× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 135caecdb6399309e682c50a6555b2399caddbc15d586eb3e6daaa46aa946290
File name: 777dragon.exe
Detection ratio: 3 / 50
Analysis date: 2014-03-12 16:38:18 UTC ( 1 year, 4 months ago )
Antivirus Result Update
AntiVir GAME/Casino.Gen 20140312
ESET-NOD32 a variant of Win32/PrimeCasino.A 20140312
F-Prot W32/Casino.P.gen!Eldorado 20140312
AVG 20140311
Ad-Aware 20140312
Agnitum 20140312
AhnLab-V3 20140312
Antiy-AVL 20140311
Avast 20140312
Baidu-International 20140312
BitDefender 20140312
Bkav 20140312
ByteHero 20140312
CAT-QuickHeal 20140312
CMC 20140312
ClamAV 20140312
Commtouch 20140312
Comodo 20140312
DrWeb 20140312
Emsisoft 20140312
F-Secure 20140312
Fortinet 20140312
GData 20140312
Ikarus 20140312
Jiangmin 20140312
K7AntiVirus 20140312
K7GW 20140312
Kaspersky 20140312
Kingsoft 20140312
Malwarebytes 20140312
McAfee 20140312
McAfee-GW-Edition 20140312
MicroWorld-eScan 20140312
Microsoft 20140312
NANO-Antivirus 20140312
Norman 20140312
Panda 20140312
Qihoo-360 20140312
Rising 20140312
SUPERAntiSpyware 20140311
Sophos 20140312
Symantec 20140312
TheHacker 20140312
TotalDefense 20140312
TrendMicro 20140312
TrendMicro-HouseCall 20140312
VBA32 20140312
VIPRE 20140312
ViRobot 20140312
nProtect 20140312
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Publisher Microgaming Software Systems Limited
Product MicrogamingInstall
Internal name Install Program
File version 16.9.2.739
Description Install Program
Signature verification Signed file, verified signature
Signing date 7:47 AM 6/12/2013
Signers
[+] Microgaming Software Systems Limited
Status Valid
Valid from 12:41 PM 3/21/2013
Valid to 7:35 PM 3/21/2016
Valid usage Code Signing, 1.3.6.1.4.1.311.61.1.1
Algorithm SHA1
Thumbprint 1D9845CA814E20FF1B6971959EF0F22D2D1C0A1B
Serial number 4C 17 40 9A
[+] Entrust Code Signing Certification Authority - L1D
Status Valid
Valid from 4:41 PM 11/11/2011
Valid to 9:51 AM 11/12/2021
Valid usage All
Algorithm SHA1
Thumbprint D0D7578B7317228E31D42EDF356A7C64F1050473
Serial number 4C 0E 8C 3A
[+] Entrust.net Certification Authority (2048)
Status Valid
Valid from 4:18 PM 3/23/2009
Valid to 4:48 PM 3/23/2019
Valid usage All
Algorithm SHA1
Thumbprint B975811DDA15107EF5E0DC28141C7B938EBE4C26
Serial number 46 9E 91 1A
[+] Entrust
Status Valid
Valid from 5:09 PM 5/25/1999
Valid to 5:39 PM 5/25/2019
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, IPSEC Tunnel, IPSEC User, 1.3.6.1.5.5.8.2.2, Timestamp Signing, EFS
Algorithm SHA1
Thumbprint 99A69BE61AFE886B4D2B82007CB854FC317E1539
Serial number 37 4A D2 43
Counter signers
[+] Entrust Time Stamping Authority
Status Valid
Valid from 3:33 PM 12/15/2011
Valid to 3:23 AM 12/16/2014
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 22DECB21AB97B582F58CC09941E92FE0FDD2B035
Serial number 4C 17 06 B5
[+] Entrust Code Signing Certification Authority - L1D
Status Valid
Valid from 4:41 PM 11/11/2011
Valid to 9:51 AM 11/12/2021
Valid usage All
Algorithm SHA1
Thumbrint D0D7578B7317228E31D42EDF356A7C64F1050473
Serial number 4C 0E 8C 3A
[+] Entrust.net Certification Authority (2048)
Status Valid
Valid from 4:18 PM 3/23/2009
Valid to 4:48 PM 3/23/2019
Valid usage All
Algorithm SHA1
Thumbrint B975811DDA15107EF5E0DC28141C7B938EBE4C26
Serial number 46 9E 91 1A
[+] Entrust
Status Valid
Valid from 5:09 PM 5/25/1999
Valid to 5:39 PM 5/25/2019
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, IPSEC Tunnel, IPSEC User, 1.3.6.1.5.5.8.2.2, Timestamp Signing, EFS
Algorithm SHA1
Thumbrint 99A69BE61AFE886B4D2B82007CB854FC317E1539
Serial number 37 4A D2 43
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-05-02 11:54:14
Entry Point 0x000398EE
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
CloseServiceHandle
SetEntriesInAclW
RegCloseKey
OpenServiceA
RegSetValueExW
FreeSid
RegQueryValueExA
RegOpenKeyExW
RegSetValueExA
GetUserNameA
RegSetValueA
RegEnumKeyW
RegCreateKeyExA
RegOpenKeyExA
RegSetValueW
OpenSCManagerA
RegQueryValueExW
RegQueryValueW
DeleteDC
SelectObject
GetStockObject
GetDIBits
BitBlt
CreateDIBSection
CreateCompatibleDC
DeleteObject
GetVolumePathNameW
GetStdHandle
GetDriveTypeW
ReleaseMutex
FileTimeToSystemTime
GetComputerNameA
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
EncodePointer
GetFileAttributesW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetCurrentDirectoryA
