× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 268820f1a8b068f602161b6cd86213773f23f96544d71588dc33660440fc3ac5
File name: PaperSoftwareContractToolsSetup.exe
Detection ratio: 0 / 63
Analysis date: 2017-07-31 10:24:00 UTC ( 3 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware 20170731
AegisLab 20170731
AhnLab-V3 20170731
Alibaba 20170731
ALYac 20170731
Antiy-AVL 20170731
Arcabit 20170731
Avast 20170731
AVG 20170731
Avira (no cloud) 20170731
AVware 20170731
Baidu 20170728
BitDefender 20170731
Bkav 20170731
CAT-QuickHeal 20170731
ClamAV 20170731
CMC 20170731
Comodo 20170731
CrowdStrike Falcon (ML) 20170710
Cylance 20170731
Cyren 20170731
DrWeb 20170731
Emsisoft 20170731
Endgame 20170721
ESET-NOD32 20170731
F-Prot 20170731
F-Secure 20170731
Fortinet 20170731
GData 20170731
Ikarus 20170731
Sophos ML 20170607
Jiangmin 20170731
K7AntiVirus 20170731
K7GW 20170731
Kaspersky 20170731
Kingsoft 20170731
Malwarebytes 20170731
MAX 20170731
McAfee 20170731
McAfee-GW-Edition 20170731
Microsoft 20170731
eScan 20170731
NANO-Antivirus 20170731
nProtect 20170731
Palo Alto Networks (Known Signatures) 20170731
Panda 20170731
Qihoo-360 20170731
Rising 20170731
SentinelOne (Static ML) 20170718
Sophos AV 20170731
SUPERAntiSpyware 20170731
Symantec 20170731
Symantec Mobile Insight 20170730
Tencent 20170731
TheHacker 20170730
TrendMicro-HouseCall 20170731
Trustlook 20170731
VBA32 20170728
VIPRE 20170731
ViRobot 20170731
Webroot 20170731
WhiteArmor 20170731
Yandex 20170728
Zillya 20170728
ZoneAlarm by Check Point 20170731
Zoner 20170731
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2017 Paper Software LLC

Product Contract Tools
Original name PaperSoftwareContractToolsSetup.exe
Internal name PaperSoftwareContractToolsSetup
File version 1.21.1.0
Description Paper Software Contract Tools 1.21.1.0 Setup
Signature verification Signed file, verified signature
Signing date 5:18 PM 7/14/2017
Signers
[+] Paper Software LLC
Status Valid
Issuer DigiCert EV Code Signing CA (SHA2)
Valid from 1:00 AM 1/18/2016
Valid to 1:00 PM 1/22/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 6D3F54828671953A56A1082AD745EED4923A2511
Serial number 05 7F 9A 47 98 87 93 3F 1F 27 70 7B 1A 3C C0 36
[+] DigiCert EV Code Signing CA (SHA2)
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 1:00 PM 4/18/2012
Valid to 1:00 PM 4/18/2027
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 60EE3FC53D4BDFD1697AE5BEAE1CAB1C0F3AD4E3
Serial number 03 F1 B4 E1 5F 3A 82 F1 14 96 78 B3 D7 D8 47 5C
[+] DigiCert
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
Serial number 02 AC 5C 26 6A 0B 40 9B 8F 0B 79 F2 AE 46 25 77
Counter signers
[+] DigiCert SHA2 Timestamp Responder
Status Valid
Issuer DigiCert SHA2 Assured ID Timestamping CA
Valid from 1:00 AM 1/4/2017
Valid to 1:00 AM 1/18/2028
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 400191475C98891DEBA104AF47091B5EB6D4CBCB
Serial number 09 C0 FC 46 C8 04 42 13 B5 59 8B AF 28 4F 4E 41
[+] DigiCert SHA2 Assured ID Timestamping CA
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 PM 1/7/2016
Valid to 1:00 PM 1/7/2031
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 3BA63A6E4841355772DEBEF9CDCF4D5AF353A297
Serial number 0A A1 25 D6 D6 32 1B 7E 41 E4 05 DA 36 97 C2 15
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbrint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-19 11:53:14
Entry Point 0x000CED52
Number of sections 7
PE sections
Overlays
MD5 9d3109cb7b209f9f815fadc8cab651ed
File type application/x-ms-dos-executable
Offset 1674240
Size 8080144
Entropy 6.33
PE imports
GetStdHandle
GetDriveTypeW
FileTimeToSystemTime
WaitForSingleObject
HeapDestroy
GetPrivateProfileSectionNamesW
GetFileAttributesW
GetExitCodeProcess
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
EnumSystemLocalesW
FreeEnvironmentStringsW
InitializeSListHead
InterlockedPopEntrySList
GetLocaleInfoW
EnumResourceLanguagesW
GetFileTime
WideCharToMultiByte
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
FormatMessageW
ConnectNamedPipe
InterlockedPushEntrySList
InitializeCriticalSection
LoadResource
GetLogicalDriveStringsW
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
EncodePointer
WritePrivateProfileStringW
GetEnvironmentVariableW
SetLastError
GetSystemTime
TlsGetValue
CopyFileW
GetUserDefaultLangID
OutputDebugStringW
OpenEventW
RemoveDirectoryW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
LoadLibraryA
QueryPerformanceFrequency
LoadLibraryExA
GetUserDefaultLCID
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetLocalTime
SetFilePointerEx
FlushInstructionCache
GetPrivateProfileStringW
GetFullPathNameW
CreateThread
GetSystemDirectoryW
GetExitCodeThread
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetModuleHandleExW
SetCurrentDirectoryW
VirtualQuery
GetDiskFreeSpaceExW
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
PeekNamedPipe
TerminateThread
LoadLibraryW
GetVersionExW
SetEvent
QueryPerformanceCounter
SetConsoleTextAttribute
TlsAlloc
VirtualProtect
FlushFileBuffers
lstrcmpiW
RtlUnwind
GetWindowsDirectoryW
GetFileSize
GetStartupInfoW
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
GetConsoleScreenBufferInfo
CreateNamedPipeW
GetProcessHeap
GetTempFileNameW
CompareStringW
GetModuleFileNameW
FindNextFileW
ResetEvent
FindFirstFileW
IsValidLocale
lstrcmpW
FindFirstFileExW
GetProcAddress
ReadConsoleW
GetTempPathW
CreateEventW
CreateFileW
GetFileType
TlsSetValue
ExitProcess
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
GetSystemInfo
GlobalFree
GetConsoleCP
FindResourceW
GetEnvironmentStringsW
GlobalUnlock
GlobalAlloc
lstrlenW
Process32NextW
VirtualFree
WaitForSingleObjectEx
SizeofResource
CompareFileTime
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
CopyFileExW
Process32FirstW
GetCurrentThread
lstrcpynW
GetSystemDefaultLangID
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GlobalLock
GetModuleHandleW
SetStdHandle
IsValidCodePage
FindResourceExW
CreateProcessW
Sleep
VirtualAlloc
GetOEMCP
Number of PE resources by type
RT_STRING 14
RT_DIALOG 13
RT_BITMAP 6
RT_ICON 5
RTF_FILE 2
RT_MENU 2
IMAGE_FILE 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 47
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
14.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.21.1.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
530432

EntryPoint
0xced52

OriginalFileName
PaperSoftwareContractToolsSetup.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2017 Paper Software LLC

FileVersion
1.21.1.0

TimeStamp
2017:05:19 12:53:14+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
PaperSoftwareContractToolsSetup

ProductVersion
1.21.1.0

FileDescription
Paper Software Contract Tools 1.21.1.0 Setup

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Paper Software LLC

CodeSize
1142784

ProductName
Contract Tools

ProductVersionNumber
1.21.1.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 ed7168f6774260640c1b1e07e8428737
SHA1 53c674d29785f19ced68b9763e02a3f9fa1b31ea
SHA256 268820f1a8b068f602161b6cd86213773f23f96544d71588dc33660440fc3ac5
ssdeep
98304:t3ysPQ52s+w/33ysPQ52s+w/cY5A2QyZje5kJhxyBpb94byNonrD0HMGahVV:VyGu+IyGu+STo9qnrwFax

authentihash b4d921d35ccd273213f6ccee14d2fcacbf05f638b4f32a00047c26522c421c05
imphash eea8f1a5703b1f0584012e1cfa48e7f4
File size 9.3 MB ( 9754384 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows ActiveX control (93.1%)
Win32 Executable (generic) (3.6%)
Generic Win/DOS Executable (1.6%)
DOS Executable Generic (1.5%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2017-07-14 16:25:08 UTC ( 4 months, 1 week ago )
Last submission 2017-07-31 10:24:00 UTC ( 3 months, 3 weeks ago )
File names PaperSoftwareContractToolsSetup
PaperSoftwareContractToolsSetup.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs
UDP communications