× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2ed0d789e3129884fd26a38f84b07d4ac188d0eca95dfd69ca187c21ce8285cf
File name: 141504364699247-Reign_of_Swords_setup.exe
Detection ratio: 0 / 68
Analysis date: 2018-08-24 15:45:59 UTC ( 6 months ago )
Antivirus Result Update
Ad-Aware 20180824
AegisLab 20180824
AhnLab-V3 20180824
Alibaba 20180713
ALYac 20180824
Antiy-AVL 20180824
Arcabit 20180824
Avast 20180824
Avast-Mobile 20180823
AVG 20180824
Avira (no cloud) 20180824
AVware 20180823
Babable 20180822
Baidu 20180820
BitDefender 20180824
Bkav 20180824
CAT-QuickHeal 20180824
ClamAV 20180824
CMC 20180824
Comodo 20180824
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20180824
Cyren 20180824
DrWeb 20180824
eGambit 20180824
Emsisoft 20180824
Endgame 20180730
ESET-NOD32 20180824
F-Prot 20180824
F-Secure 20180820
Fortinet 20180824
GData 20180824
Ikarus 20180824
Sophos ML 20180717
Jiangmin 20180824
K7AntiVirus 20180824
K7GW 20180824
Kaspersky 20180824
Kingsoft 20180824
Malwarebytes 20180824
MAX 20180824
McAfee 20180824
McAfee-GW-Edition 20180824
Microsoft 20180824
eScan 20180824
NANO-Antivirus 20180824
Palo Alto Networks (Known Signatures) 20180824
Panda 20180824
Qihoo-360 20180824
Rising 20180824
SentinelOne (Static ML) 20180701
Sophos AV 20180824
SUPERAntiSpyware 20180824
Symantec 20180824
Symantec Mobile Insight 20180822
TACHYON 20180824
Tencent 20180824
TheHacker 20180824
TotalDefense 20180824
TrendMicro 20180824
TrendMicro-HouseCall 20180824
Trustlook 20180824
VBA32 20180824
VIPRE 20180824
ViRobot 20180824
Webroot 20180824
Yandex 20180824
Zillya 20180824
ZoneAlarm by Check Point 20180824
Zoner 20180823
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Punch Entertainment

