× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: a5225484f2cbde77b58c1395a366ba9c4551e9a061e87eec70fedb6598fc8856
Имя файла: Adaware_Installer.exe
Показатель выявления: 0 / 55
Дата анализа: 2014-12-22 06:21:39 UTC (3 лет, 7 месяцев назад) Показать последний анализ
Антивирус Результат Дата обновления
Ad-Aware 20141222
AegisLab 20141222
Yandex 20141221
AhnLab-V3 20141221
ALYac 20141221
Antiy-AVL 20141221
Avast 20141222
AVG 20141222
Avira (no cloud) 20141221
AVware 20141222
Baidu-International 20141221
BitDefender 20141222
Bkav 20141220
ByteHero 20141222
CAT-QuickHeal 20141219
ClamAV 20141222
CMC 20141218
Comodo 20141222
Cyren 20141222
DrWeb 20141222
Emsisoft 20141222
ESET-NOD32 20141222
F-Prot 20141222
F-Secure 20141221
Fortinet 20141222
GData 20141222
Ikarus 20141222
Jiangmin 20141221
K7AntiVirus 20141219
K7GW 20141220
Kaspersky 20141222
Kingsoft 20141222
Malwarebytes 20141222
McAfee 20141222
McAfee-GW-Edition 20141221
Microsoft 20141222
eScan 20141222
NANO-Antivirus 20141222
Norman 20141221
nProtect 20141219
Panda 20141221
Qihoo-360 20141222
Rising 20141218
Sophos AV 20141222
SUPERAntiSpyware 20141221
Symantec 20141222
Tencent 20141222
TheHacker 20141222
TotalDefense 20141222
TrendMicro 20141222
TrendMicro-HouseCall 20141222
VBA32 20141221
VIPRE 20141222
ViRobot 20141222
Zillya 20141221
Zoner 20141219
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© Lavasoft Limited. All Rights Reserved.