GetConsoleMode
lstrcatA
OpenFileMappingA
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
WideCharToMultiByte
LoadLibraryW
InterlockedExchange
WriteFile
MoveFileA
GetSystemTimeAsFileTime
GetThreadTimes
GlobalMemoryStatusEx
HeapReAlloc
GetStringTypeW
GetFullPathNameA
GetOEMCP
LocalFree
FormatMessageW
ResumeThread
GetLogicalDriveStringsA
GetEnvironmentVariableA
FindClose
InterlockedDecrement
FormatMessageA
SetFileAttributesW
QueueUserWorkItem
OutputDebugStringA
SetLastError
PeekNamedPipe
DeviceIoControl
CopyFileW
RemoveDirectoryW
CopyFileA
ExitProcess
FlushFileBuffers
RemoveDirectoryA
FreeLibrary
HeapSetInformation
GetVolumeInformationA
SetThreadPriority
SetHandleCount
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetPrivateProfileStringW
CreateMutexA
SetFilePointer
CreateSemaphoreA
CreateThread
SetFileAttributesA
GetExitCodeThread
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetSystemDirectoryA
MoveFileExA
SetEnvironmentVariableA
TerminateProcess
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
SetCurrentDirectoryA
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
OpenProcess
lstrcmpiA
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
ExitThread
Process32Next
DecodePointer
GetFileSize
Process32First
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetStartupInfoW
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
GetProcessHeap
CompareStringW
GetModuleFileNameW
GetFileInformationByHandle
FindFirstFileExA
FindFirstFileA
lstrcpyA
GetTempFileNameA
CreateFileMappingA
FindNextFileA
GetDiskFreeSpaceExA
GetProcAddress
GetTimeZoneInformation
CreateFileW
CreateEventA
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
LCMapStringW
HeapCreate
GetSystemInfo
lstrlenA
GetConsoleCP
GetEnvironmentStringsW
GetModuleFileNameA
FileTimeToLocalFileTime
GetCurrentDirectoryW
GetCurrentProcessId
lstrlenW
GetCPInfo
HeapSize
GetCommandLineA
InterlockedCompareExchange
GetCurrentThread
lstrcpynW
RaiseException
ReleaseSemaphore
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
lstrcpynA
GetACP
GetModuleHandleW
CreateProcessA
IsValidCodePage
UnmapViewOfFile
CreateProcessW
Sleep
VariantChangeType
SafeArrayAccessData
VariantTimeToSystemTime
SysStringLen
SysAllocStringLen
SafeArrayUnaccessData
VariantClear
SysAllocString
VariantCopy
SafeArrayCreateVector
SysFreeString
VariantInit
GetModuleFileNameExA
SHGetFolderPathW
SHChangeNotify
SHGetPathFromIDListW
SHGetSpecialFolderPathA
SHGetSpecialFolderLocation
SHGetMalloc
ShellExecuteA
Shell_NotifyIconA
StrStrA
PathAppendA
PathCanonicalizeA
SHDeleteKeyA
PathAppendW
PathCanonicalizeW
MapWindowPoints
SetFocus
UpdateWindow
SetLayeredWindowAttributes
OffsetRect
DefWindowProcW
DefWindowProcA
ShowWindow
FlashWindowEx
SetWindowPos
GetSystemMetrics
SetWindowLongW
MessageBoxW
GetWindowRect
DispatchMessageA
EnableWindow
PostMessageA
MoveWindow
MessageBoxA
PeekMessageA
ChildWindowFromPoint
SetWindowLongA
wvsprintfA
TranslateMessage
IsWindowEnabled
GetWindowDC
PostThreadMessageA
GetCursorPos
CreatePopupMenu
GetDlgCtrlID
SetWindowTextA
RegisterClassW
GetWindowLongW
IsWindowVisible
SendMessageA
GetClientRect
RegisterClassA
InvalidateRect
wsprintfA
SendMessageTimeoutA
CreateWindowExA
LoadCursorA
LoadIconA
TrackPopupMenu
GetMessageA
GetActiveWindow
AdjustWindowRect
CopyRect
LoadImageA
CreateWindowExW
ReleaseDC
wsprintfW
SetForegroundWindow
AppendMenuW
IsDialogMessageA
DestroyWindow
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
HttpSendRequestA
InternetOpenUrlA
InternetSetOptionA
HttpOpenRequestA
InternetReadFile
InternetCrackUrlW
InternetGetLastResponseInfoA
InternetOpenA
InternetConnectA
InternetQueryOptionA
InternetOpenUrlW
HttpQueryInfoA
InternetCrackUrlA
InternetOpenW
InternetCreateUrlA
InternetCloseHandle
WSAAddressToStringA
getservbyport
htons
htonl
inet_addr
ioctlsocket
WSAStartup
gethostbyname
ntohs
WSASetLastError
WSACleanup
gethostbyaddr
WSAGetLastError
getservbyname
OleUninitialize
OleCreate
CoInitialize
OleInitialize
OleSetContainedObject
StringFromIID
CoCreateInstance
CLSIDFromProgID
CoUninitialize
CoCreateGuid
CoTaskMemFree
CoSetProxyBlanket
CoTaskMemAlloc
CoInternetGetSession
PE exports
Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_DIALOG 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH SOUTH AFRICA 3
NEUTRAL 1
ENGLISH US 1
ExifTool file metadata
SubsystemVersion
5.1

InitializedDataSize
144384

ImageVersion
0.0

ProductName
MicrogamingInstall

FileVersionNumber
16.9.2.739

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
10.0

MIMEType
application/octet-stream

FileVersion
16.9.2.739

TimeStamp
2013:05:02 12:54:14+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Install Program

FileAccessDate
2014:03:12 17:35:59+01:00

ProductVersion
16.9.2

FileDescription
Install Program

OSVersion
5.1

FileCreateDate
2014:03:12 17:35:59+01:00

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
423936

FileSubtype
0

ProductVersionNumber
16.9.1.0

EntryPoint
0x398ee

ObjectFileType
Executable application

File identification
MD5 b80db6ec0e6c968499ce01232fbfdc5c
SHA1 750326f6df427317b44ba3d550fdac6c30d2b2bb
SHA256 135caecdb6399309e682c50a6555b2399caddbc15d586eb3e6daaa46aa946290
ssdeep
24576:QsvVZKzGFi3LmZPgDcny89cWIzPYzKeocCiEn:QstW3aPgDoMYzvFEn

imphash 368908feefa0aa1ba4668affa866b84d
File size 855.8 KB ( 876368 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe signed

VirusTotal metadata
First submission 2014-03-12 16:38:18 UTC ( 1 year, 4 months ago )
Last submission 2014-03-12 16:38:18 UTC ( 1 year, 4 months ago )
File names Install Program
777dragon.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.