× Cookie が無効になっています。 このサイトを正しく動作させるには、Cookie を有効にする必要があります
SHA256: 27185b2b036b829a357c2099ebe133e92454b6c4cf3022803cf4bcb3b1696ade
ファイル名: AviatorSetup.exe
検出率: 0 / 55
分析日時: 2015-09-07 07:30:56 UTC (2 年前) 最新を表示
ウイルス対策ソフト 結果 更新日
Ad-Aware 20150907
AegisLab 20150907
Yandex 20150906
AhnLab-V3 20150907
Alibaba 20150902
ALYac 20150907
Antiy-AVL 20150907
Arcabit 20150905
Avast 20150907
AVG 20150907
Avira (no cloud) 20150907
AVware 20150901
Baidu-International 20150906
BitDefender 20150907
Bkav 20150905
ByteHero 20150907
CAT-QuickHeal 20150905
ClamAV 20150907
CMC 20150902
Comodo 20150907
Cyren 20150907
DrWeb 20150907
Emsisoft 20150907
ESET-NOD32 20150907
F-Prot 20150907
F-Secure 20150907
Fortinet 20150907
GData 20150907
Ikarus 20150907
Jiangmin 20150906
K7AntiVirus 20150907
K7GW 20150907
Kingsoft 20150907
Malwarebytes 20150906
McAfee 20150907
McAfee-GW-Edition 20150907
Microsoft 20150907
eScan 20150907
NANO-Antivirus 20150907
nProtect 20150904
Panda 20150906
Qihoo-360 20150907
Rising 20150906
Sophos AV 20150907
SUPERAntiSpyware 20150905
Symantec 20150906
Tencent 20150907
TheHacker 20150907
TrendMicro 20150907
TrendMicro-HouseCall 20150907
VBA32 20150905
VIPRE 20150906
ViRobot 20150907
Zillya 20150905
Zoner 20150907
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (c) 2013 Flexera Software LLC. All Rights Reserved.

Product Aviator
Original name InstallShield Setup.exe
Internal name Setup
File version 2.6
Description Setup Launcher Unicode
Signature verification Signed file, verified signature
Signing date 12:00 AM 1/21/2015
Signers
[+] WhiteHat Security, Inc.
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer DigiCert EV Code Signing CA (SHA2)
Valid from 1:00 AM 3/5/2014
Valid to 1:00 PM 3/9/2016
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 35D8B5D59799242B427DB25B0631FEFBCBA5066D
Serial number 02 BE F9 15 BC 6E 2C 26 95 77 5F 02 E5 BE 7A 6F
[+] DigiCert EV Code Signing CA (SHA2)
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 1:00 PM 4/18/2012
Valid to 1:00 PM 4/18/2027
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 60EE3FC53D4BDFD1697AE5BEAE1CAB1C0F3AD4E3
Serial number 03 F1 B4 E1 5F 3A 82 F1 14 96 78 B3 D7 D8 47 5C
[+] DigiCert
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
Serial number 02 AC 5C 26 6A 0B 40 9B 8F 0B 79 F2 AE 46 25 77
Counter signers
[+] DigiCert Timestamp Responder
Status Valid
Issuer DigiCert Assured ID CA-1
Valid from 1:00 AM 10/22/2014
Valid to 1:00 AM 10/22/2024
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 614D271D9102E30169822487FDE5DE00A352B01D
Serial number 03 01 9A 02 3A FF 58 B1 6B D6 D5 EA E6 17 F0 66
[+] DigiCert Assured ID CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2021
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing
Algorithm sha1RSA
Thumbrint 19A09B5A36F4DD99727DF783C17A51231A56C117
Serial number 06 FD F9 03 96 03 AD EA 00 0A EB 3F 27 BB BA 1B
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbrint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-05-30 05:06:01
Entry Point 0x0006B0CB
Number of sections 4
PE sections
Overlays
MD5 b9808b7343c837c4e4c406943c19a07e
File type data
Offset 1251328
Size 62423984
Entropy 8.00
PE imports
SetSecurityDescriptorOwner
RegCreateKeyExW
RegCloseKey
RegCreateKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW
RegQueryValueExW
SetSecurityDescriptorDacl
OpenProcessToken
RegEnumKeyW
RegOpenKeyW
GetTokenInformation
RegQueryInfoKeyW
RegEnumKeyExW
OpenThreadToken
RegEnumValueW
RegSetValueExW
FreeSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
EqualSid
SetSecurityDescriptorGroup
GetDIBColorTable
GetSystemPaletteEntries
CreateHalftonePalette
GetDeviceCaps
TranslateCharsetInfo
DeleteDC
SetBkMode
CreateFontIndirectW
GetObjectW
BitBlt
RealizePalette
SetTextColor
CreatePalette
GetStockObject
CreateDIBitmap
SelectPalette
UnrealizeObject
CreateCompatibleDC
CreateFontW
SelectObject
CreateSolidBrush
DeleteObject
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
SetEvent
HeapDestroy
GetFileAttributesW
DuplicateHandle
GetLocalTime
HeapAlloc
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
SetErrorMode
FreeEnvironmentStringsW
lstrcatW
GetThreadContext
GetLocaleInfoW
SetStdHandle
GetFileTime
GetCPInfo
GetStringTypeA
GetDiskFreeSpaceW
InterlockedExchange
FindResourceExW
WaitForSingleObject
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
LocalFree
FormatMessageW
ResumeThread
CreateEventW
LoadResource
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
InitializeCriticalSection
CopyFileW
GetUserDefaultLangID
RemoveDirectoryW
IsDebuggerPresent
ExitProcess
VerLanguageNameW
GetModuleFileNameA
LoadLibraryA
QueryPerformanceFrequency
EnumSystemLocalesA
SetConsoleCtrlHandler
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
FatalAppExitA
FlushInstructionCache
GetPrivateProfileStringW
SetFilePointer
CreateThread
MoveFileExW
GetSystemDirectoryW
GetExitCodeThread
SetUnhandledExceptionFilter
MulDiv
SetEnvironmentVariableA
SetThreadContext
TerminateProcess
SearchPathW
WriteConsoleA
SetCurrentDirectoryW
GlobalAlloc
SetEndOfFile
GetVersion
InterlockedIncrement
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
lstrcmpiW
RtlUnwind
GetStartupInfoA
GetDateFormatA
GetWindowsDirectoryW
GetFileSize
WriteProcessMemory
OpenProcess
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
VirtualProtectEx
GetProcessHeap
GetTempFileNameW
CreateFileMappingW
WriteFile
CompareStringW
lstrcpyW
GetModuleFileNameW
ExpandEnvironmentStringsW
lstrcmpA
FindNextFileW
lstrcpyA
GetTimeFormatA
ResetEvent
FindFirstFileW
IsValidLocale
lstrcmpW
GetProcAddress
GetTempPathW
GetCurrentDirectoryW
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
GetCurrentThreadId
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
UnmapViewOfFile
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetTimeFormatW
GetProcessTimes
GetEnvironmentStringsW
GlobalUnlock
VirtualQuery
lstrlenW
Process32NextW
CreateProcessW
SizeofResource
CompareFileTime
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
Process32FirstW
GetCurrentThread
lstrcpynW
GetSystemDefaultLangID
RaiseException
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
lstrcpynA
GetACP
GlobalLock
GetModuleHandleW
TlsGetValue
IsValidCodePage
HeapCreate
FindResourceW
VirtualFree
Sleep
IsBadReadPtr
VirtualAlloc
GetOEMCP
CompareStringA
VarUI4FromStr
VariantChangeType
SysStringLen
SystemTimeToVariantTime
VarBstrFromDate
CreateErrorInfo
SysStringByteLen
VarBstrCat
VariantClear
SysAllocStringLen
SysAllocStringByteLen
SysReAllocStringLen
RegisterTypeLib
SysAllocString
GetErrorInfo
SysFreeString
LoadTypeLib
SetErrorInfo
UuidFromStringW
UuidCreate
UuidToStringW
RpcStringFreeW
SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetMalloc
CommandLineToArgvW
SetFocus
EndPaint
CreateDialogIndirectParamW
IntersectRect
EndDialog
BeginPaint
SetWindowTextW
TranslateMessage
DefWindowProcW
MoveWindow
KillTimer
CharPrevW
PostQuitMessage
ShowWindow
GetMessageW
SetWindowPos
wvsprintfW
GetDesktopWindow
GetSystemMetrics
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
EnableWindow
CharUpperW
GetWindowDC
SendDlgItemMessageW
GetWindow
PostMessageW
GetSysColor
DispatchMessageW
SetActiveWindow
GetDC
CreateDialogParamW
ReleaseDC
GetDlgCtrlID
SendMessageW
RegisterClassW
wsprintfW
SubtractRect
SetTimer
GetDlgItem
GetDlgItemTextW
MessageBoxW
FindWindowW
ClientToScreen
SetRect
CharNextW
LoadImageW
IsDialogMessageW
FillRect
GetClientRect
WaitForInputIdle
SetDlgItemTextW
GetSysColorBrush
DialogBoxIndirectParamW
LoadCursorW
LoadIconW
CreateWindowExW
MsgWaitForMultipleObjects
GetWindowLongW
SetForegroundWindow
DestroyWindow
ExitWindowsEx
SetCursor
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
ProgIDFromCLSID
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoCreateInstance
CoCreateGuid
CoTaskMemRealloc
CLSIDFromProgID
CoInitializeSecurity
GetRunningObjectTable
CoTaskMemFree
StringFromGUID2
CreateItemMoniker
Number of PE resources by type
RT_STRING 25
RT_DIALOG 23
RT_ICON 11
RT_BITMAP 6
RT_GROUP_ICON 3
GIF 2
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 46
ENGLISH US 26
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.6.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Setup Launcher Unicode

CharacterSet
Unicode

InitializedDataSize
534528

InternalBuildNumber
129067

ISInternalVersion
20.0.376

OriginalFileName
InstallShield Setup.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.6

TimeStamp
2013:05:30 06:06:01+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Setup

ProductVersion
2.6

SubsystemVersion
5.0

ISInternalDescription
Setup Launcher Unicode

OSVersion
5.0

EntryPoint
0x6b0cb

FileOS
Win32

LegalCopyright
Copyright (c) 2013 Flexera Software LLC. All Rights Reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
WhiteHat Security, Inc.

CodeSize
715776

ProductName
Aviator

ProductVersionNumber
2.6.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
File identification
MD5 62c79b1b517335bdd712b979b2c68489
SHA1 5bbd79a174874adbc993dd4387a690e50b4bd0d3
SHA256 27185b2b036b829a357c2099ebe133e92454b6c4cf3022803cf4bcb3b1696ade
ssdeep
1572864:KH6zrdwdPIp5sKI11xKIfZIu1WW3v23zqh/MWh3Jwax7sz:KH6zWhIp5hI116g/26MO3Jwdz

authentihash 05825973da3e78d408cef045fd74c86d65631af8f7c701b81d5c5144616f810e
imphash 8716dfcb53e9237687620dc5ebbd5d82
File size 60.7 MB ( 63675312 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (54.3%)
Win64 Executable (generic) (34.8%)
Win32 Executable (generic) (5.6%)
Generic Win/DOS Executable (2.5%)
DOS Executable Generic (2.5%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2015-01-20 23:50:00 UTC (2 年, 8 ヶ月前)
Last submission 2017-06-13 21:03:34 UTC (3 ヶ月, 1 週間前)
ファイル名 InstallShield Setup.exe
AviatorSetup_37.exe
AviatorSetup.exe
AviatorSetup.exe
Setup
aviatorsetup.exe
AviatorSetup.exe
WhiteHat Aviator 37.0.2062.99 (2.6).exe
AviatorSetup.exe
Aviator.exe
620394
AviatorSetup.exe
AviatorSetup.exe
AviatorSetup.exe
AviatorSetup.exe
AviatorSetup.exe
27185b2b036b829a357c2099ebe133e92454b6c4cf3022803cf4bcb3b1696ade
aviator_37.0.2062.99.exe
AviatorSetup(1).exe
AviatorSetup (1).exe
AviatorSetup.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
コメントはありません. この項目について、VirusTotal コミュニティのメンバーはまだ誰もコメントしていません。是非、コメントしてください。

コメントを投稿してください...

?
コメントを投稿

サインインしていません。登録ユーザーのみがコメントを投稿できます。サインインして意見をお聞かせください。

投票はありません. この項目に対してまだ誰も投票していません。是非、投票してください。