× Cookies 已停用! 本網站需要啟用 Cookies 才能正常工作
SHA256: ef98620d4b6c8d7948a1b9897df0dff573aff71aef7ebca0f8cc05fbe62e0f2b
檔案名稱: BANDIZIP-SETUP.EXE
偵測率: 0 / 64
分析日期: 2017-08-15 21:37:10 UTC ( 1 月, 1 週 前 )
防毒 結果 更新
Ad-Aware 20170815
AegisLab 20170815
AhnLab-V3 20170815
Alibaba 20170815
ALYac 20170815
Antiy-AVL 20170815
Arcabit 20170815
Avast 20170815
AVG 20170815
Avira (no cloud) 20170815
AVware 20170815
Baidu 20170815
BitDefender 20170815
Bkav 20170815
CAT-QuickHeal 20170814
ClamAV 20170815
CMC 20170815
Comodo 20170815
CrowdStrike Falcon (ML) 20170804
Cylance 20170815
Cyren 20170815
DrWeb 20170815
Emsisoft 20170815
Endgame 20170721
ESET-NOD32 20170815
F-Prot 20170815
F-Secure 20170815
Fortinet 20170815
GData 20170815
Ikarus 20170815
Sophos ML 20170607
Jiangmin 20170815
K7AntiVirus 20170814
K7GW 20170815
Kaspersky 20170815
Kingsoft 20170815
Malwarebytes 20170815
MAX 20170815
McAfee 20170815
McAfee-GW-Edition 20170815
Microsoft 20170815
eScan 20170815
NANO-Antivirus 20170815
nProtect 20170815
Palo Alto Networks (Known Signatures) 20170815
Panda 20170815
Qihoo-360 20170815
Rising 20170815
SentinelOne (Static ML) 20170806
Sophos AV 20170815
SUPERAntiSpyware 20170815
Symantec 20170815
Symantec Mobile Insight 20170815
Tencent 20170815
TheHacker 20170814
TrendMicro 20170815
TrendMicro-HouseCall 20170815
Trustlook 20170815
VBA32 20170814
VIPRE 20170815
ViRobot 20170815
Webroot 20170815
WhiteArmor 20170815
Yandex 20170815
Zillya 20170815
ZoneAlarm by Check Point 20170815
Zoner 20170814
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright(C) 2011-2017, Bandisoft.com, All rights reserved.

File version 6.07
Description Bandizip 6.07 Setup
Signature verification Signed file, verified signature
Signing date 11:38 AM 5/14/2017
Signers
[+] Bandisoft
Status Valid
Issuer Symantec Class 3 SHA256 Code Signing CA
Valid from 1:00 AM 12/9/2016
Valid to 12:59 AM 2/8/2020
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 3FCB2D406FB1D7047D6F2FE16DD2DFAC12064F83
Serial number 21 DD 22 7A 55 92 B5 4F CE 64 9D 98 38 FA C0 6B
[+] Symantec Class 3 SHA256 Code Signing CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 12/10/2013
Valid to 12:59 AM 12/10/2023
Valid usage Client Auth, Code Signing
Algorithm sha256RSA
Thumbprint 007790F6561DAD89B0BCD85585762495E358F8A5
Serial number 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT 7Z
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-03 11:42:01
Entry Point 0x0005DEDA
Number of sections 5
PE sections
Overlays
MD5 a7ad3c9ce792983849fe0f0ae49371c6
File type data
Offset 718848
Size 4498328
Entropy 8.00
PE imports
GetTokenInformation
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
OpenProcessToken
RegSetValueExW
FreeSid
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
AllocateAndInitializeSid
OpenThreadToken
EqualSid
RegEnumKeyW
RegDeleteKeyW
RegQueryValueExW
GetTextMetricsW
OffsetRgn
CombineRgn
GetDeviceCaps
ExcludeClipRect
LineTo
DeleteDC
SetBkMode
CreateSolidBrush
GetObjectW
BitBlt
CreateDIBSection
SetTextColor
ExtTextOutW
MoveToEx
GetStockObject
ExtCreateRegion
CreateCompatibleDC
CreateFontW
CreateRectRgn
SelectObject
SetWindowOrgEx
SetBkColor
DeleteObject
CreateCompatibleBitmap
GetStdHandle
GetConsoleOutputCP
WaitForSingleObject
HeapDestroy
GetFileAttributesW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
SetErrorMode
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
InitializeCriticalSection
LoadResource
FindClose
TlsGetValue
MoveFileW
SetFileAttributesW
SetLastError
GetUserDefaultUILanguage
InterlockedDecrement
CopyFileW
RemoveDirectoryW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
lstrcmpiW
EnumSystemLocalesA
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
FlushInstructionCache
SetFilePointer
GetFullPathNameW
CreateThread
SetEnvironmentVariableW
GetSystemDirectoryW
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
ExitThread
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
SetCurrentDirectoryW
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoA
GetDateFormatA
GetWindowsDirectoryW
GetFileSize
GetModuleHandleW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
GetTempFileNameW
CompareStringW
lstrcpyW
GetFileSizeEx
GetModuleFileNameW
FindNextFileW
CompareStringA
FindFirstFileW
IsValidLocale
GetProcAddress
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GlobalFree
GetConsoleCP
FindResourceW
LCMapStringA
GetEnvironmentStringsW
lstrlenW
CreateProcessW
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
WideCharToMultiByte
HeapSize
InterlockedCompareExchange
GetCurrentThread
lstrcpynW
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetVersion
FindResourceExW
IsValidCodePage
HeapCreate
GetTempPathW
VirtualFree
Sleep
VirtualAlloc
GetTimeFormatA
VarUI4FromStr
SHGetFolderPathW
SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
ShellExecuteExW
SHAppBarMessage
PathCanonicalizeW
PathIsDirectoryW
SetFocus
SetWindowRgn
DestroyWindow
SetRectEmpty
PostQuitMessage
SetWindowPos
ClientToScreen
GetDC
GetCursorPos
ReleaseDC
SendMessageW
UnregisterClassA
GetClientRect
DrawTextW
SetScrollPos
GetWindowTextW
GetWindowTextLengthW
LoadAcceleratorsW
PtInRect
GetParent
UpdateWindow
GetPropW
EqualRect
GetMessageW
ShowWindow
SetPropW
IsCharAlphaW
PeekMessageW
EnableWindow
LoadIconW
TranslateMessage
IsWindowEnabled
GetWindow
RegisterClassW
GetWindowPlacement
EnableMenuItem
TrackPopupMenuEx
SetTimer
MonitorFromPoint
CopyRect
CreateWindowExW
GetWindowLongW
CharNextW
MapWindowPoints
RegisterWindowMessageW
GetMonitorInfoW
BeginPaint
OffsetRect
DefWindowProcW
KillTimer
TrackMouseEvent
GetClassInfoExW
GetSystemMetrics
SetWindowLongW
SetScrollRange
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
PostMessageW
InvalidateRect
CreatePopupMenu
SetWindowTextW
GetDlgItem
RemovePropW
ScreenToClient
LoadCursorW
GetSystemMenu
DispatchMessageW
EndPaint
IntersectRect
FindWindowW
MessageBoxW
RegisterClassExW
MoveWindow
AppendMenuW
GetWindowDC
AdjustWindowRectEx
SendMessageTimeoutW
GetSysColor
SetScrollInfo
GetKeyState
IsWindowVisible
SubtractRect
SystemParametersInfoW
UnionRect
MonitorFromWindow
SetRect
MonitorFromRect
CallWindowProcW
IsRectEmpty
GetFocus
SetCursor
TranslateAcceleratorW
HttpQueryInfoW
InternetQueryDataAvailable
InternetQueryOptionW
HttpOpenRequestA
InternetReadFile
InternetCloseHandle
InternetConnectA
InternetSetOptionW
HttpSendRequestW
InternetCrackUrlA
InternetOpenW
HttpAddRequestHeadersW
GdipCreateFontFamilyFromName
GdipGetGenericFontFamilySansSerif
GdipCreateSolidFill
GdipSetSmoothingMode
GdipSetStringFormatMeasurableCharacterRanges
GdipGetRegionBounds
GdiplusShutdown
GdipDeleteFontFamily
GdipSetStringFormatTrimming
GdipCreatePath
GdipGetEmHeight
GdipCreateRegionPath
GdipCreateRegion
GdiplusStartup
GdipGetLineSpacing
GdipMeasureCharacterRanges
GdipSetSolidFillColor
GdipSetStringFormatHotkeyPrefix
GdipDeleteGraphics
GdipCreateFromHDC
GdipDeleteFont
GdipGetFontSize
GdipSetPixelOffsetMode
GdipCloneBrush
GdipSetStringFormatAlign
GdipAlloc
GdipStringFormatGetGenericTypographic
GdipCreateFont
GdipDeletePath
GdipDeleteRegion
GdipSetClipRegion
GdipCloneStringFormat
GdipFree
GdipDrawString
GdipSetCompositingQuality
GdipSetStringFormatFlags
GdipDeleteBrush
GdipDeleteStringFormat
GdipAddPathRectangleI
GdipSetStringFormatLineAlign
GdipSetTextRenderingHint
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
Number of PE resources by type
RT_ICON 7
RT_ACCELERATOR 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 11
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
6.7.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
ASCII

