× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3b0a8e6676bffaade1a858e0cf0e97ba4c577a04188335827d8ffbde0f5d675d
File name: Sniper_Ghost_Warrior_Turkce_Yama.exe
Detection ratio: 2 / 63
Analysis date: 2017-07-23 20:53:03 UTC ( 1 year, 7 months ago )
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20170710
TrendMicro-HouseCall Suspicious_GEN.F47V0421 20170723
Ad-Aware 20170723
AegisLab 20170723
AhnLab-V3 20170723
Alibaba 20170721
ALYac 20170723
Antiy-AVL 20170723
Arcabit 20170723
Avast 20170723
AVG 20170723
Avira (no cloud) 20170723
AVware 20170721
Baidu 20170721
BitDefender 20170723
Bkav 20170722
CAT-QuickHeal 20170722
ClamAV 20170723
CMC 20170721
Comodo 20170723
Cylance 20170723
Cyren 20170723
DrWeb 20170723
Emsisoft 20170723
Endgame 20170721
ESET-NOD32 20170723
F-Prot 20170723
F-Secure 20170723
Fortinet 20170723
GData 20170723
Ikarus 20170723
Sophos ML 20170607
Jiangmin 20170723
K7AntiVirus 20170723
K7GW 20170723
Kaspersky 20170723
Kingsoft 20170723
Malwarebytes 20170723
MAX 20170723
McAfee 20170723
McAfee-GW-Edition 20170723
Microsoft 20170723
eScan 20170723
NANO-Antivirus 20170723
nProtect 20170723
Palo Alto Networks (Known Signatures) 20170723
Panda 20170723
Qihoo-360 20170723
Rising 20170723
SentinelOne (Static ML) 20170718
Sophos AV 20170723
SUPERAntiSpyware 20170723
Symantec 20170723
Symantec Mobile Insight 20170720
Tencent 20170723
TheHacker 20170723
TrendMicro 20170723
Trustlook 20170723
VBA32 20170721
VIPRE 20170723
ViRobot 20170723
Webroot 20170723
WhiteArmor 20170721
Yandex 20170721
Zillya 20170721
ZoneAlarm by Check Point 20170723
Zoner 20170723
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT RAR, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-07-02 15:45:47
Entry Point 0x0000A7D9
Number of sections 5
PE sections
Overlays
MD5 c4c0e7a373a328bee3531fbf1cb1cbf7
File type data
Offset 107008
Size 129844
Entropy 7.99
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
AdjustTokenPrivileges
RegQueryValueExA
SetFileSecurityW
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError
GetDeviceCaps
GetObjectA
DeleteDC
SelectObject
StretchBlt
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetSystemTime
GetLastError
HeapFree
GetStdHandle
DosDateTimeToFileTime
ReadFile
FileTimeToSystemTime
lstrlenA
GetModuleFileNameW
WaitForSingleObject
LoadLibraryA
FreeLibrary
FindNextFileA
HeapAlloc
SystemTimeToFileTime
GetVersionExA
GetModuleFileNameA
IsDBCSLeadByte
GetCurrentProcess
GetDateFormatA
FileTimeToLocalFileTime
GetCurrentDirectoryA
GetLocaleInfoA
CreateDirectoryA
DeleteFileA
GetCPInfo
ExitProcess
MultiByteToWideChar
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
SetFileAttributesA
SetFilePointer
GetTempPathA
SetEndOfFile
lstrcmpiA
CloseHandle
WideCharToMultiByte
GetFileAttributesA
GetModuleHandleA
FindNextFileW
WriteFile
FindFirstFileA
GetTimeFormatA
GetCommandLineA
FindFirstFileW
HeapReAlloc
MoveFileExA
ExpandEnvironmentStringsA
SetEnvironmentVariableA
GetFullPathNameA
MoveFileA
GetFileAttributesW
GetNumberFormatA
CreateFileW
GlobalAlloc
LocalFileTimeToFileTime
FindClose
Sleep
GetFileType
SetFileAttributesW
SetFileTime
CreateFileA
GetTickCount
FindResourceA
SetCurrentDirectoryA
SetLastError
CompareStringA
VariantInit
SHGetFileInfoA
ShellExecuteExA
SHChangeNotify
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHFileOperationA
SetFocus
MapWindowPoints
GetParent
UpdateWindow
EndDialog
DefWindowProcA
ShowWindow
GetSystemMetrics
LoadBitmapA
SetWindowPos
SendDlgItemMessageA
CharToOemBuffA
IsWindow
GetWindowRect
DispatchMessageA
EnableWindow
SetMenu
SetDlgItemTextA
PostMessageA
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
wvsprintfA
TranslateMessage
DialogBoxParamA
GetWindow
CharUpperA
GetDC
RegisterClassExA
ReleaseDC
SetWindowTextA
DestroyIcon
GetWindowLongA
IsWindowVisible
SendMessageA
GetWindowTextA
GetClientRect
CreateWindowExA
GetDlgItem
OemToCharBuffA
LoadIconA
wsprintfA
FindWindowExA
GetSysColor
LoadCursorA
OemToCharA
LoadStringA
CopyRect
WaitForInputIdle
GetClassNameA
GetMessageA
DestroyWindow
CharToOemA
CreateStreamOnHGlobal
OleUninitialize
CoCreateInstance
OleInitialize
CLSIDFromString
Number of PE resources by type
RT_DIALOG 6
RT_STRING 5
RT_ICON 4
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 17
NEUTRAL DEFAULT 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2009:07:02 16:45:47+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
67584

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
38400

SubsystemVersion
4.0

EntryPoint
0xa7d9

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 357e1549bf21d6e9c9a1558479dfc4a6
SHA1 771e9a510e2ac4cc894e3125a775805ad5eca55b
SHA256 3b0a8e6676bffaade1a858e0cf0e97ba4c577a04188335827d8ffbde0f5d675d
ssdeep
6144:xkCdNPxhI5yCkP5+Q+Xb2HGWNJBydzCbuoWJ:xkoNPxhI5yCkcQ+rYfNJBydfJ

authentihash d794e85081722d7730914b16a8de90cf28a39891f59fe948f6dcf4b5c938f41f
imphash 50610e34092d6ce13e51e7c9d5197081
File size 231.3 KB ( 236852 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2010-11-23 23:18:47 UTC ( 8 years, 3 months ago )
Last submission 2017-07-23 20:53:03 UTC ( 1 year, 7 months ago )
File names file-4316559_exe
Sniper GW Turkce Yama.exe
Sniper GW Türkçe Yama.exe
Apache Air ASSAULT Türkçe Yama.exe
Sniper_Ghost_Warrior_Turkce_Yama.exe
Sniper GW Türkçe Yama.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!