× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: c0812ce91990ac541d70b79850f25c56f9f3c69b8309b6bb8d162b45654d0b80
Nom du fichier : YAC-Virus-Removal-Tool2929.exe
Ratio de détection : 23 / 67
Date d'analyse : 2018-07-18 04:01:47 UTC (il y a 3 mois)
Antivirus Résultat Mise à jour
Bkav W32.HfsAdware.A287 20180717
CAT-QuickHeal Downloader.Adload 20180717
Cylance Unsafe 20180718
DrWeb Adware.Mutabaha.1197 20180718
Endgame malicious (high confidence) 20180711
ESET-NOD32 Win32/Adware.ELEX.PQ 20180718
Fortinet Riskware/Elex 20180718
GData Win32.Application.Agent.4UJ34D 20180718
Ikarus not-a-virus:Downloader.Elex 20180717
Jiangmin AdWare.ELEX.cbb 20180718
Kaspersky not-a-virus:Downloader.Win32.AdLoad.xgms 20180718
MAX malware (ai score=95) 20180718
McAfee PUP-GJM 20180718
McAfee-GW-Edition PUP-GJM 20180718
NANO-Antivirus Riskware.Win32.ELEX.fbrjyi 20180717
Palo Alto Networks (Known Signatures) generic.ml 20180718
Rising Malware.Undefined!8.C (CLOUD) 20180718
SentinelOne (Static ML) static engine - malicious 20180701
SUPERAntiSpyware PUP.ELEX/Variant 20180717
VBA32 Downloader.AdLoad 20180717
Webroot System.Monitor.Isafe.Allinone.K 20180718
Yandex Riskware.Agent! 20180717
ZoneAlarm by Check Point not-a-virus:Downloader.Win32.AdLoad.xgms 20180718
Ad-Aware 20180718
AegisLab 20180718
AhnLab-V3 20180717
Alibaba 20180713
ALYac 20180718
Antiy-AVL 20180718
Arcabit 20180718
Avast 20180718
Avast-Mobile 20180717
AVG 20180718
Avira (no cloud) 20180717
AVware 20180718
Babable 20180406
Baidu 20180717
BitDefender 20180718
ClamAV 20180717
CMC 20180717
Comodo 20180718
CrowdStrike Falcon (ML) 20180530
Cybereason 20180225
Cyren 20180718
eGambit 20180718
Emsisoft 20180718
F-Prot 20180718
F-Secure 20180718
Sophos ML 20180717
K7AntiVirus 20180718
K7GW 20180718
Kingsoft 20180718
Malwarebytes 20180718
Microsoft 20180718
eScan 20180718
Panda 20180717
Qihoo-360 20180718
Sophos AV 20180718
Symantec 20180718
TACHYON 20180718
Tencent 20180718
TheHacker 20180716
TotalDefense 20180717
TrendMicro 20180718
TrendMicro-HouseCall 20180718
Trustlook 20180718
VIPRE 20180718
ViRobot 20180718
Zoner 20180717
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (c) 2011-2013 Woodtale Technology Inc

