× Cookies are disabled! אתר זה דורש שקבצי Cookie יהיו זמינים על מנת שיוכל לפעול כראוי
SHA256: cfd6488f60f48ab372aa01ee43b652b6441f0c73af9664570d9398678bedb167
שם קובץ: BetternetForWindows.exe
יחס זיהוי: 0 / 68
תאריך ניתוח: 2018-06-29 00:59:36 UTC ( 10 חודשים, 3 שבועות לפני ) הצג אחרון
אנטי־וירוס תוצאה עדכן
Ad-Aware 20180629
AegisLab 20180629
AhnLab-V3 20180628
Alibaba 20180628
ALYac 20180629
Antiy-AVL 20180629
Arcabit 20180629
Avast 20180629
Avast-Mobile 20180629
AVG 20180629
Avira (no cloud) 20180628
AVware 20180629
Babable 20180406
Baidu 20180628
BitDefender 20180629
Bkav 20180628
CAT-QuickHeal 20180628
ClamAV 20180628
CMC 20180628
Comodo 20180629
CrowdStrike Falcon (ML) 20180530
Cybereason 20180225
Cylance 20180629
Cyren 20180629
DrWeb 20180629
eGambit 20180629
Emsisoft 20180629
Endgame 20180612
ESET-NOD32 20180629
F-Prot 20180629
F-Secure 20180629
Fortinet 20180629
GData 20180629
Ikarus 20180628
Sophos ML 20180601
Jiangmin 20180629
K7AntiVirus 20180628
K7GW 20180629
Kaspersky 20180629
Kingsoft 20180629
Malwarebytes 20180629
MAX 20180629
McAfee 20180629
McAfee-GW-Edition 20180629
Microsoft 20180629
eScan 20180629
NANO-Antivirus 20180629
Palo Alto Networks (Known Signatures) 20180629
Panda 20180628
Qihoo-360 20180629
Rising 20180629
SentinelOne (Static ML) 20180618
Sophos AV 20180628
SUPERAntiSpyware 20180629
Symantec 20180629
Symantec Mobile Insight 20180626
TACHYON 20180629
Tencent 20180629
TheHacker 20180628
TotalDefense 20180628
TrendMicro 20180629
TrendMicro-HouseCall 20180629
Trustlook 20180629
VBA32 20180628
VIPRE 20180629
ViRobot 20180628
Webroot 20180629
Yandex 20180628
Zillya 20180627
ZoneAlarm by Check Point 20180629
Zoner 20180629
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2018 Betternet Technologies Inc., All Rights Reserved

