× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0932723c8e498b7f899560a0c0334d662fbc50a90f155ed3f4a3c0ea83ccd17f
File name: reefclubcasino.exe
Detection ratio: 2 / 47
Analysis date: 2013-06-08 12:16:20 UTC ( 10 months, 2 weeks ago ) View latest
Antivirus Result Update
AVG Skodna.Casino.DG 20130608
Ikarus not-a-virus:CasinoOnline 20130608
Agnitum 20130607
AhnLab-V3 20130607
AntiVir 20130608
Antiy-AVL 20130608
Avast 20130608
BitDefender 20130608
ByteHero 20130606
CAT-QuickHeal 20130607
ClamAV 20130608
Commtouch 20130608
Comodo 20130608
DrWeb 20130608
ESET-NOD32 20130608
Emsisoft 20130608
F-Prot 20130608
F-Secure 20130608
Fortinet 20130608
GData 20130608
Jiangmin 20130608
K7AntiVirus 20130607
K7GW 20130607
Kaspersky 20130608
Kingsoft 20130506
Malwarebytes 20130608
McAfee 20130608
McAfee-GW-Edition 20130608
MicroWorld-eScan 20130608
Microsoft 20130608
NANO-Antivirus 20130608
Norman 20130607
PCTools 20130521
Panda 20130608
Rising 20130607
SUPERAntiSpyware 20130608
Sophos 20130608
Symantec 20130608
TheHacker 20130607
TotalDefense 20130607
TrendMicro 20130608
TrendMicro-HouseCall 20130608
VBA32 20130608
VIPRE 20130608
ViRobot 20130608
eSafe 20130606
nProtect 20130608
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
Authenticode signature block
Copyright
Copyright © 2004

Publisher Cassava Enterprises (Gibraltar) Limited
Product Random-Logic Installer
Version 3, 7, 0, 22
Original name Installer.exe
Internal name Installer
File version 3, 7, 0, 22
Description Installer
Signature verification Signed file, verified signature
Signing date 1:22 PM 6/8/2013
Signers
[+] Cassava Enterprises (Gibraltar) Limited
Status Valid
Valid from 1:00 AM 5/3/2012
Valid to 12:59 AM 7/3/2014
Valid usage Code Signing, 1.3.6.1.4.1.311.2.1.22
Algorithm SHA1
Thumbrint 603134EB5F6B1D55E2E8DFBBA192A0358696178D
Serial number 07 C8 B5 AF AC 3F 11 F9 64 CC 21 DF 98 84 C4 3A
[+] Thawte Code Signing CA - G2
Status Valid
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbrint 808D62642B7D1C4A9A83FD667F7A2A9D243FB1C7
Serial number 47 97 4D 78 73 A5 BC AB 0D 2F B3 70 19 2F CE 5E
[+] thawte
Status Valid
Valid from 1:00 AM 11/17/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm SHA1
Thumbrint 91C6D6EE3E8AC86384E548C299295C756C817B81
Serial number 34 4E D5 57 20 D5 ED EC 49 F4 2F CE 37 DB 2B 6D
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-08 08:57:50
Entry Point 0x00016693
Number of sections 4
PE sections
PE imports
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
GetObjectA
GetDeviceCaps
SetMapMode
DeleteDC
CreateBitmap
SetBkMode
BitBlt
CreateDIBitmap
CreateFontIndirectA
CreateSolidBrush
DeleteObject
SelectObject
SetBkColor
CreateCompatibleDC
GetBkColor
CreateCompatibleBitmap
SetTextColor
GetStdHandle
GetConsoleOutputCP
ReleaseMutex
WaitForSingleObject
GetDriveTypeA
HeapDestroy
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetTempPathA
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
GetOEMCP
LocalFree
GetExitCodeProcess
InitializeCriticalSection
TlsGetValue
FormatMessageA
SetLastError
GetSystemTime
GetUserDefaultLangID
CopyFileA
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
EnumSystemLocalesA
GetPrivateProfileStringA
SetConsoleCtrlHandler
GetUserDefaultLCID
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FatalAppExitA
CreateMutexA
GetModuleHandleA
CreateSemaphoreA
CreateThread
SetUnhandledExceptionFilter
MulDiv
SetEnvironmentVariableA
GlobalMemoryStatus
WriteConsoleA
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
SetCurrentDirectoryA
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
FreeLibrary
GlobalSize
GetStartupInfoA
GetDateFormatA
GetFileSize
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GlobalLock
GetProcessHeap
CompareStringW
CompareStringA
IsValidLocale
GetProcAddress
GetTimeZoneInformation
CreateEventA
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
RemoveDirectoryA
GetEnvironmentStrings
GetCurrentProcessId
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetCurrentThread
GetSystemDefaultLangID
RaiseException
ReleaseSemaphore
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetVersion
CreateProcessA
WideCharToMultiByte
IsValidCodePage
HeapCreate
VirtualFree
Sleep
TerminateProcess
VirtualAlloc
GetTimeFormatA
ShellExecuteExA
ShellExecuteA
SetFocus
GetMessageA
TranslateAcceleratorA
UpdateWindow
IntersectRect
PostMessageA
EndDialog
KillTimer
GetClassInfoExA
PostQuitMessage
DefWindowProcA
ShowWindow
FindWindowA
SendDlgItemMessageA
GetSystemMetrics
IsWindow
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
MessageBoxIndirectA
MessageBoxA
TranslateMessage
DialogBoxParamA
GetDC
RegisterClassExA
DrawTextA
SetWindowTextA
SendMessageA
GetClientRect
CreateWindowExA
GetDlgItem
UnionRect
ScreenToClient
InvalidateRect
LoadAcceleratorsA
SetTimer
LoadCursorA
LoadIconA
FillRect
IsRectEmpty
ReleaseDC
EndPaint
SetForegroundWindow
PtInRect
DestroyWindow
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
HttpSendRequestA
InternetQueryDataAvailable
InternetSetOptionA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpQueryInfoA
InternetCloseHandle
InternetOpenA
InternetCheckConnectionA
InternetConnectA
InternetReadFile
InternetCrackUrlA
Ord(115)
Ord(52)
Ord(11)
Ord(57)
CoCreateGuid
Number of PE resources by type
RT_DIALOG 1
RT_ICON 1
RT_MANIFEST 1
RT_ACCELERATOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
HEBREW DEFAULT 2
File identification
MD5 5f732fe8e005639a786753fd32d413a2
SHA1 86c1c2c5192fe34f1a616e7def4197b9220eff68
SHA256 0932723c8e498b7f899560a0c0334d662fbc50a90f155ed3f4a3c0ea83ccd17f
ssdeep
3072:tTVn+n6ibD75+xWM4+4RZ19f9pzxwHw1JdLiUKn94cMwLB5AZKhu8v5hQ8NHJOiG:heb/RZhwHUm4cmDkPnyoEb

File size 291.6 KB ( 298584 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe signed

VirusTotal metadata
First submission 2013-06-08 12:16:20 UTC ( 10 months, 2 weeks ago )
Last submission 2013-06-08 12:22:22 UTC ( 10 months, 2 weeks ago )
File names Installer
Installer.exe
reefclubcasino.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Set keys
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications