× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: 4249bc245d6dfe8d887254095320aea02872fdffc7ffbad2fc5d76844502b564
Имя файла: opera-19-0-1326-63-es-en-br-fr-de-it-cn-jp-ru-pl-cz-dk-fi-in-kr-n...
Показатель выявления: 0 / 55
Дата анализа: 2014-11-21 13:04:14 UTC (3 лет, 1 месяц назад) Показать последний анализ
Антивирус Результат Дата обновления
Ad-Aware 20141121
AegisLab 20141121
Yandex 20141121
AhnLab-V3 20141121
Antiy-AVL 20141121
Avast 20141121
AVG 20141121
Avira (no cloud) 20141121
AVware 20141121
Baidu-International 20141121
BitDefender 20141121
Bkav 20141120
ByteHero 20141121
CAT-QuickHeal 20141121
ClamAV 20141121
CMC 20141121
Comodo 20141121
Cyren 20141121
DrWeb 20141121
Emsisoft 20141121
ESET-NOD32 20141121
F-Prot 20141121
F-Secure 20141121
Fortinet 20141121
GData 20141121
Ikarus 20141121
Jiangmin 20141120
K7AntiVirus 20141121
K7GW 20141121
Kaspersky 20141121
Kingsoft 20141121
Malwarebytes 20141121
McAfee 20141121
McAfee-GW-Edition 20141120
Microsoft 20141121
eScan 20141121
NANO-Antivirus 20141121
Norman 20141121
nProtect 20141121
Panda 20141121
Qihoo-360 20141121
Rising 20141120
Sophos AV 20141121
SUPERAntiSpyware 20141121
Symantec 20141121
Tencent 20141121
TheHacker 20141117
TotalDefense 20141121
TrendMicro 20141121
TrendMicro-HouseCall 20141121
VBA32 20141121
VIPRE 20141121
ViRobot 20141121
Zillya 20141121
Zoner 20141120
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (c) 1999-2008 Opera Software ASA

Product Opera
Original name Opera.exe
Internal name 7ZSfxNew
Description 7z Setup SFX
Signature verification Signed file, verified signature
Signing date 10:41 AM 2/10/2014
Signers
[+] Opera Software ASA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 6/24/2013
Valid to 12:59 AM 2/17/2016
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 7CB612C36E75075967FA28F537C63112CB4E3326
Serial number 15 78 A4 27 84 FC B4 41 6A 9A 6C 03 34 18 CD 06
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT appended, 7Z
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-12-30 08:49:43
Entry Point 0x00012DCF
Number of sections 4
PE sections
Overlays
MD5 b453d52e091e91e8a08e2b386151d785
File type data
Offset 462848
Size 35161104
Entropy 8.00
PE imports
FreeSid
AllocateAndInitializeSid
CheckTokenMembership
GetDeviceCaps
GetCurrentObject
DeleteDC
CreateFontIndirectW
SelectObject
CreateCompatibleBitmap
GetObjectW
SetStretchBltMode
CreateCompatibleDC
DeleteObject
StretchBlt
SetThreadLocale
GetStdHandle
GetDriveTypeW
WaitForSingleObject
LockResource
CreateJobObjectW
GetFileAttributesW
SetInformationJobObject
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetSystemDirectoryW
lstrcatW
GetLocaleInfoW
FindResourceExA
WideCharToMultiByte
GetTempPathW
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
GetExitCodeProcess
LocalFree
FormatMessageW
ResumeThread
InitializeCriticalSection
LoadResource
FindClose
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetModuleFileNameW
ExitProcess
lstrcmpiW
SetProcessWorkingSetSize
GetSystemDefaultLCID
MultiByteToWideChar
SetFilePointer
CreateThread
SetEnvironmentVariableW
GetSystemDefaultUILanguage
GetExitCodeThread
MulDiv
SetCurrentDirectoryW
GlobalAlloc
GetDiskFreeSpaceExW
SetEndOfFile
GetCurrentThreadId
EnterCriticalSection
TerminateThread
lstrcmpiA
GetVersionExW
SetEvent
LoadLibraryA
GetStartupInfoA
GetFileSize
GetStartupInfoW
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
AssignProcessToJobObject
lstrcpyW
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
ResetEvent
FindFirstFileW
lstrcmpW
GetProcAddress
CreateEventW
CreateFileW
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
lstrlenA
GlobalFree
lstrlenW
VirtualFree
GetQueuedCompletionStatus
SizeofResource
CompareFileTime
CreateIoCompletionPort
SetFileTime
GetCommandLineW
SuspendThread
GetModuleHandleA
ReadFile
CloseHandle
GetModuleHandleW
WriteFile
CreateProcessW
Sleep
IsBadReadPtr
VirtualAlloc
strncmp
__p__fmode
malloc
??1type_info@@UAE@XZ
memset
_wcsnicmp
__dllonexit
_controlfp
_except_handler3
??2@YAPAXI@Z
_onexit
_wtol
exit
_XcptFilter
memcmp
__setusermatherr
__p__commode
_acmdln
_CxxThrowException
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
_adjust_fdiv
??3@YAXPAX@Z
free
wcsncmp
__getmainargs
_purecall
_initterm
memmove
memcpy
_beginthreadex
_exit
_EH_prolog
__set_app_type
OleLoadPicture
VariantClear
SysAllocString
SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW
SHGetSpecialFolderPathW
SHGetMalloc
SetFocus
GetParent
EndDialog
DrawTextW
DefWindowProcW
KillTimer
GetMessageW
ShowWindow
MessageBeep
SetWindowPos
wvsprintfW
GetSystemMetrics
SetWindowLongW
IsWindow
GetMenu
GetWindowRect
ClientToScreen
UnhookWindowsHookEx
CharUpperW
MessageBoxA
LoadIconW
GetWindowDC
GetWindow
GetSysColor
PtInRect
DispatchMessageW
CopyImage
ReleaseDC
SendMessageW
GetWindowLongW
DrawIconEx
SetWindowTextW
GetDlgItem
SystemParametersInfoW
LoadImageW
GetDC
ScreenToClient
CallNextHookEx
wsprintfA
SetTimer
CallWindowProcW
GetSystemMenu
DialogBoxIndirectParamW
EnableWindow
GetClientRect
GetWindowTextW
EnableMenuItem
SetWindowsHookExW
GetClassNameA
GetWindowTextLengthW
CreateWindowExW
wsprintfW
GetKeyState
DestroyWindow
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
Number of PE resources by type
RT_ICON 14
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 15
NEUTRAL 1
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.0.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
386560

EntryPoint
0x12dcf

OriginalFileName
Opera.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 1999-2008 Opera Software ASA

TimeStamp
2012:12:30 09:49:43+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
7ZSfxNew

FileDescription
7z Setup SFX

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Opera Software ASA

CodeSize
75776

ProductName
Opera

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Compressed bundles
File identification
MD5 b596d30508aa55c65841efba1ddc7d09
SHA1 2c9fbd4fe90b8ea9d4314912db7542955464f0c2
SHA256 4249bc245d6dfe8d887254095320aea02872fdffc7ffbad2fc5d76844502b564
ssdeep
786432:C3O5P+geVB/2EhFUf3+6xmTF13t8kz1riKa9VP+eaPkfdF:tteVx2EPGxYF13FriKa23YP

authentihash 95cc0412b487c53972b2c613b78a015317e4e862beb5fbaee99b181ede73d617
imphash 1d1577d864d2da06952f7affd8635371
Размер файла 34.0 MБ ( 35623952 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Generic Win/DOS Executable (50.0%)
DOS Executable Generic (49.9%)
Tags
peexe software-collection signed overlay

VirusTotal metadata
First submission 2014-02-13 01:08:15 UTC (3 лет, 11 месяцев назад)
Last submission 2017-09-06 18:54:50 UTC (4 месяцев, 1 неделя назад)
Имена файлов Opera_19.0.1326.63_Setup.exe
opera-19-0-1326-63-es-en-br-fr-de-it-cn-jp-ru-pl-cz-dk-fi-in-kr-no-se-tr-win.exe
Opera_19.0.1326.63_Setup.exe
Opera_19.0.1326.63_Setup (1).exe
Opera_v19.0.1326.63.exe
opera_19.0.1326.63_setup.exe
Opera.exe
Opera_19.0.1326.63_Setup (1).exe
Opera 19.0.1326.63 Final.exe
Opera_19.0.1326.63_Setup.exe
Opera_19.0.1326.63_Setup.exe
Opera_19.0.1326.63_Setup.exe
Opera_19.0.1326.63_Setup.exe
Opera_19.0.1326.63_Setup.exe
Opera_19.0.1326.63_Setup(1).exe
Setup.exe
Opera_19.0.1326.63_Setup.exe
425707
7ZSfxNew
Opera_19.0.1326.63_Setup.exe
Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!