× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 07d4be61fc1083c5691bd408d2c0a433d28fd8778046f19a6dc7f7c644eb7e48
File name: TESV.exe
Detection ratio: 0 / 66
Analysis date: 2018-04-24 16:43:44 UTC ( 1 year ago )
Antivirus Result Update
Ad-Aware 20180424
AegisLab 20180424
AhnLab-V3 20180424
Alibaba 20180424
ALYac 20180424
Antiy-AVL 20180418
Arcabit 20180424
Avast 20180424
Avast-Mobile 20180424
AVG 20180424
Avira (no cloud) 20180424
AVware 20180424
Babable 20180406
Baidu 20180424
BitDefender 20180424
Bkav 20180424
CAT-QuickHeal 20180424
ClamAV 20180424
CMC 20180424
Comodo 20180424
CrowdStrike Falcon (ML) 20180418
Cybereason None
Cylance 20180424
Cyren 20180424
DrWeb 20180424
eGambit 20180424
Emsisoft 20180424
Endgame 20180403
ESET-NOD32 20180424
F-Prot 20180424
F-Secure 20180424
Fortinet 20180424
GData 20180424
Ikarus 20180424
Sophos ML 20180121
Jiangmin 20180424
K7AntiVirus 20180424
K7GW 20180424
Kaspersky 20180424
Kingsoft 20180424
Malwarebytes 20180424
MAX 20180424
McAfee 20180424
McAfee-GW-Edition 20180423
Microsoft 20180424
eScan 20180424
NANO-Antivirus 20180424
nProtect 20180424
Palo Alto Networks (Known Signatures) 20180424
Panda 20180424
Qihoo-360 20180424
Rising 20180424
SentinelOne (Static ML) 20180225
Sophos AV 20180424
SUPERAntiSpyware 20180424
Symantec 20180424
Symantec Mobile Insight 20180419
Tencent 20180424
TheHacker 20180423
TrendMicro 20180424
TrendMicro-HouseCall 20180424
Trustlook 20180424
VBA32 20180424
VIPRE 20180424
ViRobot 20180424
Webroot 20180424
Yandex 20180424
Zillya 20180424
ZoneAlarm by Check Point 20180424
Zoner 20180424
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product TESV: Skyrim
Original name TESV.exe
Internal name Skyrim
File version 1.9.32.0
Description Skyrim
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-15 19:56:21
Entry Point 0x00B568A1
Number of sections 6
PE sections
PE imports
RegCloseKey
GetUserNameA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
DirectInput8Create
CreateDCA
ExtEscape
DeleteDC
GetStockObject
GetStdHandle
GetConsoleOutputCP
ReleaseMutex
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
DebugBreak
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetDiskFreeSpaceExA
GetConsoleMode
GetLocaleInfoA
lstrcatA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetFileTime
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
GetCommandLineA
GlobalMemoryStatusEx
HeapReAlloc
GetStringTypeW
GetFullPathNameA
FreeLibrary
LocalFree
MoveFileA
ResumeThread
InitializeCriticalSection
FindClose
InterlockedDecrement
FormatMessageA
OutputDebugStringA
SetLastError
PeekNamedPipe
CopyFileA
ExitProcess
FlushFileBuffers
GetModuleFileNameA
RaiseException
EnumSystemLocalesA
GetPrivateProfileStringA
SetThreadPriority
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SystemTimeToTzSpecificLocalTime
SetFilePointerEx
CreateMutexA
GetModuleHandleA
InterlockedExchangeAdd
CreateSemaphoreA
CreateThread
GetExitCodeThread
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
SetThreadIdealProcessor
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
VirtualQuery
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
SleepEx
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
SetEvent
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
ExitThread
GetStartupInfoA
GetDateFormatA
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetFileAttributesExA
GetProcAddress
GetProcessHeap
CompareStringW
GetFileSizeEx
GetFileInformationByHandle
FindFirstFileA
lstrcpyA
ResetEvent
GetComputerNameA
FindNextFileA
IsValidLocale
WaitForMultipleObjects
GetUserDefaultLCID
GetTimeZoneInformation
CreateEventA
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
GetSystemInfo
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
FileTimeToLocalFileTime
GetEnvironmentStrings
CompareFileTime
WritePrivateProfileStringA
GetCurrentProcessId
SetFileTime
GetCurrentDirectoryA
HeapSize
SetThreadAffinityMask
InterlockedCompareExchange
GetCurrentThread
OpenMutexA
SuspendThread
QueryPerformanceFrequency
CompareStringA
ReleaseSemaphore
TlsFree
SetFilePointer
ReadFile
WriteFileEx
CloseHandle
GetACP
GetModuleHandleW
WideCharToMultiByte
IsValidCodePage
HeapCreate
VirtualFree
Sleep
ReadFileEx
OpenEventA
VirtualAlloc
GetOEMCP
GetTimeFormatA
ShellExecuteA
SHGetFolderPathA
GetCursorPos
MapVirtualKeyA
GetForegroundWindow
DefWindowProcA
FindWindowA
SetWindowPos
GetSystemMetrics
ShowCursor
DispatchMessageA
UnhookWindowsHookEx
EnumChildWindows
MessageBoxA
PeekMessageA
TranslateMessage
GetKeyState
GetAsyncKeyState
SetWindowTextA
GetWindowTextA
GetClientRect
GetDlgItem
RegisterClassA
GetClassLongA
CallNextHookEx
GetWindowLongA
CreateWindowExA
LoadIconA
SetWindowsHookExA
GetKeyboardLayout
GetActiveWindow
AdjustWindowRect
GetClassNameA
ToUnicode
SetForegroundWindow
GetWindowInfo
timeGetTime
connect
setsockopt
gethostname
socket
__WSAFDIsSet
bind
WSAAsyncSelect
inet_addr
send
ioctlsocket
WSAStartup
gethostbyname
ntohs
select
accept
closesocket
inet_ntoa
htons
recv
WSAGetLastError
listen
X3DAudioInitialize
X3DAudioCalculate
Ord(4)
Ord(3)
Ord(2)
_BinkNextFrame@4
_BinkOpen@8
_BinkDoFrame@4
_BinkWait@4
_BinkPause@8
_BinkOpenDirectSound@4
_BinkSetSoundSystem@8
_BinkCopyToBufferRect@44
_BinkClose@4
D3DPERF_SetOptions
D3DXPlaneNormalize
D3DXMatrixInverse
D3DXCreateTextureFromFileExA
D3DXVec3TransformCoord
D3DXMatrixTranspose
D3DXGetImageInfoFromFileA
D3DXPlaneTransform
D3DXMatrixMultiply
D3DXCreateCubeTextureFromFileInMemory
D3DXCreateTextureFromFileInMemory
D3DXCompileShader
D3DXGetImageInfoFromFileInMemory
D3DXLoadSurfaceFromMemory
D3DXMatrixMultiplyTranspose
D3DXVec3TransformNormal
D3DXLoadSurfaceFromSurface
D3DXVec3Normalize
D3DXCreateVolumeTextureFromFileInMemory
CoInitializeEx
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
SteamAPI_RegisterCallback
SteamUserStats
SteamAPI_RunCallbacks
SteamAPI_Init
SteamAPI_UnregisterCallback
Number of PE resources by type
RT_ICON 20
RT_GROUP_ICON 2
RT_MANIFEST 1
RT_BITMAP 1
DATA 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 14
NEUTRAL DEFAULT 12
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.9.32.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Unicode

