× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4c5c634221c6a77cd4f39bdd00cfe5cbf306bb0ef491c3a67a898b57b5b21075
File name: PDQDeploy_11_2_0_0_f4a87c93-3d5b-4845-be29-86ca9d6d6841.exe
Detection ratio: 0 / 32
Analysis date: 2016-11-08 08:29:42 UTC ( 10 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware 20161108
AegisLab 20161108
AhnLab-V3 20161108
Alibaba 20161108
ALYac 20161108
Antiy-AVL 20161108
Arcabit 20161108
Avast 20161108
AVG 20161108
Avira (no cloud) 20161107
AVware 20161108
Baidu 20161107
BitDefender 20161108
Bkav 20161107
CAT-QuickHeal 20161108
ClamAV 20161108
CMC 20161108
Comodo 20161108
CrowdStrike Falcon (ML) 20161024
Cyren 20161108
DrWeb 20161108
Emsisoft 20161108
ESET-NOD32 20161108
F-Prot 20161108
F-Secure 20161108
Fortinet 20161108
GData 20161108
Ikarus 20161107
Sophos ML 20161018
Jiangmin 20161108
K7AntiVirus 20161108
K7GW 20161108
Kaspersky 20161108
Kingsoft 20161108
Malwarebytes 20161108
McAfee 20161108
McAfee-GW-Edition 20161108
Microsoft 20161108
eScan 20161108
NANO-Antivirus 20161108
nProtect 20161108
Panda 20161107
Qihoo-360 20161108
Rising 20161108
Sophos AV 20161108
SUPERAntiSpyware 20161108
Symantec 20161108
Tencent 20161108
TheHacker 20161106
TrendMicro 20161108
TrendMicro-HouseCall 20161108
VBA32 20161105
VIPRE 20161108
ViRobot 20161108
Yandex 20161107
Zillya 20161107
Zoner 20161108
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2010-2016

Product PDQ Deploy
Original name PDQDeploySetup.exe
Internal name PDQDeploySetup.exe
File version 11.2.0.0
Description PDQ Deploy Install
Signature verification Signed file, verified signature
Signing date 9:01 PM 9/21/2016
Signers
[+] Admin Arsenal
Status Valid
Issuer Symantec Class 3 SHA256 Code Signing CA
Valid from 1:00 AM 7/3/2015
Valid to 12:59 AM 10/2/2017
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 6DC9385655095C7FE4A83BC67D810F8A7670788E
Serial number 28 F9 EE D5 0B 32 F2 CD 98 CD F7 01 69 6C AE CF
[+] Symantec Class 3 SHA256 Code Signing CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 12/10/2013
Valid to 12:59 AM 12/10/2023
Valid usage Client Auth, Code Signing
Algorithm sha256RSA
Thumbprint 007790F6561DAD89B0BCD85585762495E358F8A5
Serial number 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT 7Z
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-09-21 20:00:47
Entry Point 0x000026C0
Number of sections 6
PE sections
Overlays
MD5 d03e254e206ef22165e23f8eb3c2c8d3
File type data
Offset 42014208
Size 6064
Entropy 7.34
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegQueryValueExW
RegOpenKeyW
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetSystemTimeAsFileTime
EnterCriticalSection
LCMapStringW
OutputDebugStringW
GetModuleFileNameW
WaitForSingleObject
GetExitCodeProcess
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetOEMCP
GetEnvironmentStringsW
FlushFileBuffers
GetFileAttributesW
GetCommandLineW
RtlUnwind
FindFirstFileExW
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
LockResource
IsValidCodePage
GetCPInfo
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
SetFilePointerEx
FreeEnvironmentStringsW
CreateDirectoryW
DeleteFileW
GetProcAddress
InitializeSListHead
HeapSize
GetTempFileNameW
SetStdHandle
RaiseException
WriteConsoleW
WideCharToMultiByte
TlsFree
ExpandEnvironmentStringsW
FindNextFileW
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
GetCommandLineA
TerminateProcess
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
FreeLibrary
FormatMessageW
GetTempPathW
GetConsoleCP
GetModuleHandleExW
SetCurrentDirectoryW
LoadResource
FindResourceW
CreateFileW
CreateProcessW
FindClose
TlsGetValue
GetFileType
TlsSetValue
HeapAlloc
GetCurrentThreadId
GetProcessHeap
GetEnvironmentVariableW
SetLastError
LeaveCriticalSection
MessageBoxW
SendMessageW
EndDialog
DialogBoxParamW
LoadIconW
GetDlgItem
Number of PE resources by type
RT_ICON 6
BIN 3
RT_DIALOG 2
RT_MANIFEST 1
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 11
NEUTRAL 3
ENGLISH AUS 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
14.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
11.2.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
41950720

EntryPoint
0x26c0

OriginalFileName
PDQDeploySetup.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2010-2016

FileVersion
11.2.0.0

TimeStamp
2016:09:21 21:00:47+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
PDQDeploySetup.exe

ProductVersion
11.2.0.0

FileDescription
PDQ Deploy Install

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Admin Arsenal

CodeSize
66560

ProductName
PDQ Deploy

ProductVersionNumber
11.2.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 e437517c0d01e5ec581f57f03a041047
SHA1 70b3ccd183ffad7bfa406c071b8795138815e5dc
SHA256 4c5c634221c6a77cd4f39bdd00cfe5cbf306bb0ef491c3a67a898b57b5b21075
ssdeep
786432:8mt0+BhKT8m9vbsmvX1Brqq4odd7/K5RUDdWCAAjIDY7kZhvlcIlklCBM/MLSAQk:71HKT8m9sOFhFp/KrULjyTZh2WklH/iF

authentihash c5db425af8db2721e449605497c83b99d91cb543a4118e680469c66375027f81
imphash 5ceb6ccbada156aacb912a837bc37c6d
File size 40.1 MB ( 42020272 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2016-09-22 11:19:01 UTC ( 12 months ago )
Last submission 2017-05-19 12:13:30 UTC ( 4 months ago )
File names PDQDeploy.11.2.0.0.exe
PDQDeploy.11.2.0.0.exe
PDQDeploy_11_2_0_0_f4a87c93-3d5b-4845-be29-86ca9d6d6841.exe
PDQDeploy.11.2.0.0.exe
PDQDeploy.11.2.0.0.exe
PDQDeploy.11.2.0.0.exe
PDQDeploy.11.2.0.0.exe
PDQDeploy.11.2.0.0.exe
PDQDeploySetup.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!