× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: e53341a38cf43bb2cbf2162509ee3271a29ba0da8fb16d08354dcae85c082dc8
Dateiname: Star-Fighter v0.26 ALPHA.exe
Erkennungsrate: 0 / 56
Analyse-Datum: 2015-05-02 13:58:14 UTC ( vor 3 Jahre, 8 Monate ) Zeige Neueste
Antivirus Ergebnis Aktualisierung
Ad-Aware 20150502
AegisLab 20150502
Yandex 20150502
AhnLab-V3 20150502
Alibaba 20150502
ALYac 20150502
Antiy-AVL 20150502
Avast 20150502
AVG 20150502
Avira (no cloud) 20150515
AVware 20150502
Baidu-International 20150502
BitDefender 20150502
Bkav 20150425
ByteHero 20150502
CAT-QuickHeal 20150502
ClamAV 20150502
CMC 20150501
Comodo 20150502
Cyren 20150502
DrWeb 20150502
Emsisoft 20150502
ESET-NOD32 20150502
F-Prot 20150502
F-Secure 20150502
Fortinet 20150502
GData 20150502
Ikarus 20150502
Jiangmin 20150430
K7AntiVirus 20150502
K7GW 20150502
Kaspersky 20150502
Kingsoft 20150502
McAfee 20150502
McAfee-GW-Edition 20150501
Microsoft 20150502
eScan 20150502
NANO-Antivirus 20150502
Norman 20150502
nProtect 20150430
Panda 20150502
Qihoo-360 20150502
Rising 20150502
Sophos AV 20150502
SUPERAntiSpyware 20150502
Symantec 20150502
Tencent 20150502
TheHacker 20150501
TotalDefense 20150430
TrendMicro 20150502
TrendMicro-HouseCall 20150502
VBA32 20150501
VIPRE 20150502
ViRobot 20150502
Zillya 20150501
Zoner 20150430
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-11-02 20:44:05
Entry Point 0x00001473
Number of sections 5
PE sections
Overlays
MD5 3b39ed44c5f8cdc471b2d07e2220bb41
File type data
Offset 1331200
Size 928214
Entropy 7.95
PE imports
RegEnumKeyA
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
DirectDrawEnumerateExA
DirectDrawCreateEx
DirectInputCreateEx
AddFontResourceA
DeleteDC
RemoveFontResourceA
SelectObject
GetTextExtentPoint32A
CreateFontA
GetTextMetricsA
GetStockObject
ExtTextOutA
GetCharABCWidthsA
SetBkColor
CreateCompatibleDC
DeleteObject
SetTextColor
GetStdHandle
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
HeapDestroy
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetTempPathA
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
FreeLibrary
InitializeCriticalSection
LoadResource
FindClose
TlsGetValue
SetLastError
GetSystemTime
DeviceIoControl
GetEnvironmentVariableA
CopyFileA
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
QueryPerformanceFrequency
EnumSystemLocalesA
SetThreadPriority
InterlockedDecrement
MultiByteToWideChar
SetFilePointer
CreateThread
SetEnvironmentVariableW
SetUnhandledExceptionFilter
GetSystemDirectoryA
SetEnvironmentVariableA
TerminateProcess
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
SetCurrentDirectoryA
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
SetEvent
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetProcAddress
CompareStringW
VirtualLock
FindFirstFileA
CompareStringA
FindNextFileA
IsValidLocale
GetUserDefaultLCID
GetTimeZoneInformation
CreateEventA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
LCMapStringA
GetEnvironmentStringsW
RemoveDirectoryA
OpenFile
FileTimeToLocalFileTime
GetEnvironmentStrings
LockResource
GetCurrentDirectoryA
HeapSize
GetCommandLineA
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetVersion
WideCharToMultiByte
IsValidCodePage
HeapCreate
VirtualFree
Sleep
IsBadReadPtr
IsBadCodePtr
FindResourceA
VirtualAlloc
GetOEMCP
ResetEvent
acmStreamClose
acmStreamOpen
acmStreamUnprepareHeader
acmFormatSuggest
acmStreamPrepareHeader
acmStreamConvert
acmStreamSize
ShellExecuteA
GetMessageA
MapVirtualKeyA
RegisterClassA
UpdateWindow
PostMessageA
EndDialog
BeginPaint
MoveWindow
DefWindowProcA
KillTimer
SetTimer
ScreenToClient
ShowWindow
SetWindowPos
SendDlgItemMessageA
GetSystemMetrics
GetWindowRect
DispatchMessageA
EndPaint
SetCapture
ReleaseCapture
MessageBoxA
PeekMessageA
SetWindowLongA
DialogBoxParamA
GetCursorPos
SystemParametersInfoA
SetWindowTextA
UnregisterClassA
GetForegroundWindow
GetWindowTextA
GetClientRect
ToAscii
SetCursorPos
CharLowerBuffA
ClientToScreen
InvalidateRect
GetWindowLongA
CreateWindowExA
LoadCursorA
ShowCursor
GetDesktopWindow
EnableWindow
SetForegroundWindow
GetDlgItem
DestroyWindow
SetCursor
timeKillEvent
waveOutReset
waveInOpen
mixerSetControlDetails
mixerGetLineInfoA
waveOutGetDevCapsA
mciGetErrorStringA
mixerGetLineControlsA
waveOutGetPosition
timeBeginPeriod
timeEndPeriod
mixerGetNumDevs
waveOutOpen
waveInPrepareHeader
waveInGetDevCapsA
waveOutGetNumDevs
waveOutClose
waveInAddBuffer
timeGetTime
waveInClose
timeGetDevCaps
waveInGetNumDevs
mixerOpen
waveOutUnprepareHeader
mixerClose
waveOutPrepareHeader
waveInUnprepareHeader
timeSetEvent
mixerGetControlDetailsA
waveInStart
waveOutWrite
mciSendCommandA
waveInReset
htonl
accept
ioctlsocket
WSAStartup
connect
getsockname
htons
inet_ntoa
WSAGetLastError
closesocket
ntohl
inet_addr
send
ntohs
select
listen
__WSAFDIsSet
WSACleanup
gethostbyname
getpeername
recv
setsockopt
socket
bind
recvfrom
sendto
DirectXFileCreate
CoUninitialize
CLSIDFromString
CoCreateInstance
CoInitialize
PE exports
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
RT_DIALOG 1
RT_RCDATA 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2004:11:02 21:44:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
1044480

