× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 06dd57013ab91100d4474ab4069ebb3a908ffc8776795127a3148203e2d4e1d8
File name: setup.exe
Detection ratio: 2 / 63
Analysis date: 2017-08-06 17:19:34 UTC ( 5 months, 2 weeks ago )
Antivirus Result Update
ESET-NOD32 NSIS/TrojanDropper.Agent.CO 20170806
Rising Dropper.Agent!8.2F (cloud:7fw1dqk8qnS) 20170806
Ad-Aware 20170806
AegisLab 20170806
AhnLab-V3 20170806
Alibaba 20170804
ALYac 20170806
Antiy-AVL 20170806
Arcabit 20170806
Avast 20170806
AVG 20170806
Avira (no cloud) 20170806
AVware 20170806
Baidu 20170804
BitDefender 20170806
Bkav 20170805
CAT-QuickHeal 20170805
ClamAV 20170806
CMC 20170805
Comodo 20170806
CrowdStrike Falcon (ML) 20170710
Cylance 20170806
Cyren 20170806
DrWeb 20170806
Emsisoft 20170806
Endgame 20170721
F-Prot 20170806
F-Secure 20170806
Fortinet 20170806
GData 20170806
Ikarus 20170806
Sophos ML 20170607
Jiangmin 20170806
K7AntiVirus 20170804
K7GW 20170806
Kaspersky 20170806
Kingsoft 20170806
Malwarebytes 20170806
MAX 20170806
McAfee 20170804
McAfee-GW-Edition 20170806
Microsoft 20170806
eScan 20170806
NANO-Antivirus 20170806
nProtect 20170806
Palo Alto Networks (Known Signatures) 20170806
Panda 20170806
Qihoo-360 20170806
SentinelOne (Static ML) 20170806
Sophos AV 20170806
SUPERAntiSpyware 20170806
Symantec 20170805
Symantec Mobile Insight 20170804
Tencent 20170806
TheHacker 20170806
TotalDefense 20170806
Trustlook 20170806
VBA32 20170803
VIPRE 20170806
ViRobot 20170806
Webroot 20170806
WhiteArmor 20170731
Yandex 20170801
Zillya 20170806
ZoneAlarm by Check Point 20170806
Zoner 20170806
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright

Product The Legend of Zelda - BotW
File version 1.0.0.0
Description The Legend of Zelda - BotW Setup
Comments This installation was built with Inno Setup.
Packers identified
F-PROT INNO, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00009C14
Number of sections 8
PE sections
Overlays
MD5 c9bc062a70ebe4d7d519f72ffb847ffc
File type data
Offset 54272
Size 2952092
Entropy 6.69
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
CreateDirectoryA
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetLocaleInfoA
LocalAlloc
LockResource
IsDBCSLeadByte
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
CloseHandle
GetACP
GetFullPathNameA
LocalFree
CreateProcessA
GetModuleFileNameA
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
FindResourceA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 4
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
CHINESE SIMPLIFIED 5
ENGLISH US 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
This installation was built with Inno Setup.

LinkerVersion
2.25

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
17920

EntryPoint
0x9c14

MIMEType
application/octet-stream

FileVersion
1.0.0.0

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

ProductVersion
1.0.0.0

FileDescription
The Legend of Zelda - BotW Setup

OSVersion
1.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
37888

ProductName
The Legend of Zelda - BotW

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 175f6310124ec35a561dcd3617fb3f8c
SHA1 3f0f4c0d912b01f993140905a8afd96f8776e3f4
SHA256 06dd57013ab91100d4474ab4069ebb3a908ffc8776795127a3148203e2d4e1d8
ssdeep
49152:LuHQ+eDrlzbM7x4vgNxD3i9v+X2V0GVqvDbd/zUg5reH7zK86jG6+XKu:Ln+edcx4wFGZdqvDRYg5reH7zK86jG6+

authentihash 5161a008675e9c25363bf1414d0334acbe2907447b2f07228f9e0b2c75e2a866
imphash 884310b1928934402ea6fec1dbd3cf5e
File size 2.9 MB ( 3006364 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows ActiveX control (37.1%)
Inno Setup installer (34.9%)
InstallShield setup (13.7%)
Win32 Executable Delphi generic (4.5%)
Windows screen saver (4.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-07-09 12:30:58 UTC ( 6 months, 1 week ago )
Last submission 2017-07-09 12:30:58 UTC ( 6 months, 1 week ago )
File names setup.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Runtime DLLs
UDP communications