompareStringW
WriteFile
ExpandEnvironmentStringsW
FindNextFileW
GetEnvironmentVariableW
FindFirstFileW
IsValidLocale
FindFirstFileExW
GetProcAddress
ReadConsoleW
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
GetTimeFormatW
GetEnvironmentStringsW
VirtualQuery
lstrlenW
Process32NextW
SwitchToThread
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
Process32FirstW
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
FindResourceW
Sleep
FindResourceA
GetCurrentThreadId
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetMalloc
ShellExecuteA
GetComputerObjectNameW
SetFocus
CreateDialogIndirectParamW
DrawTextW
SetClassLongW
ShowWindow
ShowScrollBar
MessageBoxW
PeekMessageW
GetWindowRect
EnableWindow
MoveWindow
MessageBoxA
SendDlgItemMessageW
SetDlgItemTextW
DispatchMessageW
CreateDialogParamW
ReleaseDC
SendMessageW
TranslateMessage
GetSystemMetrics
SendMessageA
SetWindowTextW
GetDlgItem
SystemParametersInfoW
ScreenToClient
LoadImageW
IsDialogMessageW
GetClientRect
GetDialogBaseUnits
LoadCursorW
LoadIconW
GetFocus
GetDC
MsgWaitForMultipleObjects
SetForegroundWindow
SetCursor
ExitWindowsEx
DestroyWindow
InternetCrackUrlW
InternetCombineUrlW
Ord(78)
Ord(150)
Ord(8)
Ord(92)
CoUninitialize
CoInitialize
PE exports
Number of PE resources by type
Struct(43) 92
RT_ICON 18
RT_DIALOG 3
Struct(44) 2
Struct(45) 2
RT_GROUP_ICON 2
Struct(40) 2
RT_MANIFEST 1
RT_VERSION 1
Struct(41) 1
Number of PE resources by language
NEUTRAL 99
ENGLISH US 25
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
14.1

ImageVersion
10.0

FileVersionNumber
15.0.26621.2

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
485376

EntryPoint
0x35267

OriginalFileName
setup.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
15.0.26621.2 built by: D15REL

TimeStamp
2017:06:22 03:16:29+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
setup.exe

ProductVersion
15.0.26621.2

FileDescription
Setup

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
374784

FileSubtype
0

ProductVersionNumber
15.0.26621.2

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 6fc8374e8a09e77571796d40b204b0f4
SHA1 b70cc1e89e8ca901938b76457897beda38ae9a4c
SHA256 71ac4000c6529e242e563c7aab3c5de8281f4e2fb4ada3f9a70d9b105d8cf67a
ssdeep
12288:IDnvSvRUQ3MAc/esPH23fasNMT67eMb01JQntLOCOieeG:IDqvd3YeswNMe7emOyG

authentihash 30228eef150fcabac0b1747bffc8e8ae8c29ff2d13cc2d1c1e5abeedeea78bb8
imphash 81fd276d49dcfb5944ab1253641f139e
File size 841.9 KB ( 862120 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-12-08 16:40:11 UTC (il y a 1 an, 1 mois)
Last submission 2017-12-08 17:03:17 UTC (il y a 1 an, 1 mois)
Noms du fichier setup.exe
fs17modsupdater_install.exe
Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Deleted files
Runtime DLLs
UDP communications