× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: 837206da0314cee6354457540e4481e091f33d2b896a8a7938ba698eab4bfab2
Dateiname: rubyPalace_setup_DE.exe
Erkennungsrate: 8 / 47
Analyse-Datum: 2013-06-25 11:13:08 UTC ( vor 5 Jahre, 11 Monate ) Zeige Neueste
Antivirus Ergebnis Aktualisierung
AntiVir GAME/Casino.Gen 20130625
ESET-NOD32 probably a variant of Win32/PrimeCasino 20130625
F-Prot W32/Casino.P.gen!Eldorado 20130625
Fortinet Riskware/CasOnline 20130625
SUPERAntiSpyware PUP.PrimeCasino 20130625
Symantec WS.Reputation.1 20130625
TrendMicro-HouseCall TROJ_GEN.R0CBB01FL13 20130625
VIPRE Casino Software (not malicious) 20130625
Yandex 20130625
AhnLab-V3 20130625
Antiy-AVL 20130625
Avast 20130625
AVG 20130625
BitDefender 20130625
ByteHero 20130613
CAT-QuickHeal 20130625
ClamAV 20130625
Commtouch 20130625
Comodo 20130625
DrWeb 20130625
Emsisoft 20130625
eSafe 20130625
F-Secure 20130625
GData 20130625
Ikarus 20130625
Jiangmin 20130625
K7AntiVirus 20130624
K7GW 20130624
Kaspersky 20130625
Kingsoft 20130506
Malwarebytes 20130625
McAfee 20130625
McAfee-GW-Edition 20130625
Microsoft 20130625
eScan 20130625
NANO-Antivirus 20130625
Norman 20130625
nProtect 20130625
Panda 20130625
PCTools 20130521
Rising 20130625
Sophos AV 20130625
TheHacker 20130625
TotalDefense 20130625
TrendMicro 20130625
VBA32 20130624
ViRobot 20130625
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Publisher Microgaming Software Systems Limited
Product install.exe
Original name install.exe
Internal name MIP
File version 16.6.1.11212
Description Install Program
Signature verification Certificate out of its validity period
Signers
[+] Microgaming Software Systems Limited
Status Certificate out of its validity period
Issuer None
Valid from 12:59 PM 3/24/2011
Valid to 3:25 AM 3/25/2013
Valid usage Code Signing
Algorithm SHA1
Thumbprint C25F84B1CB0DD0B1E7241933B50E6ACE28A9C700
Serial number 4C 16 EC 30
[+] Entrust Code Signing Certification Authority - L1D
Status Valid
Issuer None
Valid from 4:41 PM 11/11/2011
Valid to 9:51 AM 11/12/2021
Valid usage All
Algorithm SHA1
Thumbprint D0D7578B7317228E31D42EDF356A7C64F1050473
Serial number 4C 0E 8C 3A
[+] Entrust (2048)
Status Valid
Issuer None
Valid from 6:50 PM 12/24/1999
Valid to 3:15 PM 7/24/2029
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm SHA1
Thumbprint 503006091D97D4F5AE39F7CBE7927D7D652D3431
Serial number 38 63 DE F8
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-04-15 19:07:06
Entry Point 0x00048018
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
CloseServiceHandle
RegCloseKey
OpenServiceA
RegSetValueExW
FreeSid
RegQueryValueExA
RegOpenKeyExW
RegSetValueExA
GetUserNameA
RegSetValueA
RegEnumKeyW
RegCreateKeyExA
RegOpenKeyExA
RegSetValueW
OpenSCManagerA
RegQueryValueExW
RegQueryValueW
DeleteDC
SelectObject
GetStockObject
GetDIBits
BitBlt
CreateDIBSection
CreateCompatibleDC
DeleteObject
GetVolumePathNameW
GetStdHandle
GetConsoleOutputCP
ReleaseMutex
FileTimeToSystemTime
GetComputerNameA
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
GetFileAttributesW
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
MoveFileA
GetSystemTimeAsFileTime
GetThreadTimes
GlobalMemoryStatusEx
HeapReAlloc
GetStringTypeW
GetFullPathNameA
FreeLibrary
LocalFree
FormatMessageW
ResumeThread
GetLogicalDriveStringsA
GetEnvironmentVariableA
FindClose
InterlockedDecrement
FormatMessageA
OutputDebugStringA
SetLastError
DeviceIoControl
CopyFileW
RemoveDirectoryW
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
GetVolumeInformationA
SetThreadPriority
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetPrivateProfileStringW
CreateMutexA
SetFilePointer
InterlockedExchangeAdd
CreateSemaphoreA
CreateThread
SetFileAttributesA
GetExitCodeThread
SetUnhandledExceptionFilter
GetSystemDirectoryA
MoveFileExA
SetEnvironmentVariableA
GetDiskFreeSpaceExA
WriteConsoleA
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
SetCurrentDirectoryA
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
ExitThread
Process32Next
GetStartupInfoA
GetFileSize
Process32First
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
OpenProcess
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CompareStringW
GetModuleFileNameW
FindFirstFileA
lstrcpyA
CompareStringA
GetTempFileNameA
CreateFileMappingA
FindNextFileA
TerminateProcess
WaitForMultipleObjects
RemoveDirectoryA
GetTimeZoneInformation
CreateFileW
CreateEventA
CopyFileA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
lstrlenA
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
lstrlenW
CreateProcessW
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentProcessId
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetCurrentThread
lstrcpynW
RaiseException
ReleaseSemaphore
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
lstrcpynA
GetACP
GetModuleHandleW
CreateProcessA
WideCharToMultiByte
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
GetOEMCP
VariantChangeType
SafeArrayAccessData
VariantTimeToSystemTime
SysStringLen
SysAllocStringLen
SafeArrayUnaccessData
VariantClear
SysAllocString
VariantCopy
SafeArrayCreateVector
SysFreeString
VariantInit
GetModuleFileNameExA
SHGetFolderPathW
SHChangeNotify
SHGetPathFromIDListW
SHGetSpecialFolderPathA
SHGetSpecialFolderLocation
SHGetMalloc
ShellExecuteA
Shell_NotifyIconA
StrStrA
PathAppendA
PathCanonicalizeA
SHDeleteKeyA
PathAppendW
PathCanonicalizeW
MapWindowPoints
SetFocus
UpdateWindow
SetLayeredWindowAttributes
OffsetRect
DefWindowProcW
DefWindowProcA
ShowWindow
FlashWindowEx
SetWindowPos
GetSystemMetrics
SetWindowLongW
MessageBoxW
GetWindowRect
DispatchMessageA
EnableWindow
PostMessageA
MoveWindow
MessageBoxA
PeekMessageA
ChildWindowFromPoint
SetWindowLongA
wvsprintfA
TranslateMessage
IsWindowEnabled
GetWindowDC
PostThreadMessageA
GetCursorPos
ReleaseDC
GetDlgCtrlID
CreatePopupMenu
RegisterClassW
wsprintfW
IsWindowVisible
SendMessageA
GetClientRect
RegisterClassA
InvalidateRect
wsprintfA
CreateWindowExA
LoadCursorA
LoadIconA
TrackPopupMenu
GetMessageA
SetWindowTextA
GetActiveWindow
AdjustWindowRect
CopyRect
SetActiveWindow
LoadImageA
CreateWindowExW
GetWindowLongW
SetForegroundWindow
AppendMenuW
IsDialogMessageA
DestroyWindow
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
HttpSendRequestA
InternetOpenUrlA
InternetSetOptionA
HttpOpenRequestA
InternetReadFile
InternetCrackUrlW
InternetOpenA
InternetGetLastResponseInfoA
InternetConnectA
InternetQueryOptionA
InternetOpenUrlW
HttpQueryInfoA
InternetCrackUrlA
InternetOpenW
InternetCreateUrlA
InternetCloseHandle
WSAAddressToStringA
getservbyport
htonl
inet_addr
ioctlsocket
WSAStartup
gethostbyname
ntohs
WSACleanup
WSASetLastError
htons
gethostbyaddr
WSAGetLastError
getservbyname
OleUninitialize
CLSIDFromProgID
CoInitialize
OleInitialize
CoCreateInstance
OleSetContainedObject
StringFromIID
OleCreate
CoUninitialize
CoCreateGuid
CoTaskMemFree
CoTaskMemAlloc
CoInternetGetSession
PE exports
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
RT_DIALOG 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH SOUTH AFRICA 3
NEUTRAL 1
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
16.6.1.11212