Product iSafe Security Protection
Original name Setup.exe
Internal name Setup.exe
File version 2.6.0.1
Description Setup
Comments Setup
Signature verification Certificate out of its validity period
Signers
[+] WOODTALE TECHNOLOGY INC
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer WoSign Class 3 Code Signing CA
Valid from 4:27 PM 7/11/2012
Valid to 10:16 AM 7/16/2015
Valid usage Code Signing, 1.3.6.1.4.1.311.2.1.22, Lifetime Signing
Algorithm sha1RSA
Thumbprint EF00842D40EAC4FDFC2BF62E00829AD83C6046AE
Serial number 04 53 F5 E1 43 79 37
[+] WoSign Class 3 Code Signing CA
Status Valid
Issuer Certification Authority of WoSign
Valid from 2:00 AM 8/8/2009
Valid to 2:00 AM 8/8/2024
Valid usage Code Signing, 1.3.6.1.4.1.311.2.1.22
Algorithm sha1RSA
Thumbprint 1C554F5B2042DF153C43E156C56F08EED0973EC7
Serial number 46 BB B3 40 FA B9 C1 79 28 93 8C 93 DA 10 86 79
[+] Certification Authority of WoSign
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer StartCom Certification Authority
Valid from 2:00 AM 3/1/2011
Valid to 2:00 AM 3/1/2016
Valid usage All
Algorithm sha1RSA
Thumbprint 868241C8B85AF79E2DAC79EDADB723E82A36AFC3
Serial number 3D
[+] StartCom Certification Authority
Status Valid
Issuer StartCom Certification Authority
Valid from 8:46 PM 9/17/2006
Valid to 8:46 PM 9/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbprint 3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F
Serial number 01
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
Command embedded
F-PROT UTF-8, Unicode
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-22 06:18:15
Entry Point 0x0000BDC6
Number of sections 5
PE sections
Overlays
MD5 e50727e84fe17d06de5db7930bc77ade
File type data
Offset 625664
Size 8008
Entropy 7.45
PE imports
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
CopyFileW
EnterCriticalSection
LCMapStringW
OutputDebugStringW
GetModuleFileNameW
WaitForSingleObject
FindResourceW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
RtlUnwind
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
SizeofResource
GetFileType
GetConsoleMode
DecodePointer
GetFileSize
LockResource
SetFileTime
GetCommandLineW
LoadLibraryExW
ExitProcess
TlsGetValue
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
CreateDirectoryW
DeleteFileW
GetProcAddress
LeaveCriticalSection
GetProcessHeap
SetStdHandle
RaiseException
UnhandledExceptionFilter
GetCPInfo
RemoveDirectoryW
TlsFree
SetFilePointer
GetSystemTimeAsFileTime
FindNextFileW
GetCurrentProcessId
SetUnhandledExceptionFilter
WriteFile
ReadFile
IsProcessorFeaturePresent
FindFirstFileW
LoadLibraryW
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
GetConsoleCP
WideCharToMultiByte
GetModuleHandleExW
IsValidCodePage
LoadResource
GetTempPathW
CreateFileW
CreateProcessW
FindClose
InterlockedDecrement
Sleep
SetLastError
SetFileAttributesW
TlsSetValue
HeapAlloc
GetCurrentThreadId
InterlockedIncrement
GetEnvironmentVariableW
WriteConsoleW
CloseHandle
SHGetSpecialFolderPathW
PathFileExistsW
PathCombineW
wsprintfW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
PE exports
Number of PE resources by type
RT_ICON 5
SZ_FILE 1
RT_VERSION 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 9
PE resources
ExifTool file metadata
SubsystemVersion
5.1

Comments
Setup

LinkerVersion
11.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.6.0.1

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Setup

CharacterSet
Unicode

InitializedDataSize
563712

EntryPoint
0xbdc6

OriginalFileName
Setup.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 2011-2013 Woodtale Technology Inc

FileVersion
2.6.0.1

TimeStamp
2013:08:22 07:18:15+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Setup.exe

ProductVersion
2.6.0.1

UninitializedDataSize
0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Woodtale Technology Inc

CodeSize
77312

ProductName
iSafe Security Protection

ProductVersionNumber
2.6.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 7b5352bffaee7856a2a9182a57f9d881
SHA1 9271ac56219eaa6e7c3beb56dcf85b4b0c94bcbd
SHA256 c0812ce91990ac541d70b79850f25c56f9f3c69b8309b6bb8d162b45654d0b80
ssdeep
12288:IGJlCwGFzD0dtyfnSajSq7ppXDip1OrGfbRQ8qS:IGJGFzD0oHFJgRQ8qS

authentihash a1ed5ba4ce2e911ddcdb9febcb89c404e3c0cc0e586b35fcaebdae3f3cc1e6b3
imphash ed79308c03211233ec21045cd78d13a2
File size 618.8 KB ( 633672 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2013-08-22 21:55:44 UTC (il y a 5 ans, 1 mois)
Last submission 2018-05-14 21:07:28 UTC (il y a 5 mois, 1 semaine)
Noms du fichier بيبي.exe
iSafedl(1).exe
iSafedl.ex
yac (1).exe
vti-rescan
Setup.exe
isafedl.exe
YAC-Virus-Removal-Tool2929 (1).exe
14432645
filename
file-5866253_exe
yac.exe
iSafedl.exe
iSafedl.exe
YAC-Virus-Removal-Tool2929.exe
output.14430080.txt
YAC.exe
14430080
iSafedl (1).exe
20130826-14.exe
yac.exe
iSafe Virus Removal Tool.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.