File version 1.6.0
Description Reign of Swords 1.6.0 Installation
Packers identified
PEiD BobSoft Mini Delphi -> BoB / BobSoft
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x000166E4
Number of sections 8
PE sections
Overlays
MD5 affc6e918264fb516e0694a97c9f1350
File type data
Offset 105472
Size 9872407
Entropy 8.00
PE imports
RegDeleteKeyA
GetTokenInformation
LookupPrivilegeValueA
RegCloseKey
EqualSid
OpenProcessToken
GetUserNameA
FreeSid
RegQueryValueExA
AllocateAndInitializeSid
OpenThreadToken
RegSetValueExA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
RegEnumKeyExA
RegQueryInfoKeyA
AdjustTokenPrivileges
ImageList_SetBkColor
ImageList_Draw
ImageList_Create
InitCommonControls
SetDIBits
AddFontResourceA
OffsetRgn
SaveDC
CreateFontIndirectA
CombineRgn
SetStretchBltMode
GetPixel
GetObjectA
ExcludeClipRect
DeleteDC
RestoreDC
SetBkMode
SetPixel
CreateSolidBrush
IntersectClipRect
BitBlt
CreateDIBSection
SetTextColor
MoveToEx
GetStockObject
CreateBrushIndirect
GetDIBits
ExtSelectClipRgn
SetBrushOrgEx
CreateCompatibleDC
StretchBlt
StretchDIBits
SetROP2
CreateRectRgn
RemoveFontResourceA
SelectObject
GetTextExtentPoint32A
SetWindowOrgEx
SetBkColor
DeleteObject
CreateCompatibleBitmap
GetLastError
HeapFree
CreateDirectoryA
GetUserDefaultLangID
FileTimeToSystemTime
GetFileAttributesA
GlobalFree
WaitForSingleObject
FreeLibrary
CopyFileA
HeapAlloc
GetPrivateProfileSectionA
GetVersionExA
RemoveDirectoryA
GetFileSize
RtlUnwind
LoadLibraryA
WinExec
GetDiskFreeSpaceA
GetPrivateProfileStringA
WritePrivateProfileStringA
LocalAlloc
SetFileTime
DeleteFileA
GetWindowsDirectoryA
UnhandledExceptionFilter
SetErrorMode
MultiByteToWideChar
GetShortPathNameA
WritePrivateProfileSectionA
GetCommandLineA
GetProcAddress
GetProcessHeap
GetFileTime
SetFilePointer
GetTempPathA
RaiseException
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
GetCurrentProcess
FindFirstFileA
GetComputerNameA
FindNextFileA
GetSystemDirectoryA
HeapReAlloc
GetVersion
GetModuleFileNameA
GlobalAlloc
VirtualFree
FindClose
TlsGetValue
Sleep
FormatMessageA
SetEndOfFile
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
GetCurrentThread
VirtualAlloc
SetCurrentDirectoryA
CloseHandle
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoInitialize
OleInitialize
SysReAllocStringLen
SysFreeString
SysAllocStringLen
SHGetFileInfoA
ShellExecuteExA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
SHFileOperationA
SetFocus
GetAsyncKeyState
GetParent
EnableWindow
DrawTextA
SetPropA
BeginPaint
OffsetRect
GetCapture
CheckRadioButton
KillTimer
RemovePropA
PostQuitMessage
DefWindowProcA
ShowWindow
GetPropA
SetWindowPos
FindWindowA
GetSystemMetrics
EnableMenuItem
IsWindow
GetWindowRect
InflateRect
ScreenToClient
PostMessageA
DrawIcon
MessageBoxA
PeekMessageA
GetWindowDC
SetWindowLongA
TranslateMessage
IsWindowEnabled
GetWindow
GetSysColor
GetDC
GetKeyState
GetCursorPos
ReleaseDC
WaitMessage
GetClassInfoA
DestroyIcon
DeleteMenu
SetParent
CopyImage
IsWindowVisible
IsZoomed
EnumWindows
SendMessageA
GetWindowTextA
GetClientRect
CreateWindowExA
CharLowerBuffA
IsIconic
RegisterClassA
GetClassLongA
InvalidateRect
GetWindowLongA
GetWindowTextLengthA
SetTimer
LoadCursorA
LoadIconA
ClientToScreen
FillRect
GetUpdateRgn
ValidateRect
DispatchMessageA
CallWindowProcA
GetSystemMenu
GetFocus
EndPaint
SetForegroundWindow
DestroyWindow
ExitWindowsEx
SetCursor
timeKillEvent
timeSetEvent
Number of PE resources by type
RT_RCDATA 2
RT_ICON 1
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
RUSSIAN 4
NEUTRAL 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
2.25

ImageVersion
0.0

FileVersionNumber
1.6.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Reign of Swords 1.6.0 Installation

ImageFileCharacteristics
Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Windows, Latin1

InitializedDataSize
16384

EntryPoint
0x166e4

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.6.0

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

LegalCopyright
Punch Entertainment

MachineType
Intel 386 or later, and compatibles

CompanyName
Punch Entertainment

CodeSize
88064

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 49b990539f0dfce8b4e8600104137298
SHA1 99085092ab6d4a6d0b57bb6610a505639cddb459
SHA256 2ed0d789e3129884fd26a38f84b07d4ac188d0eca95dfd69ca187c21ce8285cf
ssdeep
196608:OzgMFEh+wZtzDcgnEnJDC7urVKhV3xVbxeRJkp2z31z9PTx30B2Eycd:HMihfZrEn5CaRKDxVxukp2LL7x3E2Lcd

authentihash 29f44d3fb6f3241e1dfcbf6e4445996abaf594750ba9c4a03130d72239460fb5
imphash 4258aada1def1c9aa05b30705128a545
File size 9.5 MB ( 9977879 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Borland Delphi 5 (90.6%)
Win32 Executable Delphi generic (2.8%)
Windows screen saver (2.6%)
Win32 Dynamic Link Library (generic) (1.3%)
Win32 Executable (generic) (0.9%)
Tags
bobsoft peexe overlay

VirusTotal metadata
First submission 2014-11-12 23:56:47 UTC ( 4 years, 3 months ago )
Last submission 2017-03-13 07:14:23 UTC ( 1 year, 11 months ago )
File names 2ED0D789E3129884FD26A38F84B07D4AC188D0ECA95DFD69CA187C21CE8285CF
141504364699247-Reign_of_Swords_setup.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.