Report #93 cancel

  • Creation Date: May 22, 2019, 2:55 p.m.
  • Last Update: May 22, 2019, 2:55 p.m.
  • File: SteamSetup.exe
  • Results:
Binary
DLL
False cancel
Size
1.50MB
trid
41.0% Win32 Executable MS Visual C++
36.3% Win64 Executable
8.6% Win32 Dynamic Link Library
5.9% Win32 Executable
2.6% OS/2 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
81448c2e730b50b597bbd5e43007ce6a
sha1
4b1b85ec2499a4ce07c89609b256923a4fc479e5
crc32
0xa9c4c909
sha224
807179b85ebbf00639f98eed833d7fe96372dfbd521570aade86570b
sha256
3bc6942fe09f10ed3447bccdcf4a70ed369366fef6b2c7f43b541f1a3c5d1c51
sha384
845dcac90e4e10634181744311a6c8ef6852af23032596de9dba4c73325c77dc996376e9f37a725da6801a16b952fe38
sha512
c9125b79012e00fc9ee800592dece583a97756b5f4485c4649f3a11143afa673b4d386af256129032064f158186542bca7da70cd31770cd7eb4a3176c96e7124
ssdeep
24576:QDliBd5TyliR0gWwOvTCU1z3zk51iq449nkU0/1COmcrOqpXzzE2YeshfLKB7:QD8tylwXoTCWi1iq1nkU09lRENhJLKB7
Community
Google
1
HashLib
0
YARA
Matches
domain, contentis_base64, HasDigitalSignature, screenshot, url, HasRichSignature, win_files_operation, android_meterpreter, win_registry, IsPacked, HasOverlay, CRC32_poly_Constant, win_token, IsPE32, escalate_priv, IsWindowsGUI, IP

Suspicious
1

Heuristics
IPs
hasIPs: 1
Allowed: 2.10.91.91, 1, lfbn-ren-1-504-91.w2-10.abo.wanadoo.fr.
Suspicious
hasAllowed: 1
hasSuspicious: 0

URLs
Allowed
hasURLs: 1
Suspicious: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(, http://cacerts.digicert.com/digicertsha2assuredidcodesigningca.crt0, http://ocsp.digicert.com0c, http://crl.thawte.com/thawtetimestampingca.crl0, http://ocsp.digicert.com0n, http://ocsp.thawte.com0, http://crl4.digicert.com/digicertassuredidrootca.crl0:, http://crl3.digicert.com/sha2-assured-cs-g1.crl05, http://nsis.sf.net/nsis_error, http://crl3.digicert.com/digicertassuredidrootca.crl0o, http://cacerts.digicert.com/digicertassuredidrootca.crt0, http://crl4.digicert.com/sha2-assured-cs-g1.crl0k, http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<, https://www.digicert.com/cps0, http://ts-ocsp.ws.symantec.com07
hasAllowed: 0
hasSuspicious: 1

Files
Allowed: %s%S.dll, ADVAPI32.dll, SHELL32.dll, COMCTL32.dll, ole32.dll, USER32.dll, GDI32.dll, KERNEL32.dll
hasFiles: 1
Suspicious: ,\<.TIf
hasAllowed: 1
hasSuspicious: 1

Binary
Sizes
RVA
RVA: 16
Suspicious: 0
Code
Size: 141824
Suspicious: 0
Image
Address: 4194304
Suspicious: 0
Stack
Stack: 4096
Suspicious: 0
Headers
Headers: 1024
Suspicious: 0
Suspicious: 0

Symbols
Number
Number: 0
Suspicious: 1
Pointer
Pointer: 0
Suspicious: 1
Directories
Number: 16
Suspicious: 0

Checksum
Value: 1580420
Suspicous: 0

Sections
Allowed: .text, .rdata, .data, .ndata, .rsrc
Suspicious
hasAllowed: 1
hasSections: 1
hasSuspicious: 0

Versions
OS
Version: 4
Suspicious: 0
Image
Version: False cancel
Suspicious: 4
Linker
Version: 6.0
Suspicious: 0
Subsystem
Version: 4.0
Suspicious: 0
Suspicious: 0

EntryPoint
Address: 13238
Suspicious: 0

Anomalies
Anomalies
hasAnomalies: 0

Libraries
Allowed: advapi32.dll, shell32.dll, comctl32.dll, ole32.dll, user32.dll, gdi32.dll, kernel32.dll
hasLibs: 1
Suspicious: %s%s.dll
hasAllowed: 1
hasSuspicious: 1

Timestamp
Past: 0
Valid: 1
Value: 2016-07-24 21:55:51
Future: 0

Compilation
Packed: 0
Missing: 1
Packers
Compiled: 0
Compilers

Obfuscation
XOR: 0
Fuzzing: 0

Disassembly
hasTricks
1
Tricks
pushret
.rsrc: 12

pushpopmath
.rsrc: 13

ss register
.rsrc: 1

garbagebytes
.rsrc: 6

programcontrolflowchange
.rsrc: 6

AVclass
None
1
VirusTotal
md5
81448c2e730b50b597bbd5e43007ce6a
sha1
4b1b85ec2499a4ce07c89609b256923a4fc479e5
SCANS (DETECTION RATE = 0.00%)
AVG
update: 20190522
version: 18.4.3895.0
detected: False cancel

CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
update: 20190522
version: 2018.9.12.1
detected: False cancel

