× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0ddc3498b8b113ed923adaad290b8e20bafa6782d2bbf30918cc75d7d3d1670f
File name: Split_WinISO_final.exe
Detection ratio: 1 / 58
Analysis date: 2017-03-06 00:30:09 UTC ( 7 bulan, 2 minggu ago )
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_69% (D) 20170130
Ad-Aware 20170305
AegisLab 20170305
AhnLab-V3 20170305
Alibaba 20170228
ALYac 20170305
Antiy-AVL 20170305
Arcabit 20170305
Avast 20170305
AVG 20170305
Avira (no cloud) 20170305
AVware 20170305
Baidu 20170303
BitDefender 20170305
Bkav 20170303
CAT-QuickHeal 20170304
ClamAV 20170305
CMC 20170305
Comodo 20170306
Cyren 20170305
DrWeb 20170306
Emsisoft 20170306
Endgame 20170222
ESET-NOD32 20170306
F-Prot 20170306
F-Secure 20170306
Fortinet 20170305
GData 20170306
Ikarus 20170305
Sophos ML 20170203
Jiangmin 20170301
K7AntiVirus 20170305
K7GW 20170305
Kaspersky 20170305
Kingsoft 20170306
Malwarebytes 20170306
McAfee 20170305
McAfee-GW-Edition 20170305
Microsoft 20170305
eScan 20170305
NANO-Antivirus 20170306
nProtect 20170305
Panda 20170305
Qihoo-360 20170306
Rising 20170306
Sophos AV 20170306
SUPERAntiSpyware 20170305
Symantec 20170305
Tencent 20170306
TheHacker 20170305
TrendMicro 20170305
TrendMicro-HouseCall 20170306
Trustlook 20170306
VBA32 20170303
VIPRE 20170305
ViRobot 20170305
Webroot 20170306
WhiteArmor 20170303
Yandex 20170225
Zillya 20170304
Zoner 20170305
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2017 Chandra