Product Betternet for Windows
Original name BetternetForWindows.exe
Internal name BetternetForWindows.exe
File version 4.3.0
Description Betternet for Windows
Signature verification Signed file, verified signature
Signing date 7:03 PM 6/26/2018
Signers
[+] BetterNet LLC
Status Valid
Issuer Symantec Class 3 SHA256 Code Signing CA
Valid from 12:00 AM 04/20/2017
Valid to 11:59 PM 04/19/2020
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 9743EEF6EAB2EE3C6699E449E376C9F8A57BA1B1
Serial number 7A 47 E4 C0 EF 3C AE 90 B1 EC AD 10 77 55 B7 86
[+] Symantec Class 3 SHA256 Code Signing CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 12:00 AM 12/10/2013
Valid to 11:59 PM 12/09/2023
Valid usage Client Auth, Code Signing
Algorithm sha256RSA
Thumbprint 007790F6561DAD89B0BCD85585762495E358F8A5
Serial number 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 12:00 AM 11/08/2006
Valid to 11:59 PM 07/16/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] GlobalSign TSA for MS Authenticode advanced - G2
Status Valid
Issuer GlobalSign Timestamping CA - SHA256 - G2
Valid from 12:00 AM 02/19/2018
Valid to 10:00 AM 03/18/2029
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 3EC766D5D4D472E21B1F2143521C31B790D94B68
Serial number 24 54 B8 7F 1E 14 53 AD 37 FA A1 78
[+] GlobalSign Timestamping CA - SHA256 - G2
Status Valid
Issuer GlobalSign
Valid from 10:00 AM 08/02/2011
Valid to 10:00 AM 03/29/2029
Valid usage All
Algorithm sha256RSA
Thumbrint 91843BBD936D86EAFA42A3AFBF33E92831068F99
Serial number 04 00 00 00 00 01 31 89 C6 50 04
[+] GlobalSign Root CA - R3
Status Valid
Issuer GlobalSign
Valid from 10:00 AM 03/18/2009
Valid to 10:00 AM 03/18/2029
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha256RSA
Thumbrint D69B561148F01C77C54578C10926DF5B856976AD
Serial number 04 00 00 00 00 01 21 58 53 08 A2
Packers identified
F-PROT NSIS, 7Z
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-12-27 06:26:07
Entry Point 0x000032A0
Number of sections 5
PE sections
Overlays
MD5 7d401ed829b5841fde7c4f3e96d6eb2c
File type data
Offset 275968
Size 8227416
Entropy 8.00
PE imports
RegCreateKeyExW
RegEnumValueW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueExW
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
CreateFontIndirectW
SelectObject
CreateBrushIndirect
SetBkMode
SetBkColor
DeleteObject
SetTextColor
SetFilePointer
GetLastError
CopyFileW
GetShortPathNameW
lstrlenA
GetModuleFileNameW
GlobalFree
WaitForSingleObject
GetExitCodeProcess
ExitProcess
GlobalUnlock
GetFileAttributesW
lstrlenW
GetCurrentProcess
CompareFileTime
GetWindowsDirectoryW
GetFileSize
SetFileTime
GetCommandLineW
WideCharToMultiByte
SetErrorMode
MultiByteToWideChar
CreateDirectoryW
DeleteFileW
GlobalLock
ReadFile
lstrcpyA
GetPrivateProfileStringW
WritePrivateProfileStringW
GetTempFileNameW
lstrcpynW
RemoveDirectoryW
ExpandEnvironmentStringsW
lstrcpyW
GetFullPathNameW
lstrcmpiA
CreateThread
SetEnvironmentVariableW
MoveFileExW
GetModuleHandleA
GetSystemDirectoryW
GetDiskFreeSpaceW
FindNextFileW
GetTempPathW
CloseHandle
FindFirstFileW
lstrcmpW
GetModuleHandleW
lstrcatW
FreeLibrary
LoadLibraryW
SearchPathW
lstrcmpiW
SetCurrentDirectoryW
WriteFile
CreateFileW
GlobalAlloc
CreateProcessW
FindClose
Sleep
MoveFileW
SetFileAttributesW
GetTickCount
GetVersion
GetProcAddress
LoadLibraryExW
MulDiv
SHBrowseForFolderW
SHFileOperationW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFileInfoW
EmptyClipboard
GetMessagePos
EndPaint
EndDialog
LoadBitmapW
SetClassLongW
DefWindowProcW
CharPrevW
PostQuitMessage
ShowWindow
SetWindowPos
SendMessageTimeoutW
GetSystemMetrics
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
EnableWindow
GetDC
DialogBoxParamW
AppendMenuW
IsWindowEnabled
GetDlgItemTextW
MessageBoxIndirectW
GetSysColor
CheckDlgButton
DispatchMessageW
CreateDialogParamW
ReleaseDC
BeginPaint
CreatePopupMenu
SendMessageW
SetWindowTextW
SetClipboardData
GetWindowLongW
FindWindowExW
IsWindowVisible
DestroyWindow
GetClientRect
SetTimer
GetDlgItem
SetForegroundWindow
SystemParametersInfoW
DrawTextW
LoadImageW
EnableMenuItem
ScreenToClient
InvalidateRect
wsprintfA
CharNextW
CallWindowProcW
TrackPopupMenu
RegisterClassW
FillRect
CharNextA
SetDlgItemTextW
LoadCursorW
GetSystemMenu
GetClassInfoW
CreateWindowExW
wsprintfW
CloseClipboard
SetCursor
ExitWindowsEx
OpenClipboard
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_ICON 23
RT_DIALOG 3
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 29
PE resources
ExifTool file metadata
UninitializedDataSize
2048

LinkerVersion
6.0

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
4.3.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Betternet for Windows

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
186368

EntryPoint
0x32a0

OriginalFileName
BetternetForWindows.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2018 Betternet Technologies Inc., All Rights Reserved

FileVersion
4.3.0

TimeStamp
2015:12:27 06:26:07+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
BetternetForWindows.exe

ProductVersion
4.3.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Betternet Technologies Inc.

CodeSize
25600

ProductName
Betternet for Windows

ProductVersionNumber
4.3.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 439a368ebf9912e3e43268750475c9af
SHA1 ab39e153b65bac4887785393088c75dadf7cacb6
SHA256 cfd6488f60f48ab372aa01ee43b652b6441f0c73af9664570d9398678bedb167
ssdeep
196608:av9cc7CRW4MH7dJwYSMOs6IrtuVbntcmNfM6RtjOrcZYUO4HYKfvu:aFcc76WxwYSKSVbtcC0IY2G

authentihash 16aaf74cc3073e6adf99fd611e2349779a83fe261e2288403463ae361c25d2f0
imphash d4b94e8ee3f620a89d114b9da4b31873
קודל קובץ 8.1 מ"ב ( 8503384 bytes )
סוג קובץ Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
nsis peexe signed overlay

VirusTotal metadata
First submission 2018-06-27 04:31:52 UTC ( 10 חודשים, 3 שבועות לפני )
Last submission 2019-02-17 18:30:08 UTC ( 3 חודשים לפני )
שמות קבצים BetternetForWindows.exe
BetternetForWindows430.exe
BetternetForWindows.exe
BetternetForWindows430.exe
BetternetForWindows.exe
CFD6488F60F48AB372AA01EE43B652B6441F0C73AF9664570D9398678BEDB167.exe
אין תגובות. אף חבר קהילה של VirusTotal הגיב על הפריט הזה. היה הראשון לעשות זאת!

השאר תגובה...

?
פרסם תגובה

אתה לא מחובר. רק משתמשים רשומים יכולים להשאיר תגובה. והתחבר והראה את קולך!

אין הצבעות. אף אחד לא הצביע על קובץ זה. היה הראשון לעשות זאת!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Created processes
Code injections in the following processes
Terminated processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs