× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: f8e937491471aa005c4891ab128cfadb4d96f858fbe0f932de291eb68185e673
Dateiname: b32_tracksandgaps.exe
Erkennungsrate: 0 / 56
Analyse-Datum: 2016-10-16 21:20:02 UTC ( vor 9 Monate, 1 Woche )
Antivirus Ergebnis Aktualisierung
Ad-Aware 20161016
AegisLab 20161016
AhnLab-V3 20161016
Alibaba 20161014
ALYac 20161016
Antiy-AVL 20161016
Arcabit 20161016
Avast 20161016
AVG 20161016
Avira (no cloud) 20161016
AVware 20161016
Baidu 20161015
BitDefender 20161016
Bkav 20161015
CAT-QuickHeal 20161015
ClamAV 20161016
CMC 20161016
Comodo 20161016
CrowdStrike Falcon (ML) 20160725
Cyren 20161016
DrWeb 20161016
Emsisoft 20161016
ESET-NOD32 20161016
F-Prot 20161016
F-Secure 20161016
Fortinet 20161016
GData 20161016
Ikarus 20161016
Sophos ML 20160928
Jiangmin 20161016
K7AntiVirus 20161016
K7GW 20161016
Kaspersky 20161016
Kingsoft 20161016
Malwarebytes 20161016
McAfee 20161016
McAfee-GW-Edition 20161016
Microsoft 20161016
eScan 20161016
NANO-Antivirus 20161016
nProtect 20161016
Panda 20161016
Qihoo-360 20161016
Rising 20161016
Sophos AV 20161016
SUPERAntiSpyware 20161016
Symantec 20161016
Tencent 20161016
TheHacker 20161016
TrendMicro 20161016
TrendMicro-HouseCall 20161016
VBA32 20161014
VIPRE 20161016
ViRobot 20161016
Yandex 20161016
Zillya 20161016
Zoner 20161016
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright

Product Tracks & Gaps - New Beetle
File version
Description Tracks & Gaps - New Beetle Setup
Comments This installation was built with Inno Setup.
Packers identified
F-PROT INNO
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00009C40
Number of sections 8
PE sections
Overlays
MD5 7540280e7f3b2e6b4bd3c655927e1446
File type data
Offset 163328
Size 1698847
Entropy 8.00
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
CreateDirectoryA
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetLocaleInfoA
LocalAlloc
LockResource
IsDBCSLeadByte
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
CloseHandle
GetACP
GetFullPathNameA
LocalFree
CreateProcessA
GetModuleFileNameA
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
FindResourceA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_ICON 22
RT_STRING 6
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 25
NEUTRAL 7
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
This installation was built with Inno Setup.

LinkerVersion
2.25

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
124416

EntryPoint
0x9c40

MIMEType
application/octet-stream

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

ProductVersion
1.1

FileDescription
Tracks & Gaps - New Beetle Setup

OSVersion
1.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
HC-Online, LLC

CodeSize
37888

ProductName
Tracks & Gaps - New Beetle

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 ed158a918829b9cb545cdb3c955a718c
SHA1 90d1ceba4a2e15f61b5f8970bbf64d841fa3313b
SHA256 f8e937491471aa005c4891ab128cfadb4d96f858fbe0f932de291eb68185e673
ssdeep
49152:1aTyo7VJynsPjwcuZWZQcQIaJng18x+ZjCjJApy1:UT7OsPMcomQpI+gY+Zw7

authentihash 776498c935848dc2f3d15121dcc58a6a5bece9d6d1befda98fa66b51ae5b3420
imphash 884310b1928934402ea6fec1dbd3cf5e
File size 1.8 MB ( 1862175 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (81.5%)
Win32 Executable Delphi generic (10.5%)
Win32 Executable (generic) (3.3%)
Win16/32 Executable Delphi generic (1.5%)
Generic Win/DOS Executable (1.4%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-12-22 14:34:51 UTC ( vor 4 Jahre, 7 Monate )
Last submission 2016-10-16 21:20:02 UTC ( vor 9 Monate, 1 Woche )
Dateinamen f8e937491471aa005c4891ab128cfadb4d96f858fbe0f932de291eb68185e673
b32_tracksandgaps.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.