Product Split WinISO
Original name Split_WinISO_final.exe
Internal name ams_launch
File version 2017.1.9.0
Description Split and Covert Windows Installer
Comments Created with AutoPlay Media Studio (www.indigorose.com)
Packers identified
F-PROT ZIP
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-02-10 21:10:02
Entry Point 0x0002CBBC
Number of sections 4
PE sections
Overlays
MD5 37572bcd3ef1e79ace722fdc596f85de
File type data
Offset 525824
Size 13375952
Entropy 8.00
PE imports
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegQueryValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
GetFileTitleA
SetMapMode
SaveDC
TextOutA
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetTextColor
GetObjectA
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
ExtTextOutA
PtVisible
ScaleViewportExtEx
SelectObject
SetWindowExtEx
SetViewportExtEx
Escape
SetBkColor
DeleteObject
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
GetFileAttributesA
GetDriveTypeA
lstrcmpW
GetExitCodeProcess
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetFileTime
GetTempPathA
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
EnumResourceLanguagesA
HeapReAlloc
GetStringTypeW
SetFileAttributesA
FreeLibrary
LocalFree
MoveFileA
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
TlsGetValue
FormatMessageA
SetLastError
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
GetVolumeInformationA
LoadLibraryExA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointer
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
MulDiv
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
SetCurrentDirectoryA
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
UnlockFile
GetFileSize
GlobalDeleteAtom
CreateDirectoryA
DeleteFileA
GetFullPathNameA
GetProcAddress
GetProcessHeap
CompareStringW
GetFileSizeEx
GlobalReAlloc
lstrcmpA
FindFirstFileA
GetDiskFreeSpaceA
CompareStringA
CreateFileMappingA
FindNextFileA
DuplicateHandle
GlobalLock
GetTimeZoneInformation
GlobalFindAtomA
GetFileType
SetVolumeLabelA
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
SystemTimeToFileTime
LCMapStringW
UnmapViewOfFile
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GlobalGetAtomNameA
GetEnvironmentStringsW
GlobalUnlock
LockFile
RemoveDirectoryA
FileTimeToLocalFileTime
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
SetFileTime
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
GlobalFlags
CloseHandle
GetACP
GetModuleHandleW
FreeResource
SizeofResource
CreateProcessA
WideCharToMultiByte
IsValidCodePage
HeapCreate
lstrcpyA
VirtualFree
Sleep
FindResourceA
VirtualAlloc
VariantChangeType
VariantInit
VariantClear
SHFileOperationA
PathFindFileNameA
PathFindExtensionA
PathIsUNCA
PathStripToRootA
SetFocus
GetForegroundWindow
SetMenuItemBitmaps
DestroyMenu
PostQuitMessage
GetMessagePos
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
GrayStringA
GetMessageTime
SetActiveWindow
GetDC
GetCursorPos
DrawTextA
GetDlgCtrlID
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
GetNextDlgTabItem
CallNextHookEx
GetTopWindow
MsgWaitForMultipleObjects
GetActiveWindow
GetWindowTextA
DestroyWindow
GetMessageA
GetParent
UpdateWindow
SetPropA
GetMenuState
GetClassInfoExA
ShowWindow
GetPropA
GetDesktopWindow
CharToOemBuffA
EnableWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
GetWindowPlacement
OemToCharBuffA
IsIconic
RegisterClassA
TabbedTextOutA
GetWindowLongA
CreateWindowExA
CopyRect
GetSysColorBrush
PtInRect
IsDialogMessageA
MapWindowPoints
BeginPaint
RegisterWindowMessageA
DefWindowProcA
SendDlgItemMessageA
GetSystemMetrics
EnableMenuItem
GetWindowRect
PostMessageA
DrawIcon
SetWindowLongA
RemovePropA
SetWindowTextA
CheckMenuItem
GetSubMenu
GetLastActivePopup
GetDlgItem
GetMenuCheckMarkDimensions
ClientToScreen
GetClassLongA
CreateDialogIndirectParamA
LoadCursorA
LoadIconA
SetWindowsHookExA
GetMenuItemCount
ValidateRect
GetMenuItemID
SetForegroundWindow
ReleaseDC
EndDialog
GetCapture
DrawTextExA
GetWindowThreadProcessId
SetMenu
MessageBoxA
AdjustWindowRectEx
GetSysColor
GetKeyState
SystemParametersInfoA
IsWindowVisible
WinHelpA
wsprintfA
CallWindowProcA
GetClassNameA
GetFocus
ModifyMenuA
UnhookWindowsHookEx
SetCursor
OpenPrinterA
DocumentPropertiesA
ClosePrinter
Number of PE resources by type
RT_CURSOR 16
RT_GROUP_CURSOR 15
RT_ICON 14
RT_STRING 13
RT_DIALOG 3
RT_BITMAP 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 66
PE resources
ExifTool file metadata
SpecialBuild
E2B

LegalTrademarks
Trademark of www.orbitsolusi.com

SubsystemVersion
5.0

Comments
Created with AutoPlay Media Studio (www.indigorose.com)

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2017.1.9.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Split and Covert Windows Installer

CharacterSet
ASCII

InitializedDataSize
265216

PrivateBuild
Chandra

EntryPoint
0x2cbbc

OriginalFileName
Split_WinISO_final.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2017 Chandra

FileVersion
2017.1.9.0

TimeStamp
2015:02:10 22:10:02+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ams_launch

ProductVersion
2017.1.9.0

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Public Release

CodeSize
259584

ProductName
Split WinISO

ProductVersionNumber
2017.1.9.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 b1628a6ba3ce583a2c8d566d62cf572f
SHA1 247873b76c99786abcf073bbcd4b0d8e7451c2a5
SHA256 0ddc3498b8b113ed923adaad290b8e20bafa6782d2bbf30918cc75d7d3d1670f
ssdeep
196608:NmY+VpAQ2rpBMdyzjZSvqD3UA591N+NgmDmJButgM5WS8qj+MwrUncN1o0lcuPdW:AcMwZD3/EgLJOgM5GqS/UcHXcodILpj

authentihash 3f5c4ebb74514cf4db056ba4c51628d5be2cf44b72207a31ffa5836585ed2e6c
imphash 230363beee3a16b40f8fefab5ba42a93
File size 13.3 MB ( 13901776 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (56.1%)
Windows screen saver (26.6%)
Win32 Executable (generic) (9.1%)
Generic Win/DOS Executable (4.0%)
DOS Executable Generic (4.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-03-05 22:42:50 UTC ( 7 bulan, 2 minggu ago )
Last submission 2017-03-06 00:30:09 UTC ( 7 bulan, 2 minggu ago )
File names ams_launch
Split_WinISO_final.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications