× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: 7d99bc0f21bdffd249673a170a5c3ff6f04a4ee989086272cdd2abce26f1195e
Dateiname: TextAdventure.exe
Erkennungsrate: 0 / 67
Analyse-Datum: 2018-10-13 14:55:05 UTC ( vor 7 Monate, 2 Wochen ) Zeige Neueste
Antivirus Ergebnis Aktualisierung
Ad-Aware 20181013
AegisLab 20181013
AhnLab-V3 20181013
Alibaba 20180921
ALYac 20181013
Antiy-AVL 20181013
Arcabit 20181013
Avast 20181013
Avast-Mobile 20181013
AVG 20181013
Avira (no cloud) 20181013
Babable 20180918
Baidu 20181012
BitDefender 20181013
Bkav 20181013
CAT-QuickHeal 20181013
ClamAV 20181013
CMC 20181013
Comodo 20181013
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20181013
Cyren 20181013
DrWeb 20181013
eGambit 20181013
Emsisoft 20181013
Endgame 20180730
ESET-NOD32 20181013
F-Prot 20181013
F-Secure 20181013
Fortinet 20181013
GData 20181013
Ikarus 20181013
Sophos ML 20180717
Jiangmin 20181013
K7AntiVirus 20181013
K7GW 20181013
Kaspersky 20181013
Kingsoft 20181013
Malwarebytes 20181013
MAX 20181013
McAfee 20181013
McAfee-GW-Edition 20181013
Microsoft 20181013
eScan 20181013
NANO-Antivirus 20181013
Palo Alto Networks (Known Signatures) 20181013
Panda 20181013
Qihoo-360 20181013
Rising 20181012
SentinelOne (Static ML) 20181011
Sophos AV 20181013
SUPERAntiSpyware 20181013
Symantec 20181012
Symantec Mobile Insight 20181001
TACHYON 20181013
Tencent 20181013
TheHacker 20181011
TrendMicro 20181010
TrendMicro-HouseCall 20181010
Trustlook 20181013
VBA32 20181012
VIPRE 20181013
ViRobot 20181013
Webroot 20181013
Yandex 20181012
Zillya 20181012
ZoneAlarm by Check Point 20181013
Zoner 20181012
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem that targets 64bit architectures.
PE header basic information
Target machine x64
Compilation timestamp 2018-09-25 04:54:23
Entry Point 0x00001500
Number of sections 20
PE sections
Overlays
MD5 2489d7d9f126aa96e8d3ae86c1b5b15a
File type data
Offset 6567424
Size 1239841
Entropy 4.75
PE imports
GetStdHandle
GetFileAttributesA
WaitForSingleObject
CreateTimerQueue
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetVolumeInformationW
GetFileInformationByHandle
IsDBCSLeadByteEx
GetCPInfo
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
LocalFree
FormatMessageW
AddVectoredExceptionHandler
InitializeCriticalSection
TlsGetValue
FormatMessageA
GetFullPathNameW
OutputDebugStringA
GetEnvironmentVariableW
SetLastError
GetSystemTime
ReadConsoleInputA
GetModuleFileNameW
DeleteTimerQueueEx
RtlAddFunctionTable
FindNextVolumeW
SetConsoleCtrlHandler
RtlVirtualUnwind
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
DeleteTimerQueueTimer
GetModuleHandleA
CreateSemaphoreA
SetEnvironmentVariableW
SetUnhandledExceptionFilter
TerminateProcess
SearchPathW
VirtualQuery
GetDiskFreeSpaceExW
SetEndOfFile
GetCurrentThreadId
EnterCriticalSection
PeekNamedPipe
LoadLibraryW
FindVolumeClose
SetEvent
QueryPerformanceCounter
GetTickCount
VirtualProtect
GetStartupInfoA
FlushConsoleInputBuffer
GetProcAddress
GetFileSizeEx
RtlLookupFunctionEntry
ResetEvent
CreateTimerQueueTimer
WaitForMultipleObjects
CreateEventA
GetFileType
RemoveVectoredExceptionHandler
FindFirstVolumeW
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
GetSystemInfo
GetConsoleCP
GetProcessTimes
GetNumaNodeProcessorMask
GetEnvironmentStrings
GetCurrentProcessId
WideCharToMultiByte
QueryPerformanceFrequency
ReleaseSemaphore
SetFilePointer
RtlCaptureContext
CloseHandle
PeekConsoleInputA
GetACP
GetModuleHandleW
GetNumaHighestNodeNumber
SetConsoleMode
VirtualFree
Sleep
VirtualAlloc
MessageBoxA
MessageBoxW
timeEndPeriod
timeBeginPeriod
timeGetDevCaps
recv
send
closesocket
select
WSAGetLastError
__lconv_init
___lc_codepage_func
fclose
_time64
_snwprintf
fflush
_fmode
strtol
fputc
strtok
fwrite
_environ
_wcsdup
wcscmp
_fstat64
_wstat
isspace
_close
_isatty
wcsncmp
_wfopen
_write
memcpy
memmove
signal
_mkdir
strcmp
_fpreset
strncmp
memset
atexit
_setmode
_getpid
ftell
__initenv
exit
strrchr
mbstowcs
_wsopen
_acmdln
free
__getmainargs
strlen
raise
_lseeki64
_read
fseek
strcpy
fputwc
__mb_cur_max
islower
_initterm
isupper
setlocale
realloc
__dllonexit
ldexp
calloc
_assert
fopen
strncpy
_cexit
__C_specific_handler
qsort
_dup
_onexit
wcslen
__setusermatherr
_ctime64
getenv
wcscat
atoi
vfprintf
atof
_wstat64
localeconv
strerror
wcscpy
_beginthreadex
_wsplitpath_s
malloc
fread
abort
fprintf
feof
_amsg_exit
_errno
_utime64
_lock
_get_osfhandle
_strdup
bsearch
_telli64
_unlock
_dup2
fwprintf
_exit
__iob_func
getc
__set_app_type
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
AMD AMD64

FileTypeExtension
exe

TimeStamp
2018:09:25 05:54:23+01:00

FileType
Win64 EXE

PEType
PE32+

CodeSize
1417728

LinkerVersion
2.27

ImageFileCharacteristics
No relocs, Executable, No line numbers, Large address aware

EntryPoint
0x1500

InitializedDataSize
2089472

SubsystemVersion
5.2

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
57856

File identification
MD5 9da2c1c909af73a232f5a3cfcc740b43
SHA1 2339682ad99fbd154a37152f381a66933ea9ce25
SHA256 7d99bc0f21bdffd249673a170a5c3ff6f04a4ee989086272cdd2abce26f1195e
ssdeep
98304:RyVxlJvvikyoM+D4FH5iITr7N0ROu8EgTWqweOkPE6IjTQQLHmrQ8wE5hna2wmC5:RyTJQZCT

authentihash 6c3539e1b7d210f14ddb6798ab1dc856f57190db3f73394b26a46a2810de5406
imphash 703b505af6377ed685afb3389c87b3e5
File size 7.4 MB ( 7807265 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (console) Mono/.Net assembly

TrID Win64 Executable (generic) (82.0%)
OS/2 Executable (generic) (6.0%)
Generic Win/DOS Executable (5.9%)
DOS Executable Generic (5.9%)
VXD Driver (0.0%)
Tags
64bits peexe assembly overlay

VirusTotal metadata
First submission 2018-10-13 14:55:05 UTC ( vor 7 Monate, 2 Wochen )
Last submission 2018-10-13 14:55:05 UTC ( vor 7 Monate, 2 Wochen )
Dateinamen TextAdventure.exe
Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!