× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: f9cf6bea195ea805e5cc790ef7bbf200effcc83973cf86ac70493c76f8e87b69
Имя файла: Setup.exe
Показатель выявления: 1 / 47
Дата анализа: 2014-01-08 22:10:31 UTC (4 лет, 10 месяцев назад) Показать последний анализ
Антивирус Результат Дата обновления
TrendMicro-HouseCall HV_FAKEAV_CI193F48.RDXN 20140108
Ad-Aware 20140108
Yandex 20140108
AhnLab-V3 20140108
AntiVir 20140108
Antiy-AVL 20140108
Avast 20140108
AVG 20140108
Baidu-International 20131213
BitDefender 20140108
Bkav 20140108
ByteHero 20131226
CAT-QuickHeal 20140108
ClamAV 20140108
Commtouch 20140108
Comodo 20140108
DrWeb 20140108
Emsisoft 20140108
ESET-NOD32 20140108
F-Prot 20140108
Fortinet 20140108
GData 20140108
Ikarus 20140108
Jiangmin 20140108
K7AntiVirus 20140108
K7GW 20140108
Kaspersky 20140108
Kingsoft 20130829
Malwarebytes 20140108
McAfee 20140108
McAfee-GW-Edition 20140108
Microsoft 20140108
eScan 20140108
NANO-Antivirus 20140108
Norman 20140108
nProtect 20140108
Panda 20140108
Rising 20140107
Sophos AV 20140108
SUPERAntiSpyware 20140108
Symantec 20140107
TheHacker 20140108
TotalDefense 20140108
TrendMicro 20140108
VBA32 20140105
VIPRE 20140108
ViRobot 20140108
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
StranikS_Scan

Product Setup
File version 1.1.4.40
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x001836F0
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
RegFlushKey
ImageList_Add
SaveDC
CoCreateGuid
VariantCopy
SHGetMalloc
VerQueryValueA
Number of PE resources by type
RT_STRING 20
RT_BITMAP 14
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_RCDATA 4
EXEFILE 2
RT_DIALOG 1
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 51
RUSSIAN 8
PE resources
ExifTool file metadata
UninitializedDataSize
958464

LinkerVersion
2.25

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.1.4.40

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Windows, Cyrillic

InitializedDataSize
16384

EntryPoint
0x1836f0

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.1.4.40

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

LegalCopyright
StranikS_Scan

MachineType
Intel 386 or later, and compatibles

CodeSize
626688

ProductName
Setup

ProductVersionNumber
1.1.4.40

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 7f4fc365367fbeeb314dacac29e8bb0f
SHA1 ea16128a05d31bd137006add791a616780b485ba
SHA256 f9cf6bea195ea805e5cc790ef7bbf200effcc83973cf86ac70493c76f8e87b69
ssdeep
12288:qby7cdH9CxGvKlxkbHt/iROYKuWuSwP9x2c3BlWbTM:q27czCxRlx8Ht/iRZnP9lWbTM

authentihash 0516a581c357fee425ce02087cfc72ed74e8e445d581adcf4a558007dc774452
imphash 64dc993a094b578183b997632eb41cf3
Размер файла 627.5 KБ ( 642560 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (41.1%)
Win32 EXE Yoda's Crypter (35.7%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Win16/32 Executable Delphi generic (2.7%)
Tags
peexe upx

VirusTotal metadata
First submission 2014-01-08 22:10:31 UTC (4 лет, 10 месяцев назад)
Last submission 2016-11-28 05:09:57 UTC (1 год, 11 месяцев назад)
Имена файлов Setup.exe
Setup.exe
Setup.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests
UDP communications