× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 32615a264a681d72d292d193db3fc9d0f6e2810a59005797511e14e344b98a4a
Detection ratio: 0 / 65
Analysis date: 2018-03-31 00:32:13 UTC ( 5 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware 20180330
AegisLab 20180330
AhnLab-V3 20180330
Alibaba 20180330
ALYac 20180330
Antiy-AVL 20180331
Arcabit 20180330
Avast 20180330
Avast-Mobile 20180330
AVG 20180330
Avira (no cloud) 20180330
AVware 20180330
Baidu 20180330
BitDefender 20180331
Bkav 20180330
CAT-QuickHeal 20180330
ClamAV 20180330
CMC 20180330
Comodo 20180331
CrowdStrike Falcon (ML) 20170201
Cybereason 20180225
Cylance 20180331
Cyren 20180331
DrWeb 20180331
eGambit 20180331
Emsisoft 20180331
Endgame 20180316
ESET-NOD32 20180330
F-Prot 20180331
F-Secure 20180331
Fortinet 20180331
GData 20180331
Sophos ML 20180121
Jiangmin 20180330
K7AntiVirus 20180330
K7GW 20180330
Kaspersky 20180331
Kingsoft 20180331
Malwarebytes 20180331
MAX 20180331
McAfee 20180331
McAfee-GW-Edition 20180330
Microsoft 20180331
eScan 20180330
NANO-Antivirus 20180331
nProtect 20180330
Palo Alto Networks (Known Signatures) 20180331
Qihoo-360 20180331
Rising 20180403
SentinelOne (Static ML) 20180225
Sophos AV 20180330
SUPERAntiSpyware 20180331
Symantec 20180330
Symantec Mobile Insight 20180311
Tencent 20180331
TheHacker 20180330
TotalDefense 20180330
TrendMicro 20180330
TrendMicro-HouseCall 20180330
Trustlook 20180331
VBA32 20180330
VIPRE 20180330
ViRobot 20180330
WhiteArmor 20180324
Yandex 20180329
Zillya 20180330
ZoneAlarm by Check Point 20180330
Zoner 20180330
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2000-2009 by AKi-Software

Product KoolPlaya
Original name KoolPlaya(X64).exe
Internal name KoolPlaya v1.3
File version 1, 3, 1, 3
Description KoolPlaya
Comments FREEWARE
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-02-27 17:13:45
Entry Point 0x00121F30
Number of sections 3
PE sections
PE imports
RegOpenKeyA
GetFileTitleA
Escape
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
OleCreatePropertyFrame
EnumProcesses
AMGetErrorTextA
SHGetMalloc
PathIsUNCA
VerQueryValueA
InternetOpenA
ClosePrinter
CoInitialize
Number of PE resources by type
RT_DIALOG 19
LNG 18
RT_CURSOR 17
RT_GROUP_CURSOR 16
RT_STRING 13
RT_MENU 9
RT_ICON 9
RT_GROUP_ICON 7
RT_BITMAP 4
TEXT 1
JPEG 1
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
GERMAN 115
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
FREEWARE

InitializedDataSize
24576

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.3.1.3

LanguageCode
German

FileFlagsMask
0x003f

FileDescription
KoolPlaya

CharacterSet
Unicode

LinkerVersion
8.0

EntryPoint
0x121f30

OriginalFileName
KoolPlaya(X64).exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2000-2009 by AKi-Software

FileVersion
1, 3, 1, 3

TimeStamp
2009:02:27 18:13:45+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
KoolPlaya v1.3

ProductVersion
1, 3, 1, 3

UninitializedDataSize
745472

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
AKi-Software

CodeSize
442368

ProductName
KoolPlaya

ProductVersionNumber
1.3.1.3

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
Compressed bundles
File identification
MD5 41284834bb1f1c896339e080077b2b90
SHA1 b4f7f26ec1aacf9d688b4d7eefea116f60fba1d6
SHA256 32615a264a681d72d292d193db3fc9d0f6e2810a59005797511e14e344b98a4a
ssdeep
12288:qHLAN+dMbOV6TdW0h9poh9nP3zGQAmBxatfuP:YANxOV6Tnh9pohBTBItf

authentihash 4c6fde8526e51ea29fe5a0df1072c71c4480e07ff5b0ba34dd6b5cf10dc74c88
imphash 45920c491e9a3a2ccf9c2abc8a89fb0a
File size 452.5 KB ( 463360 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (38.2%)
Win32 EXE Yoda's Crypter (37.5%)
Win32 Dynamic Link Library (generic) (9.2%)
Win32 Executable (generic) (6.3%)
OS/2 Executable (generic) (2.8%)
Tags
peexe upx software-collection

VirusTotal metadata
First submission 2009-04-11 22:08:08 UTC ( 9 years, 5 months ago )
Last submission 2017-11-07 11:59:41 UTC ( 10 months, 2 weeks ago )
File names 1342031387-KoolPlaya.zip
KoolPlaya.exe
KoolPlaya v1.3
koolplaya.exe
KoolPlaya(X64).exe
KoolPlaya.exe
KoolPlaya.exe
41284834bb1f1c896339e080077b2b90
kool-playa.exe
kool-playa.exe
file
octet-stream
KoolPlayer 1.3.1.3.exe
software.exe
koolplaya.exe
36352
141491327724204-KoolPlaya.exe
file
file-3960313_exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
screen-capture

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!