× Cookies 已停用! 本網站需要啟用 Cookies 才能正常工作
SHA256: 40b12b6034692dba48435f105621a571f8f72fa4724adf7c5d03a80bf6d43812
檔案名稱: iToolsSetup_3.1.7.6.exe
偵測率: 6 / 57
分析日期: 2015-03-05 00:42:21 UTC ( 2 年, 9 月 前 ) 檢視最新
防毒 結果 更新
DrWeb DLOADER.Trojan 20150305
Jiangmin Adware/iBryte.hjyi 20150304
McAfee Artemis!31FBDC96440A 20150304
McAfee-GW-Edition Artemis 20150305
TrendMicro-HouseCall Suspicious_GEN.F47V0213 20150305
VBA32 AdWare.iBryte 20150304
Ad-Aware 20150305
AegisLab 20150305
Yandex 20150228
AhnLab-V3 20150304
Alibaba 20150305
ALYac 20150304
Antiy-AVL 20150304
Avast 20150305
AVG 20150305
Avira (no cloud) 20150305
AVware 20150305
Baidu-International 20150304
BitDefender 20150305
Bkav 20150304
ByteHero 20150305
CAT-QuickHeal 20150304
ClamAV 20150304
CMC 20150304
Comodo 20150305
Cyren 20150305
Emsisoft 20150305
ESET-NOD32 20150305
F-Prot 20150305
F-Secure 20150305
Fortinet 20150304
GData 20150305
Ikarus 20150304
K7AntiVirus 20150304
K7GW 20150305
Kaspersky 20150305
Kingsoft 20150305
Malwarebytes 20150305
Microsoft 20150304
eScan 20150305
NANO-Antivirus 20150304
Norman 20150304
nProtect 20150304
Panda 20150304
Qihoo-360 20150305
Rising 20150304
Sophos AV 20150305
SUPERAntiSpyware 20150303
Symantec 20150305
Tencent 20150305
TheHacker 20150303
TotalDefense 20150305
TrendMicro 20150304
VIPRE 20150305
ViRobot 20150304
Zillya 20150303
Zoner 20150303
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 7:26 AM 2/13/2015
Signers
[+] Shenzhen Thinksky Technology Co.
Status Valid
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 2/24/2014
Valid to 12:59 AM 5/26/2016
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint CCEC517333D02E6ABD29D8973228BCB755AC4B37
Serial number 21 65 0A 6A 34 68 1F DC 7B 0F D4 A2 10 07 3B 60
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT appended, UTF-8, ZIP
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-02-05 07:50:45
Entry Point 0x00038317
Number of sections 4
PE sections
Overlays
MD5 20a5303147b5204e6be14c09f097e120
File type data
Offset 660480
Size 15458688
Entropy 8.00
PE imports
RegCreateKeyExW
GetTokenInformation
RegCloseKey
CreateWellKnownSid
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
CheckTokenMembership
RegDeleteKeyW
RegQueryValueExW
InitCommonControlsEx
_TrackMouseEvent
CreateFontIndirectW
PatBlt
OffsetRgn
SaveDC
CombineRgn
GetObjectA
DeleteDC
RestoreDC
SetBkMode
DeleteObject
GetObjectW
BitBlt
CreateDIBSection
SetTextColor
RectVisible
GetStockObject
ExtCreateRegion
SelectClipRgn
CreateCompatibleDC
CreateRectRgn
SelectObject
GetTextExtentPoint32W
CreateCompatibleBitmap
GetAdaptersInfo
GetStdHandle
GetConsoleOutputCP
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
UnhandledExceptionFilter
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
FindResourceExW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
LocalFree
ResumeThread
InitializeCriticalSection
LoadResource
TlsGetValue
MoveFileW
SetLastError
OpenThread
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetVersionExA
GetModuleFileNameA
GetVolumeInformationW
InterlockedDecrement
MultiByteToWideChar
SetFilePointer
CreateThread
SetUnhandledExceptionFilter
Module32NextW
ExitThread
TerminateProcess
WriteConsoleA
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
MulDiv
CreateToolhelp32Snapshot
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
OpenProcess
GetStartupInfoW
DeleteFileW
GetProcAddress
GetProcessHeap
WriteFile
GlobalReAlloc
RemoveDirectoryW
GlobalLock
GetTempPathW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetNativeSystemInfo
GetLastError
LCMapStringW
GetSystemInfo
GlobalFree
GetConsoleCP
LCMapStringA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
Process32NextW
CreateProcessW
Module32FirstW
GetEnvironmentStrings
GetCurrentProcessId
LockResource
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
Process32FirstW
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
FreeResource
SizeofResource
IsValidCodePage
HeapCreate
FindResourceW
VirtualFree
Sleep
VirtualAlloc
TransparentBlt
AlphaBlend
DrawDibClose
DrawDibOpen
DrawDibDraw
SHCreateDirectoryExW
SHBrowseForFolderW
SHFileOperationW
ShellExecuteW
SHGetPathFromIDListW
ShellExecuteExW
SHGetSpecialFolderPathW
SHGetMalloc
CommandLineToArgvW
PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW
PathIsDirectoryEmptyW
PathFindExtensionW
PathStripToRootW
PathIsDirectoryW
SetFocus
RegisterClassExW
SetWindowRgn
UpdateWindow
IntersectRect
EndDialog
EqualRect
OffsetRect
DefWindowProcW
MoveWindow
GetCapture
KillTimer
GetMessageW
PostQuitMessage
ShowWindow
ReleaseCapture
SetPropW
GetParent
SetWindowLongW
IsWindow
LoadCursorW
GetWindowRect
InflateRect
EnableWindow
SetCapture
SetRectEmpty
EnumChildWindows
SetWindowPos
TranslateMessage
SendMessageTimeoutW
PostMessageW
GetPropW
GetDC
GetCursorPos
ReleaseDC
UpdateLayeredWindow
BeginPaint
SendMessageW
UnregisterClassA
GetWindowLongW
PtInRect
IsWindowVisible
IsZoomed
GetClientRect
RemovePropW
SystemParametersInfoW
MessageBoxW
DispatchMessageW
ScreenToClient
SetRect
InvalidateRect
PeekMessageW
SetTimer
EnumThreadWindows
SetWindowTextW
GetWindowTextW
GetDesktopWindow
IsRectEmpty
GetCursor
GetWindowTextLengthW
CreateWindowExW
MsgWaitForMultipleObjects
EndPaint
DrawTextW
SetCursor
DestroyWindow
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
__WSAFDIsSet
htons
socket
closesocket
ntohl
inet_addr
send
WSACleanup
WSAStartup
gethostbyname
connect
inet_ntoa
ioctlsocket
recv
select
GdipCreateFontFromDC
GdipSetClipRectI
GdipGetImageHeight
GdipCreateSolidFill
GdipMeasureString
GdiplusShutdown
GdipDisposeImage
GdiplusStartup
GdipDeleteGraphics
GdipCreateBitmapFromStream
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFromHDC
GdipCreatePen1
GdipSetStringFormatAlign
GdipGetImageWidth
GdipAlloc
GdipDrawImageRectI
GdipDeletePen
GdipFillRectangleI
GdipCloneBrush
GdipDrawLineI
GdipFree
GdipDrawString
GdipSetStringFormatFlags
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatTrimming
GdipCloneImage
GdipDeleteBrush
GdipSetStringFormatLineAlign
GdipGetImagePixelFormat
ImageLoad
ImageUnload
CoUninitialize
CoCreateGuid
CoCreateInstance
CoInitialize
CreateStreamOnHGlobal
Number of PE resources by type
RT_ICON 5
RT_DIALOG 1
RT_MANIFEST 1
UIR 1
RT_STRING 1
RT_MENU 1
RT_ACCELERATOR 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 11
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:02:05 08:50:45+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
312832

