× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 102e807fcb82930d544a30eaa8a3f2ffc0664e0247488a7b0dde25909e9ecd9b
File name: Big Farm Hack.exe
Detection ratio: 0 / 54
Analysis date: 2016-01-20 18:01:14 UTC ( 1 year, 10 months ago )
Antivirus Result Update
Ad-Aware 20160120
AegisLab 20160120
Yandex 20160119
AhnLab-V3 20160120
Alibaba 20160120
ALYac 20160120
Antiy-AVL 20160120
Arcabit 20160120
Avast 20160120
AVG 20160120
Avira (no cloud) 20160120
Baidu-International 20160120
BitDefender 20160120
Bkav 20160120
ByteHero 20160120
CAT-QuickHeal 20160119
ClamAV 20160120
CMC 20160111
Comodo 20160120
Cyren 20160120
DrWeb 20160120
Emsisoft 20160120
ESET-NOD32 20160120
F-Prot 20160120
F-Secure 20160120
Fortinet 20160120
GData 20160120
Ikarus 20160120
Jiangmin 20160120
K7AntiVirus 20160120
K7GW 20160120
Kaspersky 20160120
Malwarebytes 20160120
McAfee 20160120
McAfee-GW-Edition 20160120
Microsoft 20160120
eScan 20160120
NANO-Antivirus 20160120
nProtect 20160120
Panda 20160120
Qihoo-360 20160120
Rising 20160120
Sophos AV 20160120
SUPERAntiSpyware 20160120
Symantec 20160120
Tencent 20160120
TheHacker 20160119
TrendMicro 20160120
TrendMicro-HouseCall 20160120
VBA32 20160120
VIPRE 20160120
ViRobot 20160120
Zillya 20160120
Zoner 20160120
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 2011 Neowiz

Product SelfUpdate Module
Original name selfupdate.exe
Internal name SelfUpdate
File version 1, 0, 0, 3
Description SelfUpdate Module
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-08-29 06:59:39
Entry Point 0x0000CAA4
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
RegCloseKey
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
InitCommonControlsEx
GetStdHandle
GetConsoleOutputCP
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
GetOEMCP
InitializeCriticalSection
LoadResource
TlsGetValue
OutputDebugStringA
SetLastError
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
LoadLibraryExA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
SetUnhandledExceptionFilter
TerminateProcess
WriteConsoleA
VirtualQuery
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
CreateDirectoryA
DeleteFileA
GetCPInfo
GetProcAddress
GetProcessHeap
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
lstrlenA
GetConsoleCP
LCMapStringA
GetThreadLocale
GetEnvironmentStringsW
IsDBCSLeadByte
lstrlenW
SizeofResource
GetCurrentProcessId
GetCurrentDirectoryA
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
FindResourceA
GetEnvironmentStrings
CreateProcessA
HeapCreate
VirtualFree
Sleep
OpenEventA
VirtualAlloc
VarUI4FromStr
DefWindowProcA
UnregisterClassA
CharNextA
DestroyWindow
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
Number of PE resources by type
RT_STRING 10
RT_ICON 2
RT_MANIFEST 1
RT_ACCELERATOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
KOREAN 13
CHINESE SIMPLIFIED 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.3

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
36864

EntryPoint
0xcaa4

OriginalFileName
selfupdate.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2011 Neowiz

FileVersion
1, 0, 0, 3

TimeStamp
2011:08:29 07:59:39+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
SelfUpdate

ProductVersion
1, 0, 0, 3

FileDescription
SelfUpdate Module

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
81920

ProductName
SelfUpdate Module

ProductVersionNumber
1.0.0.3

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 79bb7fa30bcd28a65dbf90d9010fa142
SHA1 8f8e4ca219501738ca08dbd9df7f1a10bfee558b
SHA256 102e807fcb82930d544a30eaa8a3f2ffc0664e0247488a7b0dde25909e9ecd9b
ssdeep
3072:eKPurrOHvEbPchQ2NlRo8ziWvl5ft4LSMU:XurCHvuPAd156Li

authentihash 25f9e28c809d05439dbd8cc16df4ef118b44f71efff6585132a6ff261ae4c21e
imphash 388c606d1f925f925a861a3291449582
File size 120.0 KB ( 122880 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2011-09-04 20:55:56 UTC ( 6 years, 3 months ago )
Last submission 2016-01-20 18:01:14 UTC ( 1 year, 10 months ago )
File names Big Farm Hack.exe
SelfUpdate.exe
file-3629930_exe
SelfUpdate
selfupdate.exe
smona131673203098920502238
5512DD6100C2D3F3E0E5019404F5070075AFFC49.exe
file-2920074_exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!