LinkerVersion
6.0

EntryPoint
0x1473

InitializedDataSize
507904

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 22d29b85296e939c59fa60fac94fbba4
SHA1 8c540b1094f02e1c3b5b3ac6fa6d55c42f97a3de
SHA256 e53341a38cf43bb2cbf2162509ee3271a29ba0da8fb16d08354dcae85c082dc8
ssdeep
24576:VBF1HiJgiEH4Bp6QEnpg3HBaMQCI9lYoz6CLQ/tjtEMAIkFIrt8cNL972g4gvv0l:VBOvdPC92Y0/tjtEfIUIRTNL4AkAFRcr

authentihash 0cdfdec7da7b5d277c57123717d49f001af3c999c6801fe706d4d4f3d990b453
imphash 0f9edac589bff5e9e91021c64000ebce
File size 2.2 MB ( 2259414 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows screen saver (46.4%)
Win32 Dynamic Link Library (generic) (23.3%)
Win32 Executable (generic) (15.9%)
Generic Win/DOS Executable (7.1%)
DOS Executable Generic (7.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-05-02 13:58:14 UTC ( vor 3 Jahre, 8 Monate )
Last submission 2015-05-02 13:58:14 UTC ( vor 3 Jahre, 8 Monate )
Dateinamen Star-Fighter v0.26 ALPHA.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications