× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: 9d60a3e56a39f4aaeb37ad9b7e5b3eea643f6515c9199e8e32bfd9bc7190549f
Имя файла: WP_Textures.exe
Показатель выявления: 3 / 55
Дата анализа: 2015-08-08 11:39:00 UTC (3 лет, 8 месяцев назад) Показать последний анализ
Антивирус Результат Дата обновления
Bkav W32.Fraujuliz.Trojan 20150807
ByteHero Virus.Win32.Part.a 20150808
Kaspersky P2P-Worm.Win32.Palevo.hrcb 20150808
Ad-Aware 20150808
AegisLab 20150808
Yandex 20150807
AhnLab-V3 20150808
Alibaba 20150803
ALYac 20150810
Antiy-AVL 20150808
Arcabit 20150808
Avast 20150808
AVG 20150810
Avira (no cloud) 20150808
AVware 20150810
Baidu-International 20150810
BitDefender 20150808
CAT-QuickHeal 20150807
ClamAV 20150806
Comodo 20150808
Cyren 20150808
DrWeb 20150808
Emsisoft 20150808
ESET-NOD32 20150808
F-Prot 20150810
F-Secure 20150807
Fortinet 20150808
GData 20150808
Ikarus 20150808
Jiangmin 20150807
K7AntiVirus 20150808
K7GW 20150808
Kingsoft 20150808
Malwarebytes 20150808
McAfee 20150808
McAfee-GW-Edition 20150808
Microsoft 20150808
eScan 20150808
NANO-Antivirus 20150808
nProtect 20150807
Panda 20150808
Qihoo-360 20150808
Rising 20150807
Sophos AV 20150808
SUPERAntiSpyware 20150808
Symantec 20150810
Tencent 20150808
TheHacker 20150807
TrendMicro 20150810
TrendMicro-HouseCall 20150810
VBA32 20150807
VIPRE 20150808
ViRobot 20150808
Zillya 20150810
Zoner 20150808
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Setup Engine Copyright © 2004 Indigo Rose Corporation

Product Setup Factory 7.0 Runtime
Original name suf70_launch.exe
Internal name suf70_launch
File version 7.0.4.0
Description Setup Application
Comments Created with Setup Factory 7.0
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-04-11 14:52:41
Entry Point 0x00001D9D
Number of sections 4
PE sections
Overlays
MD5 04c41ae473b96ddedbb9201e3b8bd1ad
File type data
Offset 69632
Size 5900687
Entropy 7.84
PE imports
GetLastError
GetEnvironmentVariableA
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
GetStartupInfoA
LoadLibraryA
lstrlenA
GetFileAttributesA
GetExitCodeProcess
LCMapStringA
HeapReAlloc
HeapDestroy
ExitProcess
TlsAlloc
GetVersionExA
GetEnvironmentStringsW
GetTempPathA
RemoveDirectoryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
GetCurrentProcess
_lwrite
GetEnvironmentStrings
lstrcatA
CreateDirectoryA
DeleteFileA
GetCurrentDirectoryA
UnhandledExceptionFilter
InterlockedDecrement
_llseek
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
_lread
GetModuleHandleA
_lclose
WideCharToMultiByte
lstrcmpiA
GetStringTypeA
_lcreat
lstrcpyA
_lopen
CloseHandle
GetACP
GetDiskFreeSpaceA
GetStringTypeW
GetCurrentThreadId
GetOEMCP
TerminateProcess
CreateProcessA
SetHandleCount
InitializeCriticalSection
HeapCreate
WriteFile
VirtualFree
TlsGetValue
GetFileType
MultiByteToWideChar
TlsSetValue
HeapAlloc
GetVersion
InterlockedIncrement
VirtualAlloc
SetCurrentDirectoryA
SetLastError
LeaveCriticalSection
wsprintfA
LoadCursorA
DispatchMessageA
MessageBoxA
PeekMessageA
MsgWaitForMultipleObjects
TranslateMessage
SetCursor
Number of PE resources by type
RT_ICON 9
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 11
PE resources
ExifTool file metadata
LegalTrademarks
Setup Factory is a trademark of Indigo Rose Corporation.

SubsystemVersion
4.0

Comments
Created with Setup Factory 7.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.0.4.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Setup Application

CharacterSet
Windows, Latin1

InitializedDataSize
49152

EntryPoint
0x1d9d

OriginalFileName
suf70_launch.exe

MIMEType
application/octet-stream

LegalCopyright
Setup Engine Copyright 2004 Indigo Rose Corporation

FileVersion
7.0.4.0

TimeStamp
2005:04:11 15:52:41+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
suf70_launch

ProductVersion
7.0.4.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
20480

ProductName
Setup Factory 7.0 Runtime

ProductVersionNumber
7.0.4.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 9aa517162635e00ae9cd6328eeb749ab
SHA1 e2bb0a054e4bcbca61017087bacfe378d84048de
SHA256 9d60a3e56a39f4aaeb37ad9b7e5b3eea643f6515c9199e8e32bfd9bc7190549f
ssdeep
98304:MZSiBmM7+Lo81N1I6MmMB/KLVZ0ZkF9xeLL7D3:MsiBmMwosN1/MmMAVsD

authentihash fd876221f0041636f28723125ae4156286ad4a0a360eb06bd207f08fc2388d88
imphash a24e57cfb1e35030a9b4252bf1fa8b4b
Размер файла 5.7 MБ ( 5970319 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (30.4%)
Win64 Executable (generic) (26.9%)
Win32 EXE Yoda's Crypter (25.9%)
Win32 Dynamic Link Library (generic) (6.4%)
Win32 Executable (generic) (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-08-08 11:39:00 UTC (3 лет, 8 месяцев назад)
Last submission 2018-04-19 16:21:29 UTC (1 год назад)
Имена файлов suf70_launch.exe
suf70_launch
WP_Textures.exe
Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.