× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 268820f1a8b068f602161b6cd86213773f23f96544d71588dc33660440fc3ac5
File name: PaperSoftwareContractToolsSetup
Detection ratio: 0 / 68
Analysis date: 2017-11-22 13:23:14 UTC ( 1 month, 3 weeks ago )
Antivirus Result Update
Ad-Aware 20171122
AegisLab 20171122
AhnLab-V3 20171122
Alibaba 20171122
ALYac 20171122
Antiy-AVL 20171122
Arcabit 20171122
Avast 20171122
Avast-Mobile 20171122
AVG 20171122
Avira (no cloud) 20171122
AVware 20171122
Baidu 20171122
BitDefender 20171122
Bkav 20171121
CAT-QuickHeal 20171121
ClamAV 20171122
CMC 20171122
Comodo 20171122
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20171122
Cyren 20171122
DrWeb 20171122
eGambit 20171122
Emsisoft 20171122
Endgame 20171024
ESET-NOD32 20171122
F-Prot 20171122
F-Secure 20171122
Fortinet 20171122
GData 20171122
Ikarus 20171122
Sophos ML 20170914
Jiangmin 20171122
K7AntiVirus 20171122
K7GW 20171122
Kaspersky 20171122
Kingsoft 20171122
Malwarebytes 20171122
MAX 20171122
McAfee 20171122
McAfee-GW-Edition 20171122
Microsoft 20171122
eScan 20171122
NANO-Antivirus 20171122
nProtect 20171122
Palo Alto Networks (Known Signatures) 20171122
Panda 20171121
Qihoo-360 20171122
Rising 20171122
SentinelOne (Static ML) 20171113
Sophos AV 20171122
SUPERAntiSpyware 20171122
Symantec 20171122
Symantec Mobile Insight 20171122
Tencent 20171122
TheHacker 20171121
TotalDefense 20171122
TrendMicro 20171122
TrendMicro-HouseCall 20171122
Trustlook 20171122
VBA32 20171122
VIPRE 20171122
ViRobot 20171122
Webroot 20171122
WhiteArmor 20171104
Yandex 20171120
Zillya 20171121
ZoneAlarm by Check Point 20171122
Zoner 20171122
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2017 Paper Software LLC

Product Contract Tools
Original name PaperSoftwareContractToolsSetup.exe
Internal name PaperSoftwareContractToolsSetup
File version 1.21.1.0
Description Paper Software Contract Tools 1.21.1.0 Setup
Signature verification Signed file, verified signature
Signing date 5:18 PM 7/14/2017
Signers
[+] Paper Software LLC
Status Valid
Issuer DigiCert EV Code Signing CA (SHA2)
Valid from 1:00 AM 1/18/2016
Valid to 1:00 PM 1/22/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 6D3F54828671953A56A1082AD745EED4923A2511
Serial number 05 7F 9A 47 98 87 93 3F 1F 27 70 7B 1A 3C C0 36
[+] DigiCert EV Code Signing CA (SHA2)
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 1:00 PM 4/18/2012
Valid to 1:00 PM 4/18/2027
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 60EE3FC53D4BDFD1697AE5BEAE1CAB1C0F3AD4E3
Serial number 03 F1 B4 E1 5F 3A 82 F1 14 96 78 B3 D7 D8 47 5C
[+] DigiCert
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
Serial number 02 AC 5C 26 6A 0B 40 9B 8F 0B 79 F2 AE 46 25 77
Counter signers
[+] DigiCert SHA2 Timestamp Responder
Status Valid
Issuer DigiCert SHA2 Assured ID Timestamping CA
Valid from 1:00 AM 1/4/2017
Valid to 1:00 AM 1/18/2028
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 400191475C98891DEBA104AF47091B5EB6D4CBCB
Serial number 09 C0 FC 46 C8 04 42 13 B5 59 8B AF 28 4F 4E 41
[+] DigiCert SHA2 Assured ID Timestamping CA
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 PM 1/7/2016
Valid to 1:00 PM 1/7/2031
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 3BA63A6E4841355772DEBEF9CDCF4D5AF353A297
Serial number 0A A1 25 D6 D6 32 1B 7E 41 E4 05 DA 36 97 C2 15
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbrint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-19 11:53:14
Entry Point 0x000CED52
Number of sections 7
PE sections
Overlays
MD5 9d3109cb7b209f9f815fadc8cab651ed
File type application/x-ms-dos-executable
Offset 1674240
Size 8080144
Entropy 6.33
PE imports
GetStdHandle
GetDriveTypeW
FileTimeToSystemTime
WaitForSingleObject
HeapDestroy
GetPrivateProfileSectionNamesW
GetFileAttributesW
GetExitCodeProcess
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
EnumSystemLocalesW
FreeEnvironmentStringsW
InitializeSListHead
InterlockedPopEntrySList
GetLocaleInfoW
EnumResourceLanguagesW
GetFileTime
WideCharToMultiByte
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
FormatMessageW
ConnectNamedPipe
InterlockedPushEntrySList
InitializeCriticalSection
LoadResource
GetLogicalDriveStringsW
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
EncodePointer
WritePrivateProfileStringW
GetEnvironmentVariableW
SetLastError
GetSystemTime
TlsGetValue
CopyFileW
GetUserDefaultLangID
OutputDebugStringW
OpenEventW
RemoveDirectoryW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
LoadLibraryA
QueryPerformanceFrequency
LoadLibraryExA
GetUserDefaultLCID
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetLocalTime
SetFilePointerEx
FlushInstructionCache
GetPrivateProfileStringW
GetFullPathNameW
CreateThread
GetSystemDirectoryW
GetExitCodeThread
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetModuleHandleExW
SetCurrentDirectoryW
VirtualQuery
GetDiskFreeSpaceExW
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
PeekNamedPipe
TerminateThread
LoadLibraryW
GetVersionExW
SetEvent
QueryPerformanceCounter
SetConsoleTextAttribute
TlsAlloc
VirtualProtect
FlushFileBuffers
lstrcmpiW
RtlUnwind
GetWindowsDirectoryW
GetFileSize
GetStartupInfoW
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
GetConsoleScreenBufferInfo
CreateNamedPipeW
GetProcessHeap
GetTempFileNameW
CompareStringW
GetModuleFileNameW
FindNextFileW
ResetEvent
FindFirstFileW
IsValidLocale
lstrcmpW
FindFirstFileExW
GetProcAddress
ReadConsoleW
GetTempPathW
CreateEventW
CreateFileW
GetFileType
TlsSetValue
ExitProcess
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
GetSystemInfo
GlobalFree
GetConsoleCP
FindResourceW
GetEnvironmentStringsW
GlobalUnlock
GlobalAlloc
lstrlenW
Process32NextW
VirtualFree
WaitForSingleObjectEx
SizeofResource
CompareFileTime
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
CopyFileExW
Process32FirstW
GetCurrentThread
lstrcpynW
GetSystemDefaultLangID
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GlobalLock
GetModuleHandleW
SetStdHandle
IsValidCodePage
FindResourceExW
CreateProcessW
Sleep
VirtualAlloc
GetOEMCP
Number of PE resources by type
RT_STRING 14
RT_DIALOG 13
RT_BITMAP 6
RT_ICON 5
RTF_FILE 2
RT_MENU 2
IMAGE_FILE 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 47
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
14.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.21.1.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
530432

EntryPoint
0xced52

OriginalFileName
PaperSoftwareContractToolsSetup.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2017 Paper Software LLC

FileVersion
1.21.1.0

TimeStamp
2017:05:19 12:53:14+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
PaperSoftwareContractToolsSetup

ProductVersion
1.21.1.0

FileDescription
Paper Software Contract Tools 1.21.1.0 Setup

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Paper Software LLC

CodeSize
1142784

ProductName
Contract Tools

ProductVersionNumber
1.21.1.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 ed7168f6774260640c1b1e07e8428737
SHA1 53c674d29785f19ced68b9763e02a3f9fa1b31ea
SHA256 268820f1a8b068f602161b6cd86213773f23f96544d71588dc33660440fc3ac5
ssdeep
98304:t3ysPQ52s+w/33ysPQ52s+w/cY5A2QyZje5kJhxyBpb94byNonrD0HMGahVV:VyGu+IyGu+STo9qnrwFax

authentihash b4d921d35ccd273213f6ccee14d2fcacbf05f638b4f32a00047c26522c421c05
imphash eea8f1a5703b1f0584012e1cfa48e7f4
File size 9.3 MB ( 9754384 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows ActiveX control (93.1%)
Win32 Executable (generic) (3.6%)
Generic Win/DOS Executable (1.6%)
DOS Executable Generic (1.5%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2017-07-14 16:25:08 UTC ( 6 months, 1 week ago )
Last submission 2017-11-22 13:23:14 UTC ( 1 month, 3 weeks ago )
File names PaperSoftwareContractToolsSetup
PaperSoftwareContractToolsSetup.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs
UDP communications