× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: 665c6a388bb3080dc0615d753e06fbdfac086b1094fd8bd5a903148f744385e4
Имя файла: Coowon Update Setup
Показатель выявления: 2 / 65
Дата анализа: 2018-01-18 01:50:20 UTC (4 месяцев, 1 неделя назад)
Антивирус Результат Дата обновления
Bkav W32.HfsAdware.41FC 20180117
Palo Alto Networks (Known Signatures) generic.ml 20180118
Ad-Aware 20180117
AegisLab 20180118
AhnLab-V3 20180117
Alibaba 20180117
ALYac 20180117
Antiy-AVL 20180117
Arcabit 20180118
Avast 20180118
Avast-Mobile 20180117
AVG 20180118
Avira (no cloud) 20180118
AVware 20180103
Baidu 20180117
BitDefender 20180118
CAT-QuickHeal 20180117
ClamAV 20180117
CMC 20180116
Comodo 20180118
CrowdStrike Falcon (ML) 20171016
Cybereason None
Cylance 20180118
Cyren 20180118
DrWeb 20180118
eGambit 20180118
Emsisoft 20180118
Endgame 20171130
ESET-NOD32 20180118
F-Prot 20180118
Fortinet 20180118
GData 20180118
Ikarus 20180117
Sophos ML 20170914
Jiangmin 20180117
K7AntiVirus 20180117
K7GW 20180118
Kaspersky 20180118
Kingsoft 20180118
Malwarebytes 20180118
MAX 20180118
McAfee 20180117
McAfee-GW-Edition 20180117
Microsoft 20180118
eScan 20180118
NANO-Antivirus 20180117
nProtect 20180118
Panda 20180117
Qihoo-360 20180118
Rising 20180117
SentinelOne (Static ML) 20180115
Sophos AV 20180118
SUPERAntiSpyware 20180118
Symantec 20180117
Symantec Mobile Insight 20180117
Tencent 20180118
TheHacker 20180115
TotalDefense 20180117
TrendMicro 20180118
TrendMicro-HouseCall 20180117
Trustlook 20180118
VBA32 20180117
VIPRE 20180118
ViRobot 20180118
Webroot 20180118
Yandex 20180112
Zillya 20180117
ZoneAlarm by Check Point 20180117
Zoner 20180118
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 2013 Coowon.

Product Coowon Update
Original name CoowonUpdateSetup.exe
Internal name Coowon Update Setup
File version 1.3.33.0
Description Coowon Update Setup
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 3:10 AM 1/18/2018
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-11-20 03:34:49
Entry Point 0x00004060
Number of sections 5
PE sections
Overlays
MD5 4a75e183446fd7a4929da94c7bea7911
File type data
Offset 750080
Size 4368
Entropy 7.28
PE imports
GetStdHandle
WaitForSingleObject
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
FreeEnvironmentStringsW
GetCPInfo
GetStringTypeA
InterlockedExchange
FindResourceExW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
LocalFree
FormatMessageW
InitializeCriticalSection
LoadResource
InterlockedDecrement
SetLastError
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointerEx
SetFilePointer
SetUnhandledExceptionFilter
TerminateProcess
VirtualQuery
GetCurrentThreadId
InterlockedIncrement
HeapFree
EnterCriticalSection
SetHandleCount
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GetTempFileNameW
CreateFileMappingW
WriteFile
RemoveDirectoryW
GetTempPathW
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
HeapCreate
LCMapStringA
GetThreadLocale
GetEnvironmentStringsW
lstrlenW
VirtualFree
GetEnvironmentStrings
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
SizeofResource
IsValidCodePage
UnmapViewOfFile
FindResourceW
CreateProcessW
Sleep
VirtualAlloc
PathQuoteSpacesW
wvsprintfW
CharLowerBuffW
MessageBoxW
UnregisterClassA
CoInitializeEx
CoUninitialize
Number of PE resources by type
RT_STRING 47
RT_ICON 6
B 1
GOOGLEUPDATE 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 9
NEUTRAL 3
HEBREW DEFAULT 1
SWEDISH 1
TELUGU DEFAULT 1
VIETNAMESE DEFAULT 1
ESTONIAN DEFAULT 1
TAMIL DEFAULT 1
FRENCH 1
SLOVENIAN DEFAULT 1
INDONESIAN DEFAULT 1
GUJARATI DEFAULT 1
DUTCH 1
MARATHI DEFAULT 1
ITALIAN 1
URDU PAKISTAN 1
CATALAN DEFAULT 1
FINNISH DEFAULT 1
KANNADA DEFAULT 1
FARSI DEFAULT 1
PORTUGUESE BRAZILIAN 1
HINDI DEFAULT 1
TURKISH DEFAULT 1
KOREAN 1
MALAY MALAYSIA 1
CZECH DEFAULT 1
HUNGARIAN DEFAULT 1
LITHUANIAN 1
GERMAN 1
ICELANDIC DEFAULT 1
BULGARIAN DEFAULT 1
POLISH DEFAULT 1
JAPANESE DEFAULT 1
DANISH DEFAULT 1
SWAHILI DEFAULT 1
SLOVAK DEFAULT 1
BENGALI DEFAULT 1
GREEK DEFAULT 1
UKRAINIAN DEFAULT 1
LATVIAN DEFAULT 1
NORWEGIAN BOKMAL 1
CHINESE TRADITIONAL 1
THAI DEFAULT 1
SERBIAN DEFAULT 1
ARABIC SAUDI ARABIA 1
ROMANIAN 1
RUSSIAN 1
MALAYALAM DEFAULT 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.3.33.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
687104

EntryPoint
0x4060

OriginalFileName
CoowonUpdateSetup.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2013 Coowon.

FileVersion
1.3.33.0

LanguageId
en

TimeStamp
2013:11:20 04:34:49+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Coowon Update Setup

ProductVersion
1.3.33.0

FileDescription
Coowon Update Setup

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Coowon.

CodeSize
61952

ProductName
Coowon Update

ProductVersionNumber
1.3.33.0

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Execution parents
Compressed bundles
File identification
MD5 171d610bbd9aec0c9d0ededce1293982
SHA1 956c91b59c7a3a685801d548ebebfd662e52e368
SHA256 665c6a388bb3080dc0615d753e06fbdfac086b1094fd8bd5a903148f744385e4
ssdeep
12288:txT1THAj03WmVaU8SCB8HLXcZ9Fq7PUx/YlwGDktOibMYcdQXgsMSt1WT8ohb+kq:tEj035VavSI8HLXcY7PM/YqfM1YggoBo

authentihash 855b8de0d91c3fc0432a314deaa37ca09b65ffd3ecfcf7200b1e5d655a7a8d39
imphash 2f5b3b21168a5253ed01c53d8b2d929b
Размер файла 736.8 KБ ( 754448 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe via-tor overlay

VirusTotal metadata
First submission 2014-01-07 08:10:28 UTC (4 лет, 4 месяцев назад)
Last submission 2017-10-09 19:29:53 UTC (7 месяцев, 2 недель назад)
Имена файлов coowon_online_installer.exe
437700
665c6a388bb3080dc0615d753e06fbdfac086b1094fd8bd5a903148f744385e4.exe.000
67148183
coowon_1.6.8.0 (1).exe
20219908
coowon_online_installer.ex_.gz.bin
coowon_1.6.8.0.exe
CoowonUpdateSetup.exe
466-coowon_online_installer.exe
coowon_online_installer.exe
coowon_online_installer.exe
coowon_online_installer.exe
M162.mal
coowon_online_installer.exe
240-coowon_online_installer.exe
665c6a388bb3080dc0615d753e06fbdfac086b1094fd8bd5a903148f744385e4
Coowon Update Setup
coowon_online_installer.exe.part
output.20219908.txt
171d610bbd9aec0c9d0ededce1293982.exe
Coowon-Browser1540.exe
coowon_online_installer.exe
coowon_online_installer.exe
M162.mal
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications