× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: 6d302e15208818ffe316e4d8ac7009c1e4dbfba6055b372a15b4d46a92779966
Dateiname: Half-Life 2 DF Uncutpatch Extreme.exe
Erkennungsrate: 0 / 55
Analyse-Datum: 2017-01-23 14:13:10 UTC ( vor 2 Jahre, 3 Monate )
Antivirus Ergebnis Aktualisierung
Ad-Aware 20170123
AegisLab 20170123
AhnLab-V3 20170123
Alibaba 20170122
ALYac 20170123
Antiy-AVL 20170123
Arcabit 20170123
Avast 20170123
AVG 20170123
Avira (no cloud) 20170123
AVware 20170123
Baidu 20170123
BitDefender 20170123
CAT-QuickHeal 20170123
ClamAV 20170123
CMC 20170123
Comodo 20170123
CrowdStrike Falcon (ML) 20161024
Cyren 20170123
DrWeb 20170123
Emsisoft 20170123
ESET-NOD32 20170123
F-Prot 20170123
F-Secure 20170123
Fortinet 20170123
GData 20170123
Ikarus 20170123
Sophos ML 20170111
Jiangmin 20170123
K7AntiVirus 20170123
K7GW 20170123
Kaspersky 20170123
Kingsoft 20170123
Malwarebytes 20170123
McAfee 20170123
McAfee-GW-Edition 20170123
Microsoft 20170123
eScan 20170123
NANO-Antivirus 20170123
nProtect 20170123
Panda 20170122
Qihoo-360 20170123
Rising 20170123
Sophos AV 20170123
SUPERAntiSpyware 20170123
Symantec 20170122
Tencent 20170123
TheHacker 20170117
TrendMicro 20170123
TrendMicro-HouseCall 20170123
Trustlook 20170123
VBA32 20170123
VIPRE 20170123
ViRobot 20170123
WhiteArmor 20170123
Yandex 20170122
Zillya 20170120
Zoner 20170123
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT appended, RAR
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-03-15 06:27:50
Entry Point 0x0000A7B1
Number of sections 5
PE sections
Overlays
MD5 0a590ede0b101434c8cf2f080fdd61ef
File type application/x-rar
Offset 196608
Size 5563164
Entropy 8.00
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
AdjustTokenPrivileges
RegQueryValueExA
SetFileSecurityW
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError
GetDeviceCaps
GetObjectA
DeleteDC
SelectObject
StretchBlt
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetSystemTime
GetLastError
HeapFree
GetStdHandle
SystemTimeToFileTime
ReadFile
FileTimeToSystemTime
lstrlenA
lstrcmpiA
WaitForSingleObject
LoadLibraryA
FreeLibrary
FindNextFileA
HeapAlloc
SetFileTime
GetVersionExA
GetModuleFileNameA
IsDBCSLeadByte
GetCPInfo
GetCurrentProcess
GetDateFormatA
FileTimeToLocalFileTime
GetCurrentDirectoryA
CreateFileMappingA
GetLocaleInfoA
CreateDirectoryA
DeleteFileA
OpenFileMappingA
ExitProcess
MultiByteToWideChar
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
SetFileAttributesA
GetModuleFileNameW
SetFilePointer
GetTempPathA
SetEndOfFile
DosDateTimeToFileTime
CloseHandle
WideCharToMultiByte
MapViewOfFile
GetModuleHandleA
FindNextFileW
GetFileAttributesA
WriteFile
FindFirstFileA
GetTimeFormatA
GetCommandLineA
FindFirstFileW
HeapReAlloc
MoveFileExA
ExpandEnvironmentStringsA
SetEnvironmentVariableA
GetFullPathNameA
MoveFileA
GetFileAttributesW
GetNumberFormatA
UnmapViewOfFile
CreateFileW
GlobalAlloc
LocalFileTimeToFileTime
FindClose
Sleep
GetFileType
SetFileAttributesW
CreateFileA
GetTickCount
FindResourceA
SetCurrentDirectoryA
SetLastError
CompareStringA
VariantInit
SHGetFileInfoA
ShellExecuteExA
SHChangeNotify
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHFileOperationA
SetFocus
MapWindowPoints
GetParent
UpdateWindow
EndDialog
DefWindowProcA
ShowWindow
GetSystemMetrics
LoadBitmapA
SetWindowPos
SendDlgItemMessageA
CharToOemBuffA
IsWindow
GetWindowRect
DispatchMessageA
EnableWindow
SetMenu
SetDlgItemTextA
PostMessageA
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
wvsprintfA
TranslateMessage
DialogBoxParamA
GetWindow
CharUpperA
GetDC
RegisterClassExA
ReleaseDC
SetWindowTextA
DestroyIcon
GetWindowLongA
IsWindowVisible
SendMessageA
GetWindowTextA
GetClientRect
CreateWindowExA
GetDlgItem
OemToCharBuffA
LoadIconA
wsprintfA
FindWindowExA
GetSysColor
LoadCursorA
OemToCharA
LoadStringA
CopyRect
WaitForInputIdle
GetClassNameA
GetMessageA
DestroyWindow
CharToOemA
CreateStreamOnHGlobal
OleUninitialize
CoCreateInstance
OleInitialize
CLSIDFromString
Number of PE resources by type
RT_ICON 9
RT_DIALOG 6
RT_STRING 5
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
GERMAN 11
NEUTRAL DEFAULT 11
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2010:03:15 07:27:50+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
67584

LinkerVersion
9.0

EntryPoint
0xa7b1

InitializedDataSize
128000

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 dcf45b354d35434473b1616a82ee443c
SHA1 f1b010ebab76b446130ff8d8ff94c8f8e1deffdc
SHA256 6d302e15208818ffe316e4d8ac7009c1e4dbfba6055b372a15b4d46a92779966
ssdeep
98304:Ku74r+Vgq4kjNDp/By/CNNwkZ1r/K5jKRAJMoeKKAjHd6u04lTte0WkB5Bo0He4P:yOjjNfNKkZ1OION1VjHd6u04lTgj4k4

authentihash b7d949018bcecef11cf0882697a76aa4958ac5575174cf6fd8dcd533c91e8423
imphash 9402b48d966c911f0785b076b349b5ef
File size 5.5 MB ( 5759772 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2013-07-26 23:44:23 UTC ( vor 5 Jahre, 9 Monate )
Last submission 2017-01-23 14:13:10 UTC ( vor 2 Jahre, 3 Monate )
Dateinamen Half-Life 2 DF Uncutpatch Extreme.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications