× I cookies sono disabilitati! Questo sito richiede i cookies abilitati per funzionare correttamente
SHA256: 7f347d9d3b5d726f4079529084d5725db20011d0acce8153bbe38b21e333623d
Nome del file: ClassicShellSetup_4_0_6-it.exe
Rapporto rilevamento: 1 / 51
Data analisi: 2014-04-13 11:12:29 UTC ( 4 anni, 8 mesi fa ) Leggli gli ultimi
Antivirus Risultato Aggiornamento
TrendMicro-HouseCall TROJ_GEN.F47V0408 20140413
Ad-Aware 20140413
AegisLab 20140413
Yandex 20140412
AhnLab-V3 20140412
AntiVir 20140412
Antiy-AVL 20140413
Avast 20140413
AVG 20140412
Baidu-International 20140413
BitDefender 20140413
Bkav 20140412
ByteHero 20140413
CAT-QuickHeal 20140412
ClamAV 20140413
CMC 20140411
Commtouch 20140413
Comodo 20140413
DrWeb 20140413
Emsisoft 20140413
ESET-NOD32 20140413
F-Prot 20140413
F-Secure 20140413
Fortinet 20140413
GData 20140413
Ikarus 20140413
Jiangmin 20140413
K7AntiVirus 20140411
K7GW 20140411
Kaspersky 20140413
Kingsoft 20140413
Malwarebytes 20140413
McAfee 20140413
McAfee-GW-Edition 20140413
Microsoft 20140413
eScan 20140413
NANO-Antivirus 20140413
Norman 20140412
nProtect 20140411
Panda 20140413
Qihoo-360 20140413
Rising 20140412
Sophos AV 20140413
SUPERAntiSpyware 20140412
Symantec 20140413
TheHacker 20140411
TotalDefense 20140413
TrendMicro 20140413
VBA32 20140411
VIPRE 20140413
ViRobot 20140412
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2009-2014, Ivo Beltchev

Publisher Ivaylo Beltchev
Product Classic Shell
Original name ClassicShellSetup.exe
Internal name ClassicShellSetup
File version 4, 0, 6, 0
Description Adds classic shell features to Windows 7 and Windows 8
Signature verification Signed file, verified signature
Signing date 9:33 PM 4/5/2014
Signers
[+] Ivaylo Beltchev
Status Valid
Issuer None
Valid from 10:10 AM 7/6/2013
Valid to 11:07 PM 7/6/2015
Valid usage Code Signing, 1.3.6.1.4.1.311.2.1.21, Lifetime Signing
Algorithm SHA1
Thumbprint 33F2C9DB85F76DDA4ECF00A77DA57B56B76F018D
Serial number 0A 5B
[+] StartCom Class 2 Primary Intermediate Object CA
Status Valid
Issuer None
Valid from 11:01 PM 10/24/2007
Valid to 11:01 PM 10/24/2017
Valid usage All
Algorithm SHA1
Thumbprint D893C4F678F891F2823CD078AA5E1C48FD1DA225
Serial number 24
[+] StartCom Certification Authority
Status Valid
Issuer None
Valid from 8:46 PM 9/17/2006
Valid to 8:46 PM 9/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm SHA1
Thumbprint 3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F
Serial number 01
Counter signers
[+] COMODO Time Stamping Signer
Status Valid
Issuer None
Valid from 1:00 AM 5/10/2010
Valid to 12:59 AM 5/11/2015
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 3DBB6DB5085C6DD5A1CA7F9CF84ECB1A3910CAC8
Serial number 47 8A 8E FB 59 E1 D8 3F 0C E1 42 D2 A2 87 07 BE
[+] USERTrust
Status Valid
Issuer None
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm SHA1
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-04-05 20:33:29
Entry Point 0x00003AC0
Number of sections 5
PE sections
PE imports
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
InitCommonControlsEx
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
GetConsoleOutputCP
SetHandleCount
GetModuleFileNameW
WaitForSingleObject
GetExitCodeProcess
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
VirtualFree
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetLocaleInfoA
GetConsoleMode
HeapSize
GetCurrentProcessId
LCMapStringW
OpenProcess
LockResource
GetCommandLineW
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
DeleteFileW
GetProcAddress
GetStringTypeA
GetFileType
SetStdHandle
RaiseException
GetCPInfo
SetEnvironmentVariableW
TlsFree
SetFilePointer
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
GetOEMCP
TerminateProcess
GetConsoleCP
LCMapStringA
WriteConsoleA
VirtualAlloc
IsValidCodePage
LoadResource
FindResourceW
CreateFileW
CreateProcessW
TlsGetValue
Sleep
SetLastError
GetTickCount
TlsSetValue
CreateFileA
GetCurrentThreadId
GetVersion
LeaveCriticalSection
ExitProcess
HeapCreate
WriteConsoleW
InterlockedIncrement
CommandLineToArgvW
DoEnvironmentSubstW
GetWindowThreadProcessId
MessageBoxW
EndDialog
CharUpperW
DialogBoxParamW
FindWindowW
SetProcessDPIAware
LoadStringW
GetDlgItemTextW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
Number of PE resources by type
RT_ICON 5
RT_STRING 3
MSI_FILE 3
RT_DIALOG 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 15
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.0.6.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Unicode

InitializedDataSize
6843904

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2009-2014, Ivo Beltchev

FileVersion
4, 0, 6, 0

TimeStamp
2014:04:05 21:33:29+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ClassicShellSetup

ProductVersion
4, 0, 6, 0

FileDescription
Adds classic shell features to Windows 7 and Windows 8

OSVersion
5.0

OriginalFilename
ClassicShellSetup.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
IvoSoft

CodeSize
50176

ProductName
Classic Shell

ProductVersionNumber
4.0.6.0

EntryPoint
0x3ac0

ObjectFileType
Executable application

File identification
MD5 5af2c465137ff563d70a2e62691c30a1
SHA1 f28554d8721f100d0abb44a602310823e7659b44
SHA256 7f347d9d3b5d726f4079529084d5725db20011d0acce8153bbe38b21e333623d
ssdeep
196608:icM32MQkzkRSGViZiZhCV18t9oo+giZiNS3q:iDQkzkRSCL

authentihash 36aff6aaac6ad5247221d347853588ddcbd6b39fc239105f7d89302cda820e1c
imphash c31df50c0128d7be11bbb3dc732477ea
File size 6.6 MB ( 6900928 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe signed

VirusTotal metadata
First submission 2014-04-08 16:09:28 UTC ( 4 anni, 8 mesi fa )
Last submission 2014-12-17 07:02:59 UTC ( 3 anni, 12 mesi fa )
Nomi dei files ClassicShellSetup_4_0_6-it.exe
file-6841244_exe
ClassicShellSetup.exe
4d7d8083312cb8d19cf1a4cd1778b953de6f8a3277327acce5a976c05e5ba8d8-1396973362
ClassicShellSetup_4_0_6-it.exe
ClassicShellSetup
ClassicShellSetup_4_0_6-it.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Nessun commento. Nessun membro della Comunità di VirusTotal ha commentato questo item, sii il primo a farlo!

Lascia il tuo commento...

?
Posta commento

Non ti sei ancora collegato. Solo gli utenti registrati possono commentare, collegati ed esprimi il tuo giudizio!

Nessun voto. Nessuno ha ancora votato questo item, sii il primo a farlo!