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
109056

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

FileVersion
16.6.1.11212

TimeStamp
2012:04:15 20:07:06+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
MIP

FileAccessDate
2014:05:28 08:55:46+01:00

ProductVersion
16.6.1.11212

FileDescription
Install Program

OSVersion
5.0

FileCreateDate
2014:05:28 08:55:46+01:00

OriginalFilename
install.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
363520

ProductName
install.exe

ProductVersionNumber
16.6.1.11212

EntryPoint
0x48018

ObjectFileType
Executable application

File identification
MD5 a840614e1554d78a7008acad98cb7a00
SHA1 1e0b65221c930af78043138effa2d82e6918d517
SHA256 837206da0314cee6354457540e4481e091f33d2b896a8a7938ba698eab4bfab2
ssdeep
12288:YPqlDAbt2HGn1dlrRe0eBkjvKghJqmMIAGgCOAVlhNTYzQNzAGEPITRRr:YCrHGn1bYlkjv5hJ3MIA72NxYzQhfEOJ

imphash 38ed31dad96c671d92c152e3a95b84f8
File size 754.9 KB ( 772992 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe signed

VirusTotal metadata
First submission 2013-04-12 13:31:01 UTC ( vor 6 Jahre, 1 Monat )
Last submission 2014-05-28 07:53:13 UTC ( vor 4 Jahre, 12 Monate )
Dateinamen install.exe
aa
gZx4.cpl
a840614e1554d78a7008acad98cb7a00
rubyPalace_setup_DE.exe
ynb5urj.bmp
837206da0314cee6354457540e4481e091f33d2b896a8a7938ba698eab4bfab2
MIP
7fee43c6d97415dd59ac224b9c4cca48bb3ef82e
Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Set keys
Created mutexes
Opened mutexes
Searched windows
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.