Advanced File Analysis System

File Name: StopAd_Installer.exe

File Type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

SHA1: af9b8e0ba0c61c949c9479f15ad2b48e286d3da1

MD5: 6f858290adad6f917a6b7542729ae4b4

CREATED / DROPPED FILES

File Path	Type and Hashes

MATCH YARA RULES

Match Rules

STATIC FILE INFO

File Name:	StopAd_Installer.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
SHA1:	af9b8e0ba0c61c949c9479f15ad2b48e286d3da1
MD5:	6f858290adad6f917a6b7542729ae4b4
First Seen Date:	2018-01-02 19:41:23.058714 ( 2018-01-02 19:41:23.058714 )
Number of Clients Seen:	4
Last Analysis Date:	2018-01-02 19:41:23.058714 ( 2018-01-02 19:41:23.058714 )
Human Expert Analysis Result:	No human expert analysis verdict given to this sample yet.

PE Headers

Property	Value
magic literal enum	3
file type enum	6
debug artifacts	[{u'Path': u'R:\\BuildAgent\\work\\fa7f9fb64e16281d\\Installer\\obj\\Release\\installer.pdb\x00', u'GUID': u'{fa9efffb-8f09-4af1-98f3-7c6bf647dd45}', u'timestamp': u'2017-12-19 14:00:50'}]
number of sections	3
trid	[[49.4, u'Win64 Executable (generic)'], [23.4, u'Windows screen saver'], [11.7, u'Win32 Dynamic Link Library (generic)'], [8.0, u'Win32 Executable (generic)'], [3.5, u'Generic Win/DOS Executable']]
compilation time stamp	0x5A391B92 [Tue Dec 19 14:00:50 2017 UTC]
Translation	0x0000 0x04b0
LegalCopyright	\ufffd 2017 NOVNIFY LIMITED. All rights reserved.
Assembly Version	1.0.280.1
InternalName	installer.exe
FileVersion	1.0.280.1
CompanyName	Novnify
LegalTrademarks
Comments	StopAd Installer
ProductName	StopAd Installer
ProductVersion	1.0.280.1
FileDescription	StopAd Installer
OriginalFilename	installer.exe
entry point	0x53aeee (.text)
machine type	Intel 386 or later - 32Bit
file size	1336944
ssdeep	24576:GrYsbfNopsZxbqJTbwz2FwXaMwxwb4Tp2XCg3kaE5NKwWmdwlYvNb9EeUgaZ:GFopsaJfE2FMCxwb4T8XxATWmClY1b9w
sha256	a933666ddd3e14d73fd322bfe36f114548b1a309b32d32ca12dad369aa03a9b6
exifinfo	[{u'EXE:FileSubtype': 0, u'File:FilePermissions': u'rw-r--r--', u'SourceFile': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/a/f/9/b/af9b8e0ba0c61c949c9479f15ad2b48e286d3da1', u'EXE:OriginalFileName': u'installer.exe', u'EXE:ProductName': u'StopAd Installer', u'EXE:InternalName': u'installer.exe', u'File:MIMEType': u'application/octet-stream', u'File:FileAccessDate': u'2018:01:02 19:40:31+00:00', u'EXE:InitializedDataSize': 39936, u'File:FileModifyDate': u'2018:01:02 19:40:31+00:00', u'EXE:AssemblyVersion': u'1.0.280.1', u'EXE:FileVersionNumber': u'1.0.280.1', u'EXE:FileVersion': u'1.0.280.1', u'File:FileSize': u'1306 kB', u'EXE:CharacterSet': u'Unicode', u'EXE:MachineType': u'Intel 386 or later, and compatibles', u'EXE:FileOS': u'Win32', u'EXE:LegalTrademarks': u'', u'EXE:ProductVersion': u'1.0.280.1', u'EXE:ObjectFileType': u'Executable application', u'File:FileType': u'Win32 EXE', u'EXE:CompanyName': u'Novnify', u'File:FileName': u'af9b8e0ba0c61c949c9479f15ad2b48e286d3da1', u'EXE:ImageVersion': 0.0, u'File:FileTypeExtension': u'exe', u'EXE:OSVersion': 4.0, u'EXE:PEType': u'PE32', u'EXE:TimeStamp': u'2017:12:19 14:00:50+00:00', u'EXE:FileFlagsMask': u'0x003f', u'EXE:LegalCopyright': u'\ufffd 2017 NOVNIFY LIMITED. All rights reserved.', u'EXE:LinkerVersion': 8.0, u'EXE:FileFlags': u'(none)', u'EXE:Subsystem': u'Windows GUI', u'File:Directory': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/a/f/9/b', u'EXE:FileDescription': u'StopAd Installer', u'EXE:EntryPoint': u'0x13aeee', u'EXE:SubsystemVersion': 4.0, u'EXE:CodeSize': 1282048, u'EXE:Comments': u'StopAd Installer', u'File:FileInodeChangeDate': u'2018:01:02 19:40:31+00:00', u'EXE:UninitializedDataSize': 0, u'EXE:LanguageCode': u'Neutral', u'ExifTool:ExifToolVersion': 10.1, u'EXE:ProductVersionNumber': u'1.0.280.1'}]
mime type	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	MD5
.text	0x2000	0x138ef4	0x139000	7.91622682739	982220207fe8b6714471ce245586089f
.rsrc	0x13c000	0x9a00	0x9a00	4.00813111049	2860ee513c0e0a842b555d01931863c6
.reloc	0x146000	0xc	0x200	0.101910425663	df6160779094dd04e93033ac8c37fdbe

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 1294720, u'sha256': u'4710c04a7c9f64b07f7be90c97a805a94c685d3dfe33c584f4af5f652ddd8104', u'type': u'dBase IV DBT of \\200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 64767, next used block 4282318848', u'size': 16936}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 1311672, u'sha256': u'1386f135d6c4e6f01ae77493102ea47a0bcde427b2c0b1cade171e069ae5f4a9', u'type': u'data', u'size': 9640}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 1321328, u'sha256': u'0030c5920e6167cad826b6861a66aa5c0b03a5ffbd46bfc261f9413110fdabea', u'type': u'data', u'size': 4264}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 1325608, u'sha256': u'c10467f62037924e481e893932dddb4479a05050452220a02c0c46e6310693d9', u'type': u'data', u'size': 2440}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 1328064, u'sha256': u'8b8cbe973c52dd1263f642d5c03ef1cdb2d9ca0edd4427a4b0bbe31b994433b4', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1128}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_GROUP_ICON', u'offset': 1329208, u'sha256': u'672569335f397f199e8e5ffd52c221068b0082ae9607e73edb0418832db3e2ac', u'type': u'MS Windows icon resource - 5 icons, 64x64', u'size': 76}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_VERSION', u'offset': 1329300, u'sha256': u'cbe74ad1c2613a68925cdb337deccec5f816a65a82bf5f8acc2f674f7fc2425c', u'type': u'data', u'size': 940}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_MANIFEST', u'offset': 1330256, u'sha256': u'0d68c6942d6266e3bb2b942fe9f5a756ca1543e04488a0ccab0b1642f414b249', u'type': u'XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators', u'size': 3073}

CERTIFICATE VALIDATION

Loading...