× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: 98129cd06001873ca0f8fc9cd1d6586ee6af7d14f236d0841f8fc9b45c016557
Имя файла: GOMPLAYERRUSETUP.EXE
Показатель выявления: 0 / 57
Дата анализа: 2015-03-08 11:45:03 UTC (4 лет назад) Показать последний анализ
Антивирус Результат Дата обновления
Ad-Aware 20150308
AegisLab 20150308
Yandex 20150307
AhnLab-V3 20150308
Alibaba 20150308
ALYac 20150308
Antiy-AVL 20150308
Avast 20150308
AVG 20150308
Avira (no cloud) 20150307
AVware 20150308
Baidu-International 20150308
BitDefender 20150308
Bkav 20150306
ByteHero 20150308
CAT-QuickHeal 20150307
ClamAV 20150308
CMC 20150304
Comodo 20150308
Cyren 20150308
DrWeb 20150308
Emsisoft 20150308
ESET-NOD32 20150308
F-Prot 20150308
F-Secure 20150308
Fortinet 20150308
GData 20150308
Ikarus 20150308
Jiangmin 20150306
K7AntiVirus 20150308
K7GW 20150308
Kaspersky 20150308
Kingsoft 20150308
Malwarebytes 20150308
McAfee 20150308
McAfee-GW-Edition 20150308
Microsoft 20150308
eScan 20150308
NANO-Antivirus 20150308
Norman 20150308
nProtect 20150306
Panda 20150308
Qihoo-360 20150308
Rising 20150307
Sophos AV 20150308
SUPERAntiSpyware 20150308
Symantec 20150308
Tencent 20150308
TheHacker 20150306
TotalDefense 20150308
TrendMicro 20150308
TrendMicro-HouseCall 20150308
VBA32 20150306
VIPRE 20150308
ViRobot 20150308
Zillya 20150306
Zoner 20150306
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright(C) Since 2003 Gretech Corporation.

Product GOM Player
File version 2.2
Description GOM Player Setup File
Comments GOM Player Setup File (2015-02-04 17:09:27)
Signature verification Signed file, verified signature
Signing date 10:15 AM 2/4/2015
Signers
[+] GRETECH
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 12:00 AM 05/02/2013
Valid to 11:59 PM 06/01/2015
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 96CF7E64DC718208746BDBA852A813BF391CE9D7
Serial number 78 A2 25 5D 0A B2 83 A4 DC 76 EF 94 B2 50 B7 ED
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 12:00 AM 02/08/2010
Valid to 11:59 PM 02/07/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 12:00 AM 11/08/2006
Valid to 11:59 PM 07/16/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 12:00 AM 10/18/2012
Valid to 11:59 PM 12/29/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 12/21/2012
Valid to 11:59 PM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 01/01/1997
Valid to 11:59 PM 12/31/2020
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT NSIS, appended, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-12-05 22:50:46
Entry Point 0x0000323C
Number of sections 5
PE sections
Overlays
MD5 437bf1fa39b72b5e3dfb2a044c264f20
File type data
Offset 100352
Size 18470736
Entropy 8.00
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
RegDeleteValueA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SetBkMode
CreateBrushIndirect
CreateFontIndirectA
SelectObject
SetBkColor
DeleteObject
SetTextColor
GetLastError
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
ExitProcess
SetFileTime
GlobalUnlock
GetModuleFileNameA
LoadLibraryA
GetShortPathNameA
GetCurrentProcess
LoadLibraryExA
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GlobalLock
SetFileAttributesA
SetFilePointer
GetTempPathA
CreateThread
lstrcmpiA
GetModuleHandleA
lstrcmpA
ReadFile
WriteFile
FindFirstFileA
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
RemoveDirectoryA
GetSystemDirectoryA
GetDiskFreeSpaceA
ExpandEnvironmentStringsA
GetFullPathNameA
FreeLibrary
MoveFileA
CreateProcessA
GlobalAlloc
SearchPathA
FindClose
Sleep
CreateFileA
GetTickCount
GetVersion
GetProcAddress
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
SHFileOperationA
EmptyClipboard
GetMessagePos
EndPaint
CharPrevA
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
SetWindowTextA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
ScreenToClient
SetDlgItemTextA
MessageBoxIndirectA
LoadImageA
GetDlgItemTextA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
FindWindowExA
SystemParametersInfoA
CreatePopupMenu
wsprintfA
DialogBoxParamA
SetClipboardData
IsWindowVisible
GetClassInfoA
SetForegroundWindow
GetClientRect
CreateWindowExA
GetDlgItem
CreateDialogParamA
DrawTextA
EnableMenuItem
RegisterClassA
InvalidateRect
GetWindowLongA
SendMessageTimeoutA
SetTimer
LoadCursorA
TrackPopupMenu
SendMessageA
FillRect
ShowWindow
OpenClipboard
CharNextA
CallWindowProcA
GetSystemMenu
EnableWindow
CloseClipboard
DestroyWindow
ExitWindowsEx
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_DIALOG 7
RT_ICON 7
RT_MANIFEST 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 18
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
GOM Player Setup File (2015-02-04 17:09:27)

LinkerVersion
6.0

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
2.2.67.5221

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
GOM Player Setup File

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
ASCII

InitializedDataSize
119808

EntryPoint
0x323c

MIMEType
application/octet-stream

LegalCopyright
Copyright(C) Since 2003 Gretech Corporation.

FileVersion
2.2

TimeStamp
2009:12:05 23:50:46+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
2.2.67.5221

UninitializedDataSize
1024

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Gretech Corporation

CodeSize
23552

ProductName
GOM Player

ProductVersionNumber
2.2.67.5221

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 ea5be730613f3eceac3323e1d053ded5
SHA1 9ef2c8b9d67568b0ae21232674aaea0bdf6d6bd2
SHA256 98129cd06001873ca0f8fc9cd1d6586ee6af7d14f236d0841f8fc9b45c016557
ssdeep
393216:iKvfDpXhayQnLY//Stlg1Qfh8lgj0kIW1ep0vzcCovIP+IxqZq8O8Z7q:iKvfD1QM6N8lWz1eCvglAtxqo87q

authentihash 28b460698a5474abc937b3443db24d25a522a70f630c19deaa1f882354e7d7cf
imphash 099c0646ea7282d232219f8807883be0
Размер файла 17.7 MБ ( 18571088 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID NSIS - Nullsoft Scriptable Install System (98.7%)
Win32 Executable (generic) (0.5%)
OS/2 Executable (generic) (0.2%)
Generic Win/DOS Executable (0.2%)
DOS Executable Generic (0.2%)
Tags
nsis peexe via-tor signed overlay

VirusTotal metadata
First submission 2015-02-04 14:47:32 UTC (4 лет, 1 месяц назад)
Last submission 2018-12-24 10:17:58 UTC (3 месяцев назад)
Имена файлов GOMPLAYERRUSETUP.EXE
GOMPLAYERRUSETUP =1.EXE
GOMPLAYERRUSETUP.exe
GOMPLAYERRUSETUP (1).EXE
GOMPlayer.EXE
GOMPLAYERRUSETUP v.2.2.67.5221.EXE
GOMPLAYERRUSETUP.EXE
GOMPLAYERRUSETUP(2).EXE
2.EXE
GOM_Player_Rus_Setup.exe
GOMPLAYERRUSETUP_качественная версия.EXE
GOMPLAYERRUSETUP=офсайт=Rus = 2-56-W32.HfsAdware.5CF8-SWF.Exploit.Kit-434=.EXE
GOMPLAYERRUSETUP.EXE
GOMPLAYERRUSETUP.EXE
GrLauncherTempSetup.exe
78_GOMPLAYERRUSETUP.EXE
GrLauncherTempSetup.exe
Gom Player 2.2.67.5221.EXE
98129cd06001873ca0f8fc9cd1d6586ee6af7d14f236d0841f8fc9b45c016557
GOMPLAYERRUSETUP2.2.67.5221.EXE
GOMPLAYERRUSETUP=офсайт=.EXE
GOMPLAYERRUSETUP.EXE_EA-5B-E7-30-61-3F-3E-CE-AC-33-23-E1-D0-53-DE-D5.EXE
GOMPLAYERRUSETUP =3.EXE
GOMPLAYERRUSETUP = GOM Player 2.2.62.5205 =.EXE
GOMPLAYERRUSETUP = GOM Player 2.2.69.5228 Rus.EXE
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V1202.

Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications