× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: 08227da8f9f5e55ecd5f02a05eb71514b1558005987bd2c29bba26dc44e95591
Имя файла: WIFI_setup.exe
Показатель выявления: 3 / 54
Дата анализа: 2016-02-05 10:06:41 UTC (3 лет, 1 месяц назад) Показать последний анализ
Антивирус Результат Дата обновления
AegisLab W32.Sality 20160205
DrWeb Adware.Mutabaha.789 20160205
Jiangmin Adware.Agent.fxg 20160205
Ad-Aware 20160205
Yandex 20160204
AhnLab-V3 20160204
Alibaba 20160204
ALYac 20160205
Antiy-AVL 20160205
Arcabit 20160205
Avast 20160205
AVG 20160205
Avira (no cloud) 20160205
Baidu-International 20160204
BitDefender 20160205
Bkav 20160204
ByteHero 20160205
CAT-QuickHeal 20160205
ClamAV 20160204
CMC 20160205
Comodo 20160204
Cyren 20160205
Emsisoft 20160205
ESET-NOD32 20160205
F-Prot 20160129
F-Secure 20160205
Fortinet 20160205
GData 20160205
Ikarus 20160205
K7AntiVirus 20160205
K7GW 20160205
Kaspersky 20160205
Malwarebytes 20160205
McAfee 20160205
McAfee-GW-Edition 20160205
Microsoft 20160205
eScan 20160205
NANO-Antivirus 20160205
nProtect 20160205
Panda 20160204
Qihoo-360 20160205
Rising 20160205
Sophos AV 20160205
SUPERAntiSpyware 20160205
Symantec 20160204
Tencent 20160205
TheHacker 20160203
TrendMicro 20160205
TrendMicro-HouseCall 20160205
VBA32 20160204
VIPRE 20160205
ViRobot 20160205
Zillya 20160204
Zoner 20160205
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright 2015 RAFO TECHNOLOGY INC. All rights reserved.

File version 1.0.10.26158
Description installer
Comments ComentsComentsComentsComentsComentsComents
Signature verification Signed file, verified signature
Signing date 9:51 AM 5/28/2015
Signers
[+] RAFO TECHNOLOGY INC
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer GlobalSign CodeSigning CA - G2
Valid from 05:50 AM 03/18/2015
Valid to 05:50 AM 03/18/2016
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 171C42C04E4284C4A53939CACF5708FF03A75CA4
Serial number 11 21 30 B8 7F 4F 08 7E 63 E0 D3 D6 DC 5F 09 3C 07 29
[+] GlobalSign CodeSigning CA - G2
Status Valid
Issuer GlobalSign Root CA
Valid from 09:00 AM 04/13/2011
Valid to 09:00 AM 04/13/2019
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 9000401777DD2B43393D7B594D2FF4CBA4516B38
Serial number 04 00 00 00 00 01 2F 4E E1 35 5C
[+] GlobalSign Root CA - R1
Status Valid
Issuer GlobalSign Root CA
Valid from 11:00 AM 09/01/1998
Valid to 12:00 PM 01/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbprint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 11:00 PM 10/17/2012
Valid to 11:59 PM 12/29/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 12/21/2012
Valid to 11:59 PM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 01/01/1997
Valid to 11:59 PM 12/31/2020
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT 7Z
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-11-19 13:00:46
Entry Point 0x0001238F
Number of sections 4
PE sections
Overlays
MD5 bc4d460d109bdee7fea8a3f82df3752b
File type data
Offset 292352
Size 3719456
Entropy 8.00
PE imports
GetDeviceCaps
GetCurrentObject
DeleteDC
CreateFontIndirectW
SelectObject
StretchBlt
GetObjectW
SetStretchBltMode
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetUserDefaultUILanguage
SetThreadLocale
GetLastError
InitializeCriticalSection
GetStdHandle
GetDriveTypeW
ReadFile
TerminateThread
lstrlenA
lstrcmpiA
GlobalFree
WaitForSingleObject
GetVersionExW
SetEvent
ExitProcess
SystemTimeToFileTime
lstrcpyW
LoadLibraryA
GetCommandLineW
lstrcmpiW
GetLocalTime
DeleteCriticalSection
GetStartupInfoA
EnterCriticalSection
SizeofResource
CompareFileTime
GetDiskFreeSpaceExW
GetFileSize
SetLastError
LockResource
SetFileTime
lstrlenW
CreateThread
GetSystemDefaultLCID
MultiByteToWideChar
SetEnvironmentVariableW
CreateDirectoryW
DeleteFileW
GetProcAddress
SuspendThread
GetModuleFileNameW
SetFilePointer
FindResourceExA
SetFileAttributesW
GetSystemDirectoryW
WideCharToMultiByte
RemoveDirectoryW
ExpandEnvironmentStringsW
GetSystemDefaultUILanguage
FindNextFileW
WriteFile
MulDiv
GetSystemTimeAsFileTime
FindClose
FindFirstFileW
GlobalMemoryStatusEx
lstrcmpW
WaitForMultipleObjects
GetModuleHandleW
LocalFree
FormatMessageW
ResumeThread
CreateEventW
GetExitCodeThread
ResetEvent
SetCurrentDirectoryW
LoadResource
GetTempPathW
CreateFileW
GlobalAlloc
VirtualFree
GetFileAttributesW
lstrcatW
Sleep
IsBadReadPtr
SetEndOfFile
LeaveCriticalSection
VirtualAlloc
GetEnvironmentVariableW
GetModuleHandleA
CloseHandle
strncmp
__p__fmode
malloc
??1type_info@@UAE@XZ
memset
_wcsnicmp
__dllonexit
_controlfp
_except_handler3
??2@YAPAXI@Z
_onexit
exit
_XcptFilter
memcmp
__setusermatherr
_adjust_fdiv
_acmdln
_CxxThrowException
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
__p__commode
??3@YAXPAX@Z
memcpy
free
__getmainargs
_purecall
_wtol
memmove
wcscpy
_beginthreadex
_initterm
_exit
__set_app_type
OleLoadPicture
VariantClear
SysAllocString
SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW
SHGetSpecialFolderPathW
SHGetMalloc
SetFocus
ClientToScreen
GetParent
EndDialog
SystemParametersInfoW
DefWindowProcW
KillTimer
GetMessageW
ShowWindow
MessageBeep
SetWindowPos
GetClassNameA
wvsprintfW
GetSystemMetrics
SetWindowLongW
IsWindow
GetMenu
GetWindowRect
EnableWindow
GetDC
CharUpperW
MessageBoxA
LoadIconW
GetWindowDC
GetWindow
GetSysColor
DispatchMessageW
GetKeyState
ReleaseDC
SendMessageW
GetWindowLongW
DrawIconEx
GetClientRect
GetDlgItem
DrawTextW
CallWindowProcW
EnableMenuItem
ScreenToClient
wsprintfA
SetTimer
LoadImageW
DialogBoxIndirectParamW
SetWindowTextW
GetWindowTextW
GetSystemMenu
GetWindowTextLengthW
CreateWindowExW
wsprintfW
CopyImage
DestroyWindow
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
Number of PE resources by type
RT_ICON 13
RT_DIALOG 5
RT_MANIFEST 1
IMAGES 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 14
ENGLISH US 7
CHINESE SIMPLIFIED 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

