× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: 6eaf2375c772257ad642b72bcc6d2d2efcf87923a242b4d7c66cfed27d5b8d91
Имя файла: ClassicShellSetup_4_3_0-ru.exe
Показатель выявления: 0 / 63
Дата анализа: 2017-07-27 11:18:08 UTC (1 день, 5 часов назад)
Антивирус Результат Дата обновления
Ad-Aware 20170727
AegisLab 20170727
AhnLab-V3 20170727
Alibaba 20170727
ALYac 20170727
Antiy-AVL 20170727
Arcabit 20170727
Avast 20170727
AVG 20170727
Avira (no cloud) 20170727
AVware 20170721
Baidu 20170727
BitDefender 20170727
Bkav 20170727
CAT-QuickHeal 20170727
ClamAV 20170727
CMC 20170727
Comodo 20170727
CrowdStrike Falcon (ML) 20170710
Cylance 20170727
Cyren 20170727
DrWeb 20170727
Emsisoft 20170727
Endgame 20170721
ESET-NOD32 20170727
F-Prot 20170727
F-Secure 20170727
Fortinet 20170727
GData 20170727
Ikarus 20170727
Sophos ML 20170607
Jiangmin 20170727
K7AntiVirus 20170727
K7GW 20170727
Kaspersky 20170727
Kingsoft 20170727
Malwarebytes 20170727
MAX 20170727
McAfee 20170727
McAfee-GW-Edition 20170726
Microsoft 20170727
eScan 20170727
NANO-Antivirus 20170727
nProtect 20170727
Palo Alto Networks (Known Signatures) 20170727
Panda 20170727
Qihoo-360 20170727
Rising 20170727
SentinelOne (Static ML) 20170718
Sophos AV 20170727
SUPERAntiSpyware 20170727
Symantec 20170727
Symantec Mobile Insight 20170727
Tencent 20170727
TheHacker 20170727
TrendMicro 20170727
TrendMicro-HouseCall 20170727
Trustlook 20170727
VBA32 20170727
VIPRE 20170727
ViRobot 20170727
Webroot 20170727
Yandex 20170726
Zillya 20170726
ZoneAlarm by Check Point 20170727
Zoner 20170727
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2009-2016, Ivo Beltchev

Product Classic Shell
Original name ClassicShellSetup.exe
Internal name ClassicShellSetup
File version 4, 3, 0, 0
Description Adds classic shell features to Windows 7 and Windows 8
Signature verification Signed file, verified signature
Signing date 5:26 PM 7/30/2016
Signers
[+] Ivaylo Beltchev
Status Valid
Issuer StartCom Class 2 Object CA
Valid from 10:54 AM 5/17/2016
Valid to 10:54 AM 5/17/2018
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 51EEB0ABE52D44A01A548C296346F29BE211CC30
Serial number 18 21 3F EE 20 90 9C 5F C5 A5 30 BD 24 79 CF 37
[+] StartCom Class 2 Object CA
Status Valid
Issuer StartCom Certification Authority
Valid from 2:00 AM 12/16/2015
Valid to 2:00 AM 12/16/2030
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 1F6421C176CF03ED52CC37F21B587F166CEB828B
Serial number 6C 3B D2 7E DD 3C 94 9E 95 8E 28 A9 B3 C7 57 A0
[+] StartCom Certification Authority
Status Valid
Issuer StartCom Certification Authority
Valid from 8:46 PM 9/17/2006
Valid to 8:46 PM 9/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbprint 3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F
Serial number 01
Counter signers
[+] StartCom Time Stamping Signer
Status Valid
Issuer StartCom Class 3 Primary Intermediate Object CA
Valid from 2:00 AM 12/28/2015
Valid to 2:00 AM 10/12/2022
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint CD78DC95DE34612F8893B35B2C71489A8B6002D1
Serial number 60 2B 71 7F 8B BA 95 76 CC 0B 59 C7 92 76 D4 82
[+] StartCom Class 3 Primary Intermediate Object CA
Status Valid
Issuer StartCom Certification Authority
Valid from 11:03 PM 10/14/2007
Valid to 11:03 PM 10/14/2022
Valid usage All
Algorithm sha256RSA
Thumbrint F960E82855F1C52C8B162DD93EDA220B3DFF1389
Serial number 1B 86 12 67 7A E1 9D
[+] StartCom Certification Authority
Status Valid
Issuer StartCom Certification Authority
Valid from 8:46 PM 9/17/2006
Valid to 8:46 PM 9/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbrint 3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F
Serial number 01
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-07-30 16:26:06
Entry Point 0x00003AC0
Number of sections 5
PE sections
Overlays
MD5 facffcdc98af37fe26eac3c8e75d77bb
File type data
Offset 7557120
Size 8464
Entropy 7.38
PE imports
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
InitCommonControlsEx
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
GetConsoleOutputCP
SetHandleCount
GetModuleFileNameW
WaitForSingleObject
GetExitCodeProcess
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
VirtualFree
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetLocaleInfoA
GetConsoleMode
HeapSize
GetCurrentProcessId
LCMapStringW
OpenProcess
LockResource
GetCommandLineW
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
DeleteFileW
GetProcAddress
GetStringTypeA
GetFileType
SetStdHandle
RaiseException
GetCPInfo
SetEnvironmentVariableW
TlsFree
SetFilePointer
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
GetOEMCP
TerminateProcess
GetConsoleCP
LCMapStringA
WriteConsoleA
VirtualAlloc
IsValidCodePage
LoadResource
FindResourceW
CreateFileW
CreateProcessW
TlsGetValue
Sleep
SetLastError
GetTickCount
TlsSetValue
CreateFileA
GetCurrentThreadId
GetVersion
LeaveCriticalSection
ExitProcess
HeapCreate
WriteConsoleW
InterlockedIncrement
CommandLineToArgvW
DoEnvironmentSubstW
GetWindowThreadProcessId
MessageBoxW
EndDialog
CharUpperW
DialogBoxParamW
FindWindowW
LoadStringW
GetDlgItemTextW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
Number of PE resources by type
RT_ICON 5
RT_STRING 3
MSI_FILE 3
RT_DIALOG 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 15
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.3.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Unicode

InitializedDataSize
7505920

EntryPoint
0x3ac0

OriginalFileName
ClassicShellSetup.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2009-2016, Ivo Beltchev

FileVersion
4, 3, 0, 0

TimeStamp
2016:07:30 17:26:06+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ClassicShellSetup

ProductVersion
4, 3, 0, 0

FileDescription
Adds classic shell features to Windows 7 and Windows 8

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
IvoSoft

CodeSize
50176

ProductName
Classic Shell

ProductVersionNumber
4.3.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 17472cf215e45ba27bd4898c844bd837
SHA1 2d6c643f5bdab3408fb9f8ab5220b1347ecf7cc0
SHA256 6eaf2375c772257ad642b72bcc6d2d2efcf87923a242b4d7c66cfed27d5b8d91
ssdeep
196608:qk0ZD3wcaIwiTBAFuKO8DCNiaiVi/ucrz+yOQJz4CNiZiHjl6QyD:qkyDglIOFm8G7XNTo

authentihash b9425abb55934598f38ca37895e68cb3d886fc6a3f1f61d44c172ea808744ec5
imphash 846beeaaa47aac39313849b60d047ffe
Размер файла 7.2 MБ ( 7565584 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2016-07-30 21:39:31 UTC (12 месяцев назад)
Last submission 2017-07-27 11:18:08 UTC (1 день, 5 часов назад)
Имена файлов ClassicShellSetup_4_3_0-ru (1).exe
2d6c643f5bdab3408fb9f8ab5220b1347ecf7cc0
ClassicShellSetup_4_3_0-RU.ВысокоНастрМенюЗапуска.exe
ClassicShellSetup_4_3_0-ru == классическое меню Пуск в Windows 8.exe
ClassicShellSetup_4_3_0-ru.exe
ClassicShellSetup_4_3_0-ru_sweet211.ru.exe
ClassicShellSetup
Classic Shell 4.3.0.exe
ClassicShellSetup_4_3_0-ru.exe
ClassicShellSetup_4_3_0-ru.exe
ClassicShellSetup_4_3_0-ru.exe
ClassicShell 4.3.0.exe
17472cf215e45ba27bd4898c844bd837
classicshellsetup_4_3_0-ru.exe
ClassicShell_4.3.0_Rus_Setup_30.07.2016.exe
ClassicShellSetup-ru.exe
ClassicShellSetup430ru.exe
ClassicShellSetup_4_3_0-ru.exe
ClassicShellSetup.exe
ClassicShellSetup_4_3_0-ru.exe
Classic Shell 4.3.0 Final.exe
ClassicShell 4.3.0.exe
ClassicShellSetup_4_3_0-ru.exe
ClassicShellSetup.4.3.0.ru.exe
rsload.net.ClassicShellSetup_4_3_0-ru.exe
Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications