× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 815ab3cbea9f3de68628f7aa162d0a85704c7627304591017d1edd0ceadb65a3
File name: Disable Windows 10 Spying v1.0 Setup.exe
Detection ratio: 0 / 56
Analysis date: 2016-04-26 22:25:44 UTC ( 8 luni, 4 săptămâni ago ) View latest
Antivirus Result Update
ALYac 20160426
AVG 20160426
AVware 20160426
Ad-Aware 20160426
AegisLab 20160426
AhnLab-V3 20160426
Alibaba 20160426
Antiy-AVL 20160426
Arcabit 20160426
Avast 20160426
Avira (no cloud) 20160426
Baidu 20160426
Baidu-International 20160426
BitDefender 20160426
Bkav 20160426
CAT-QuickHeal 20160426
CMC 20160425
ClamAV 20160426
Comodo 20160426
Cyren 20160426
DrWeb 20160426
ESET-NOD32 20160426
Emsisoft 20160426
F-Prot 20160426
F-Secure 20160426
Fortinet 20160425
GData 20160426
Ikarus 20160426
Jiangmin 20160426
K7AntiVirus 20160426
K7GW 20160426
Kaspersky 20160426
Kingsoft 20160426
Malwarebytes 20160426
McAfee 20160426
McAfee-GW-Edition 20160426
eScan 20160426
Microsoft 20160426
NANO-Antivirus 20160426
Panda 20160426
Qihoo-360 20160426
Rising 20160426
SUPERAntiSpyware 20160426
Sophos 20160426
Symantec 20160426
Tencent 20160426
TheHacker 20160426
TrendMicro 20160426
TrendMicro-HouseCall 20160426
VBA32 20160425
VIPRE 20160426
ViRobot 20160426
Yandex 20160426
Zillya 20160426
Zoner 20160426
nProtect 20160426
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright

Product Disable Windows 10 Spying v1.0
File version
Description Disable Windows 10 Spying v1.0 Setup
Comments This installation was built with Inno Setup.
Packers identified
F-PROT INNO
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0000A5F8
Number of sections 8
PE sections
Overlays
MD5 6ffa11d993c961bd97d5fc48b3d555d5
File type data
Offset 56832
Size 2781822
Entropy 7.93
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
CreateDirectoryA
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetLocaleInfoA
LocalAlloc
LockResource
IsDBCSLeadByte
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
CloseHandle
GetACP
GetFullPathNameA
LocalFree
CreateProcessA
GetModuleFileNameA
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
FindResourceA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 4
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
DUTCH 4
ENGLISH US 3
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
This installation was built with Inno Setup.

LinkerVersion
2.25

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
17920

EntryPoint
0xa5f8

MIMEType
application/octet-stream

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

ProductVersion
v1.0

FileDescription
Disable Windows 10 Spying v1.0 Setup

OSVersion
1.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
40448

ProductName
Disable Windows 10 Spying v1.0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
File identification
MD5 d8a965a6d9055cf7a4c75782f5302ce4
SHA1 1def86b91645e9cf99febb879c5624349827d1a5
SHA256 815ab3cbea9f3de68628f7aa162d0a85704c7627304591017d1edd0ceadb65a3
ssdeep
49152:p9Ue5GLZrforc7t+Fy90wiKIVouwQkhGeBhNCyz9it2wsnt/gATgfdkEtqK2Fcm:3/5U96c7tSe0wITwQID4p+lBekEYK2FJ

authentihash 4b9c7dd50bca98d743cee89a09f74d809fc17f2d33956c857c8f037da49253dc
imphash 884310b1928934402ea6fec1dbd3cf5e
File size 2.7 MO ( 2838654 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (59.5%)
InstallShield setup (23.3%)
Win32 Executable Delphi generic (7.7%)
Win32 Dynamic Link Library (generic) (3.5%)
Win32 Executable (generic) (2.4%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-04-26 22:25:44 UTC ( 8 luni, 4 săptămâni ago )
Last submission 2016-07-16 02:50:59 UTC ( 6 luni, 1 săptămână ago )
File names 1.exe
Disable Windows 10 Spying v1.0 Setup.exe
Disable Windows 10 Spying v1.0.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Runtime DLLs
UDP communications