InitializedDataSize
147968

EntryPoint
0x5deda

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.07

TimeStamp
2017:05:03 12:42:01+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
6.07

FileDescription
Bandizip 6.07 Setup

OSVersion
5.0

FileOS
Win32

LegalCopyright
Copyright(C) 2011-2017, Bandisoft.com, All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Bandisoft

CodeSize
519680

FileSubtype
0

ProductVersionNumber
6.7.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 55a6bfaa242bd67c380b9aa96d896e98
SHA1 e57fad9a3c972b78af23a08706c819164d1b0d5b
SHA256 ef98620d4b6c8d7948a1b9897df0dff573aff71aef7ebca0f8cc05fbe62e0f2b
ssdeep
98304:sUkKiNhW5rVoBzK0vn8u6MHXxYsLhB4TVRG7w/CDBJL05/eI30:BB6WvozX8aXxYsLhBNw/CDBa5/rk

authentihash 4b3681aed9f1383ab0bb24231be5638e85855c020a8a6fb79b284676cb428431
imphash 38afdb3183cc0d147c9ecfe9cf2137a2
File size 5.0 MB ( 5217176 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2017-05-14 11:58:52 UTC ( 4 月, 2 週 前 )
Last submission 2017-08-15 21:37:10 UTC ( 1 月, 1 週 前 )
檔案名稱 EF98620D4B6C8D7948A1B9897DF0DFF573AFF71AEF7EBCA0F8CC05FBE62E0F2B.exe
BANDIZIP-SETUP.EXE
BANDIZIP-SETUP.EXE
BANDIZIP-SETUP.EXE
bandizip-setup[1].exe
BANDIZIP-SETUP.EXE
Bandizip 6.07 - May 14, 2017.exe
BANDIZIP-SETUP.EXE
BANDIZIP-SETUP.EXE
BANDIZIP-SETUP ( Бесплатный архиватор ).EXE
BANDIZIP-SETUP__.EXE
BANDIZIP-SETUP (2).EXE
BANDIZIP-SETUP_2.EXE
SoftZoner.com_BandiZip_v6.07.EXE
BANDIZIP-SETUP (1).EXE
BANDIZIP-SETUP+-+%28UTILITY+WEB%29.EXE
Bandizip_v6.07.EXE
BANDIZIP-SETUP-6.07.EXE
Bandizip 6.07.exe
Behaviour characterization
Zemana
dll-injection

沒有評論. 尚未有 VirusTotal 社群成員評論此項目,您將是第一個這樣做!

留下您的評論...

?
張貼評論

您尚未登入。 只有註冊的使用者才可以發表評論、登入!

沒有投票. 尚未有人對此項目投票,您將是第一個這樣做!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Searched windows
Runtime DLLs
UDP communications