LinkerVersion
8.0

FileTypeExtension
exe

InitializedDataSize
346624

SubsystemVersion
4.0

EntryPoint
0x38317

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 31fbdc96440a1277ff2f86bacf7a1bac
SHA1 55cfc3d8923ec3093eca4228da12ca5fa96e52f2
SHA256 40b12b6034692dba48435f105621a571f8f72fa4724adf7c5d03a80bf6d43812
ssdeep
393216:NR2VgK6dA5/fldaBvBSRpFpQwIJiAoyYxe8q+vY4:6WdAxfLaRQFpQwIJ9onxnvY

authentihash 8d2fd47002230e851699c326ffe85a5922f4e959a7746026480f1f22a1509745
imphash 14b3f585b1fc6f1232ade18d69711dd6
File size 15.4 MB ( 16119168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2015-02-13 08:28:56 UTC ( 2 年, 10 月 前 )
Last submission 2016-03-16 06:55:36 UTC ( 1 年, 9 月 前 )
檔案名稱 iToolsCNSetup_3.1.7.6.exe
iToolsSetup_3.1.7.6.exe
30BG2ENU6P.xls
itoolssetup_3.1.7.6.exe.c06eavi.partial
Новый.exe
filename
iToolsSetup_3.1.7.6.exe
itoolssetup_3.1.7.6.exe
40b12b6034692dba48435f105621a571f8f72fa4724adf7c5d03a80bf6d43812
iToolsSetup_3.1.7.6.exe
iToolsSetup_3.1.7.6.exe
iToolsSetup_V3.1.7.6.1423818561.exe
VirusShare_31fbdc96440a1277ff2f86bacf7a1bac
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
沒有評論. 尚未有 VirusTotal 社群成員評論此項目,您將是第一個這樣做!

留下您的評論...

?
張貼評論

您尚未登入。 只有註冊的使用者才可以發表評論、登入!

沒有投票. 尚未有人對此項目投票,您將是第一個這樣做!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.