Comments
ComentsComentsComentsComentsComentsComents

LinkerVersion
8.0

ImageVersion
0.0

FileVersionNumber
1.0.10.26158

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x003f

FileDescription
installer

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Chinese (Simplified)

InitializedDataSize
219136

EntryPoint
0x1238f

MIMEType
application/octet-stream

LegalCopyright
Copyright 2015 RAFO TECHNOLOGY INC. All rights reserved.

FileVersion
1.0.10.26158

TimeStamp
2010:11:19 14:00:46+01:00

FileType
Win32 EXE

PEType
PE32

TNameProductNameProductName
TProductVersion

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
RAFO TECHNOLOGY INC

Sreserved
d.

CodeSize
72192

FileSubtype
0

ProductVersionNumber
1.0.10.26158

Warning
Possibly corrupt Version resource

FileTypeExtension
exe

ObjectFileType
Unknown

Compressed bundles
File identification
MD5 4f806fca550a84ae1279877498c5ded7
SHA1 988dacf73dd1a6dac11a9473a8bdeacc43cc34d2
SHA256 08227da8f9f5e55ecd5f02a05eb71514b1558005987bd2c29bba26dc44e95591
ssdeep
98304:34T2UKIbKo40+ZFsf0JcmwQjykCSjbDpWdc8SXuxh:IT2v+KoDapyknLUe8VH

authentihash adeaf1970cf94a0dd13102cb978516ba6a2adac3fd777165d97b6ea798ee1ac0
imphash 0623f5db00daeb7e7d209f48f21ec2ff
Размер файла 3.8 MБ ( 4011808 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Microsoft Visual C++ compiled executable (generic) (73.2%)
OS/2 Executable (generic) (8.9%)
Generic Win/DOS Executable (8.8%)
DOS Executable Generic (8.8%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2015-05-30 11:53:18 UTC (3 лет, 9 месяцев назад)
Last submission 2018-05-24 01:03:17 UTC (10 месяцев назад)
Имена файлов WIFI_setup.exe
WIFI_setup (1).exe
WIFI_setup.exe
wifi_setup.exe
WIFI_setup.exe
1T9DoVTX.jar
WIFI_setup.ex0
WIFI_setup.exe
701653
WIFI_setup.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V0129.

Symantec reputation Suspicious.Insight
Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.