× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 10340636cdecdf83ccdc74460dd08d3639290702dea74d5799d1a30af4e621e8
File name: Cop Turkce yama.exe
Detection ratio: 2 / 68
Analysis date: 2018-04-29 15:26:20 UTC ( 9 months, 3 weeks ago )
Antivirus Result Update
Cylance Unsafe 20180429
TheHacker Adware/EShoper.do 20180426
Ad-Aware 20180429
AegisLab 20180429
AhnLab-V3 20180429
Alibaba 20180428
ALYac 20180429
Antiy-AVL 20180429
Arcabit 20180429
Avast 20180429
Avast-Mobile 20180429
AVG 20180429
Avira (no cloud) 20180429
AVware 20180428
Babable 20180406
Baidu 20180428
BitDefender 20180429
Bkav 20180426
CAT-QuickHeal 20180429
ClamAV 20180429
CMC 20180429
Comodo 20180429
CrowdStrike Falcon (ML) 20180418
Cybereason 20180225
Cyren 20180429
DrWeb 20180429
eGambit 20180429
Emsisoft 20180429
Endgame 20180403
ESET-NOD32 20180429
F-Prot 20180429
F-Secure 20180429
Fortinet 20180429
GData 20180429
Ikarus 20180429
Sophos ML 20180121
Jiangmin 20180429
K7AntiVirus 20180429
K7GW 20180429
Kaspersky 20180429
Kingsoft 20180429
Malwarebytes 20180429
MAX 20180429
McAfee 20180429
McAfee-GW-Edition 20180425
Microsoft 20180429
eScan 20180429
NANO-Antivirus 20180429
nProtect 20180429
Palo Alto Networks (Known Signatures) 20180429
Panda 20180429
Qihoo-360 20180429
Rising 20180429
SentinelOne (Static ML) 20180225
Sophos AV 20180429
SUPERAntiSpyware 20180429
Symantec 20180428
Symantec Mobile Insight 20180424
Tencent 20180429
TrendMicro 20180429
TrendMicro-HouseCall 20180429
Trustlook 20180429
VBA32 20180428
VIPRE 20180428
ViRobot 20180429
Webroot 20180429
Yandex 20180428
Zillya 20180427
ZoneAlarm by Check Point 20180429
Zoner 20180428
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Stalker Call of Pripyat Türkçe Kurulumu
File version 2, 0, 0, 32
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-10-23 12:16:16
Entry Point 0x000310E0
Number of sections 3
PE sections
Overlays
MD5 369030ccd23dbd45c04c5bedc3260e63
File type data
Offset 91648
Size 931925
Entropy 7.99
PE imports
RegCloseKey
BitBlt
LoadLibraryA
ExitProcess
GetProcAddress
DragFinish
IsIconic
VerFindFileA
GetOpenFileNameA
CoGetMalloc
Number of PE resources by type
RT_ICON 5
RT_DIALOG 4
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 12
PE resources
ExifTool file metadata
UninitializedDataSize
118784

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.0.0.32

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
12288

EntryPoint
0x310e0

MIMEType
application/octet-stream

FileVersion
2, 0, 0, 32

TimeStamp
2008:10:23 13:16:16+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
2, 0, 0, 32

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
81920

ProductName
Stalker Call of Pripyat T rk e Kurulumu

ProductVersionNumber
2.0.0.32

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 0b5fd538a0038acceb5ab30d0ce4ea68
SHA1 ce9c39b7d424116d07146c6fb08e6dfc751fc3db
SHA256 10340636cdecdf83ccdc74460dd08d3639290702dea74d5799d1a30af4e621e8
ssdeep
24576:vrQyvZkGKxNll9IcYZiATmLgl4UJCZSez0R8eI4ysYkGKxNll9IcYZh:vrDuxd94mLgvC40vh4Txd9c

authentihash e21a49c75699af0992894d091a44ed4ad52b30a35c3718db3b92f248f7d07d87
imphash dd643fe47127e173d2302c8f84c76bad
File size 999.6 KB ( 1023573 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (38.2%)
Win32 EXE Yoda's Crypter (37.5%)
Win32 Dynamic Link Library (generic) (9.2%)
Win32 Executable (generic) (6.3%)
OS/2 Executable (generic) (2.8%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2011-06-26 06:21:34 UTC ( 7 years, 7 months ago )
Last submission 2018-04-29 15:26:20 UTC ( 9 months, 3 weeks ago )
File names 0b5fd538a0038acceb5ab30d0ce4ea68
Cop Turkce yama.exe
Cop Turkce yama (1).exe
S.T.A.L.K.E.R. Call of Pripyat Türkçe Yama.exe
file-2932296_exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!