× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1bc8bc7e44d912be337729c5cdf8e639b5bac2e3e588b8eabda263357a2a1ab9
File name: kiosk_v2016_install.exe
Detection ratio: 0 / 56
Analysis date: 2016-11-04 07:23:45 UTC ( 1 year, 1 month ago )
Antivirus Result Update
Ad-Aware 20161104
AegisLab 20161104
AhnLab-V3 20161103
Alibaba 20161104
ALYac 20161104
Antiy-AVL 20161104
Arcabit 20161104
Avast 20161104
AVG 20161104
Avira (no cloud) 20161103
AVware 20161104
Baidu 20161104
BitDefender 20161104
Bkav 20161103
CAT-QuickHeal 20161103
ClamAV 20161103
CMC 20161103
Comodo 20161104
CrowdStrike Falcon (ML) 20161024
Cyren 20161104
DrWeb 20161104
Emsisoft 20161104
ESET-NOD32 20161104
F-Prot 20161104
F-Secure 20161104
Fortinet 20161104
GData 20161104
Ikarus 20161103
Sophos ML 20161018
Jiangmin 20161104
K7AntiVirus 20161104
K7GW 20161104
Kaspersky 20161104
Kingsoft 20161104
Malwarebytes 20161104
McAfee 20161104
McAfee-GW-Edition 20161104
Microsoft 20161104
eScan 20161104
NANO-Antivirus 20161104
nProtect 20161104
Panda 20161103
Qihoo-360 20161104
Rising 20161104
Sophos AV 20161104
SUPERAntiSpyware 20161104
Symantec 20161104
Tencent 20161104
TheHacker 20161103
TrendMicro 20161104
TrendMicro-HouseCall 20161104
VBA32 20161103
VIPRE 20161104
ViRobot 20161104
Yandex 20161103
Zillya 20161103
Zoner 20161104
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Stefan Kubatzki

Product KIOSK Enterprise
File version 12.2.2.20
Description KIOSK Enterprise Setup
Comments This installation was built with Inno Setup.
Signature verification Signed file, verified signature
Signing date 10:34 PM 11/3/2016
Signers
[+] Stefan Kubatzki
Status Valid
Issuer StartCom Class 2 Primary Intermediate Object CA
Valid from 4:32 PM 8/24/2015
Valid to 11:25 PM 8/23/2017
Valid usage Code Signing, Lifetime Signing
Algorithm sha256RSA
Thumbprint 96AA8F539DD5EA700498DD77E03E662DE226AC6C
Serial number 12 B0 64 F4 3F F8 CE
[+] StartCom Class 2 Primary Intermediate Object CA
Status Valid
Issuer StartCom Certification Authority
Valid from 11:01 PM 10/14/2007
Valid to 11:01 PM 10/14/2022
Valid usage All
Algorithm sha256RSA
Thumbprint C2624B5B53F73EC2911D4479072B9255BB85A2DF
Serial number 10 00 F5 EB E0 39 43
[+] StartCom Certification Authority
Status Valid
Issuer StartCom Certification Authority
Valid from 8:46 PM 9/17/2006
Valid to 8:46 PM 9/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbprint 3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F
Serial number 01
Counter signers
[+] GlobalSign TSA for MS Authenticode - G2
Status Valid
Issuer GlobalSign Timestamping CA - G2
Valid from 1:00 AM 5/24/2016
Valid to 1:00 AM 6/24/2027
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 63B82FAB61F583909695050B00249C502933EC79
Serial number 11 21 D6 99 A7 64 97 3E F1 F8 42 7E E9 19 CC 53 41 14
[+] GlobalSign Timestamping CA - G2
Status Valid
Issuer GlobalSign Root CA
Valid from 11:00 AM 4/13/2011
Valid to 1:00 PM 1/28/2028
Valid usage All
Algorithm sha1RSA
Thumbrint C0E49D2D7D90A5CD427F02D9125694D5D6EC5B71
Serial number 04 00 00 00 00 01 2F 4E E1 52 D7
[+] GlobalSign
Status Valid
Issuer GlobalSign Root CA
Valid from 1:00 PM 9/1/1998
Valid to 1:00 PM 1/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbrint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
Packers identified
F-PROT INNO, appended, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-04-06 14:39:04
Entry Point 0x000117DC
Number of sections 8
PE sections
Overlays
MD5 5a49c9f740a7a4d5b08f7be234c86b1f
File type data
Offset 486912
Size 25477440
Entropy 8.00
PE imports
RegCloseKey
OpenProcessToken
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
InitCommonControls
GetLastError
GetStdHandle
GetUserDefaultLangID
GetSystemInfo
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetThreadLocale
VirtualProtect
GetFileAttributesW
RtlUnwind
lstrlenW
GetExitCodeProcess
CreateProcessW
GetStartupInfoA
SizeofResource
GetWindowsDirectoryW
LocalAlloc
LockResource
GetDiskFreeSpaceW
GetCommandLineW
SetErrorMode
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
EnumCalendarInfoW
GetCPInfo
DeleteFileW
GetProcAddress
InterlockedCompareExchange
GetLocaleInfoW
lstrcpynW
RaiseException
WideCharToMultiByte
RemoveDirectoryW
SetFilePointer
GetSystemDirectoryW
GetFullPathNameW
ReadFile
GetEnvironmentVariableW
InterlockedExchange
CreateDirectoryW
WriteFile
GetCurrentProcess
CloseHandle
FindFirstFileW
GetACP
GetModuleHandleW
SignalObjectAndWait
SetEvent
FormatMessageW
LoadLibraryW
CreateEventW
GetVersion
LoadResource
FindResourceW
CreateFileW
VirtualQuery
VirtualFree
FindClose
TlsGetValue
Sleep
SetEndOfFile
TlsSetValue
ExitProcess
GetCurrentThreadId
VirtualAlloc
GetFileSize
SetLastError
ResetEvent
SysReAllocStringLen
SysFreeString
SysAllocStringLen
GetSystemMetrics
SetWindowLongW
MessageBoxW
PeekMessageW
LoadStringW
MessageBoxA
CreateWindowExW
MsgWaitForMultipleObjects
TranslateMessage
CharUpperBuffW
CallWindowProcW
CharNextW
GetKeyboardType
ExitWindowsEx
DispatchMessageW
DestroyWindow
Number of PE resources by type
RT_ICON 6
RT_STRING 6
RT_RCDATA 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 10
NEUTRAL 9
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
This installation was built with Inno Setup.

LinkerVersion
2.25

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
12.2.2.20

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
419328

EntryPoint
0x117dc

MIMEType
application/octet-stream

LegalCopyright
Stefan Kubatzki

FileVersion
12.2.2.20

TimeStamp
2016:04:06 15:39:04+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

ProductVersion
12.2.2.20

FileDescription
KIOSK Enterprise Setup

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
KUBA - EDV

CodeSize
66560

ProductName
KIOSK Enterprise

ProductVersionNumber
12.2.2.20

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 ffe1f4143ad6abf445ba289c87496994
SHA1 fc9a85428cf58cf6592d8efd57e9ac0c84aa5b95
SHA256 1bc8bc7e44d912be337729c5cdf8e639b5bac2e3e588b8eabda263357a2a1ab9
ssdeep
786432:8Ei+1dBKHmaMIEPNzq2MbzdsGyumHmraIpbd:8EiuBKyIEFG2c2GybHzKbd

authentihash d99f362e73e0a745bb420dd65216f046d0fc0d0fc17a898d81d8b52c236bee2c
imphash 20dd26497880c05caed9305b3c8b9109
File size 24.8 MB ( 25964352 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.6%)
Win16/32 Executable Delphi generic (19.5%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2016-11-03 21:43:32 UTC ( 1 year, 1 month ago )
Last submission 2016-11-04 07:23:45 UTC ( 1 year, 1 month ago )
File names kiosk_v2016_install.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!