APEX
update: 20190522
version: 5.20
detected: False cancel

Bkav
update: 20190522
version: 1.3.0.10239
detected: False cancel

K7GW
update: 20190522
version: 11.45.30986
detected: False cancel

ALYac
update: 20190522
version: 1.1.1.5
detected: False cancel

Avast
update: 20190522
version: 18.4.3895.0
detected: False cancel

Avira
update: 20190522
version: 8.3.3.8
detected: False cancel

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
update: 20190522
version: 6.2.0.1
detected: False cancel

DrWeb
update: 20190522
version: 7.0.34.11020
detected: False cancel

GData
update: 20190522
version: A:25.22058B:25.15141
detected: False cancel

Panda
update: 20190522
version: 4.6.4.2
detected: False cancel

VBA32
update: 20190522
version: 4.0.0
detected: False cancel

VIPRE
update: 20190522
version: 75204
detected: False cancel

Zoner
update: 20190522
version: 1.0
detected: False cancel

ClamAV
update: 20190522
version: 0.101.2.0
detected: False cancel

Comodo
update: 20190522
version: 30905
detected: False cancel

F-Prot
update: 20190522
version: 4.7.1.166
detected: False cancel

Ikarus
update: 20190522
version: 0.1.5.2
detected: False cancel

McAfee
update: 20190522
version: 6.0.6.653
detected: False cancel

Rising
update: 20190522
version: 25.0.0.24
detected: False cancel

Sophos
update: 20190522
version: 4.98.0
detected: False cancel

Zillya
update: 20190522
version: 2.0.0.3815
detected: False cancel

Acronis
update: 20190522
version: 1.0.1.48
detected: False cancel

Alibaba
update: 20190513
version: 0.3.0.4
detected: False cancel

Arcabit
update: 20190522
version: 1.0.0.846
detected: False cancel

Babable
update: 20190424
version: 9107201
detected: False cancel

Endgame
update: 20190522
version: 3.0.12
detected: False cancel

FireEye
update: 20190522
version: 29.7.0.0
detected: False cancel

TACHYON
update: 20190522
version: 2019-05-22.02
detected: False cancel

Tencent
update: 20190522
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20190522
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20190522
version: 1.0.0.403
detected: False cancel

eGambit
update: 20190522
version: v4.3.6
detected: False cancel

Ad-Aware
update: 20190522
version: 3.0.5.370
detected: False cancel

AegisLab
update: 20190522
version: 4.2
detected: False cancel

Emsisoft
update: 20190522
version: 2018.4.0.1029
detected: False cancel

F-Secure
update: 20190522
version: 12.0.86.52
detected: False cancel

Fortinet
update: 20190522
version: 5.4.247.0
detected: False cancel

Invincea
update: 20190313
version: 6.3.6.26157
detected: False cancel

Jiangmin
update: 20190522
version: 16.0.100
detected: False cancel

Kingsoft
update: 20190522
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20190522
version: 1.0
detected: False cancel

Symantec
update: 20190522
version: 1.9.0.0
detected: False cancel

Trapmine
update: 20190522
version: 3.1.62.789
detected: False cancel

AhnLab-V3
update: 20190522
version: 3.15.1.23978
detected: False cancel

Antiy-AVL
update: 20190522
version: 3.0.0.1
detected: False cancel

Kaspersky
update: 20190522
version: 15.0.1.13
detected: False cancel

MaxSecure
update: 20190521
version: 1.0.0.1
detected: False cancel

Microsoft
update: 20190522
version: 1.1.15900.4
detected: False cancel

Qihoo-360
update: 20190522
version: 1.0.0.1120
detected: False cancel

TheHacker
update: 20190522
version: 6.8.0.5.4232
detected: False cancel

Trustlook
update: 20190522
version: 1.0
detected: False cancel

ZoneAlarm
update: 20190522
version: 1.0
detected: False cancel

Cybereason
update: 20190417
version: 1.2.449
detected: False cancel

ESET-NOD32
update: 20190522
version: 19398
detected: False cancel

BitDefender
update: 20190522
version: 7.2
detected: False cancel

CrowdStrike
update: 20190212
version: 1.0
detected: False cancel

K7AntiVirus
update: 20190522
version: 11.45.30988
detected: False cancel

SentinelOne
update: 20190511
version: 1.0.26.329
detected: False cancel

Avast-Mobile
update: 20190521
version: 190521-00
detected: False cancel

Malwarebytes
update: 20190522
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20190522
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20190522
version: 14.00
detected: False cancel

NANO-Antivirus
update: 20190521
version: 1.0.134.24826
detected: False cancel

MicroWorld-eScan
update: 20190522
version: 14.0.297.0
detected: False cancel

SUPERAntiSpyware
update: 20190521
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
update: 20190522
version: v2017.3010
detected: False cancel

TrendMicro-HouseCall
update: 20190522
version: 10.0.0.1040
detected: False cancel

total
71
sha256
3bc6942fe09f10ed3447bccdcf4a70ed369366fef6b2c7f43b541f1a3c5d1c51
scan_id
3bc6942fe09f10ed3447bccdcf4a70ed369366fef6b2c7f43b541f1a3c5d1c51-1558546350
resource
81448c2e730b50b597bbd5e43007ce6a
positives
0
scan_date
2019-05-22 17:32:30
verbose_msg
Scan finished, information embedded
response_code
1
Results
Random Forest
detected: TBD
confidence: TBD