InitializedDataSize
4440576

EntryPoint
0xb568a1

OriginalFileName
TESV.exe

MIMEType
application/octet-stream

FileVersion
1.9.32.0

TimeStamp
2013:03:15 20:56:21+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Skyrim

ProductVersion
1.9.32.0

FileDescription
Skyrim

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Bethesda Softworks

CodeSize
13014016

ProductName
TESV: Skyrim

ProductVersionNumber
1.9.32.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 2971a685ec816e254b946d6ec6a93676
SHA1 71f9e7796f528907698f0e1861a8fc04e13cf7ee
SHA256 07d4be61fc1083c5691bd408d2c0a433d28fd8778046f19a6dc7f7c644eb7e48
ssdeep
393216:agQgZk5Ttp88IrkGOf1OcvUrCw5Fr4t67z96:a/gZ+tp88IfONOcvUrfL

authentihash 3d3cab661f59728941944be509138fbab5b2af32680a217ea70c19b9b6beedf4
imphash 991b34907f55d20e2c00c858aaabd6a9
File size 16.6 MB ( 17455616 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2013-03-22 18:42:05 UTC ( 6 years, 2 months ago )
Last submission 2018-04-24 16:43:44 UTC ( 1 year ago )
File names TESV.exe
TESV.exe
TESV.exe
Skyrim.exe
Skyrim.exe
TESV.exe
TESV.exe
TESV.exe
TESV.exe
2971a685ec816e254b946d6ec6a93676
TESV.exe
TESV.exe
Skyrim
TESV.exe
TESV.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!