Product Ad-Aware Antivirus
Original name AdAwareWebInstaller.exe
Internal name AdAwareWebInstaller
File version 11,5,202,7299
Description Ad-Aware web installer
Signature verification Signed file, verified signature
Signing date 6:46 AM 2/26/2016
Signers
[+] Lavasoft Limited
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 1/30/2013
Valid to 12:59 AM 2/19/2015
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint C8FC064877686B525B9820360F4B743784DD389B
Serial number 01 51 F1 A5 A7 DA 24 B1 AA 30 00 EE 3B 4D D7 FF
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-18 12:35:57
Entry Point 0x000A19C3
Number of sections 6
PE sections
Overlays
MD5 2729d00bec0b0aa27908414c937607ad
File type data
Offset 1920512
Size 3720
Entropy 7.24
PE imports
RegCreateKeyExW
CryptReleaseContext
RegCloseKey
CryptAcquireContextA
RegSetValueExW
CryptGetHashParam
CryptHashData
CryptDestroyHash
CryptCreateHash
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteObject
DeleteDC
GetStdHandle
GetDriveTypeW
VerifyVersionInfoA
FileTimeToSystemTime
SetEvent
GetDriveTypeA
HeapDestroy
EncodePointer
GetFileAttributesW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
ExpandEnvironmentStringsA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
InterlockedExchange
WriteFile
WaitForSingleObject
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
GetExitCodeProcess
LocalFree
FormatMessageW
ResumeThread
SetWaitableTimer
InitializeCriticalSection
LoadResource
GetStringTypeExW
FindClose
TlsGetValue
FormatMessageA
GetStringTypeExA
SetLastError
PeekNamedPipe
DeviceIoControl
BeginUpdateResourceW
CopyFileW
UpdateResourceW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
VerSetConditionMask
HeapSetInformation
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
CreateThread
SetUnhandledExceptionFilter
CreateMutexW
IsProcessorFeaturePresent
ExitThread
DecodePointer
SetEnvironmentVariableA
WaitForMultipleObjectsEx
TerminateProcess
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
GetProcAddress
SleepEx
WriteConsoleW
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
EndUpdateResourceW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
FreeLibrary
GetDateFormatA
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
CreateFileMappingW
CompareStringW
GetFileSizeEx
RemoveDirectoryW
GetFileInformationByHandle
FindFirstFileExA
InterlockedIncrement
GetTimeFormatA
CreateWaitableTimerA
IsValidLocale
WaitForMultipleObjects
GlobalLock
GetTempPathW
GetTimeZoneInformation
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
HeapCreate
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetProcessTimes
GetEnvironmentStringsW
GlobalUnlock
WaitForSingleObjectEx
lstrlenW
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
InterlockedCompareExchange
RaiseException
ReleaseSemaphore
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
UnmapViewOfFile
FindResourceW
CreateProcessW
Sleep
OpenEventA
ResetEvent
SysAllocStringLen
VariantClear
SysAllocString
VariantCopy
SysFreeString
VariantInit
SHGetFolderPathW
CommandLineToArgvW
MapWindowPoints
GetMonitorInfoW
GetParent
PostQuitMessage
DefWindowProcW
GetMessageW
ShowWindow
SetWindowPos
SetWindowLongW
GetWindowRect
RegisterClassExW
ReleaseCapture
TranslateMessage
GetWindow
PostMessageW
GetDC
CreateWindowExW
GetCursorPos
ReleaseDC
UpdateLayeredWindow
SendMessageW
LoadStringA
LoadStringW
GetClientRect
MonitorFromWindow
ScreenToClient
GetSysColorBrush
LoadCursorW
LoadIconW
DispatchMessageW
GetWindowLongW
SetCursor
HttpQueryInfoW
InternetConnectW
InternetReadFile
InternetCloseHandle
InternetSetOptionW
HttpSendRequestW
InternetOpenW
HttpOpenRequestW
Ord(301)
Ord(50)
Ord(143)
Ord(79)
Ord(60)
Ord(22)
Ord(46)
Ord(41)
Ord(211)
Ord(30)
Ord(200)
Ord(33)
Ord(32)
Ord(26)
Ord(27)
Ord(35)
getaddrinfo
accept
ioctlsocket
WSAStartup
freeaddrinfo
connect
getsockname
htons
getpeername
select
gethostname
getsockopt
closesocket
send
ntohs
WSAGetLastError
listen
__WSAFDIsSet
WSACleanup
WSASetLastError
recv
WSAIoctl
setsockopt
socket
bind
recvfrom
sendto
GdipGetImageHeight
GdipCreateSolidFill
GdipSetSmoothingMode
GdiplusShutdown
GdipDeleteFontFamily
GdipDisposeImage
GdipCreatePath
GdiplusStartup
GdipDeleteGraphics
GdipFillPath
GdipCreateBitmapFromStream
GdipCreateFromHDC
GdipAddPathStringI
GdipGetImageWidth
GdipAlloc
GdipDrawImageRectI
GdipDeletePath
GdipFillRectangleI
GdipCloneBrush
GdipFree
GdipCreateFontFamilyFromName
GdipDeleteBrush
GdipCloneImage
CoInitializeEx
CoCreateInstance
CoUninitialize
CoSetProxyBlanket
CreateStreamOnHGlobal
Number of PE resources by type
RT_ICON 6
PNG 5
RT_MANIFEST 1
UPDATE_SERVER 1
DOWNLOAD 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 16
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
11.5.202.7299

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
838144

EntryPoint
0xa19c3

OriginalFileName
AdAwareWebInstaller.exe

MIMEType
application/octet-stream

LegalCopyright
Lavasoft Limited. All Rights Reserved.

FileVersion
11,5,202,7299

TimeStamp
2014:12:18 13:35:57+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
AdAwareWebInstaller

ProductVersion
11,5,202,7299

FileDescription
Ad-Aware web installer

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Lavasoft

CodeSize
1081344

ProductName
Ad-Aware Antivirus

ProductVersionNumber
11.5.202.7299

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 e1d1aaf554e698c693874df13764c668
SHA1 a7eadacca61eaa5e906bd9d981b2320024c41e91
SHA256 a5225484f2cbde77b58c1395a366ba9c4551e9a061e87eec70fedb6598fc8856
ssdeep
49152:GuhKIw1S5Epe/dtD/qhvoBlqAVh+wQQBNlDQh:GmfDYoBjh+r

authentihash afc172fe821e8bfaa84c63066ba5f135b3c22afe9350fc861439943075be0fa6
imphash a17c8fd3726fddbe026ac75d4012a8d4
Размер файла 1.8 MБ ( 1924232 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2014-12-19 17:54:59 UTC (3 лет, 7 месяцев назад)
Last submission 2016-02-26 05:44:56 UTC (2 лет, 4 месяцев назад)
Имена файлов Adaware_Installer.exe
adaware_installer.exe
AdAwareWebInstaller.exe
Adaware_Installer_11.exe
AdAwareWebInstaller
Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests