× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 418fc58722da02f30b9b06f757c0dcc9237cd47bfee75fbdf4d1ad5d47c22072
File name: 418fc58722da02f30b9b06f757c0dcc9237cd47bfee75fbdf4d1ad5d47c22072
Detection ratio: 1 / 64
Analysis date: 2017-07-08 19:20:33 UTC ( 1 year, 9 months ago ) View latest
Antivirus Result Update
TheHacker Adware/EShoper.ba 20170707
Ad-Aware 20170708
AegisLab 20170708
AhnLab-V3 20170708
Alibaba 20170708
ALYac 20170708
Antiy-AVL 20170708
Arcabit 20170708
Avast 20170708
AVG 20170708
Avira (no cloud) 20170708
AVware 20170708
Baidu 20170707
BitDefender 20170708
Bkav 20170706
CAT-QuickHeal 20170708
ClamAV 20170708
CMC 20170707
Comodo 20170708
CrowdStrike Falcon (ML) 20170420
Cylance 20170708
Cyren 20170708
DrWeb 20170708
Emsisoft 20170708
Endgame 20170706
ESET-NOD32 20170708
F-Prot 20170708
F-Secure 20170708
Fortinet 20170629
GData 20170708
Ikarus 20170708
Sophos ML 20170607
Jiangmin 20170708
K7AntiVirus 20170707
K7GW 20170708
Kaspersky 20170708
Kingsoft 20170708
Malwarebytes 20170708
MAX 20170708
McAfee 20170708
McAfee-GW-Edition 20170708
Microsoft 20170708
eScan 20170708
NANO-Antivirus 20170708
nProtect 20170708
Palo Alto Networks (Known Signatures) 20170708
Panda 20170708
Qihoo-360 20170708
Rising 20170708
SentinelOne (Static ML) 20170516
Sophos AV 20170708
SUPERAntiSpyware 20170708
Symantec 20170708
Symantec Mobile Insight 20170707
Tencent 20170708
TotalDefense 20170708
TrendMicro 20170708
TrendMicro-HouseCall 20170708
Trustlook 20170708
VBA32 20170707
VIPRE 20170708
ViRobot 20170708
Webroot 20170708
WhiteArmor 20170706
Yandex 20170707
Zillya 20170707
ZoneAlarm by Check Point 20170708
Zoner 20170708
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Silent Hill 3 Türkçe Yama Kurulum Programý
File version 2, 0, 0, 31
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-11-27 14:14:43
Entry Point 0x00024C10
Number of sections 3
PE sections
Overlays
MD5 d3585fc182f0b9a9905220bc83b1e051
File type data
Offset 69632
Size 1579617
Entropy 8.00
PE imports
RegCloseKey
BitBlt
LoadLibraryA
ExitProcess
GetProcAddress
SHGetMalloc
IsIconic
VerFindFileA
CoGetMalloc
Number of PE resources by type
RT_ICON 5
RT_DIALOG 4
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 12
PE resources
ExifTool file metadata
UninitializedDataSize
90112

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.0.0.31

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
12288

EntryPoint
0x24c10

MIMEType
application/octet-stream

FileVersion
2, 0, 0, 31

TimeStamp
2007:11:27 15:14:43+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
2, 0, 0, 31

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
57344

ProductName
Silent Hill 3 T rk e Yama Kurulum Program

ProductVersionNumber
2.0.0.31

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 fffaa02ce96e5ea8b6eebad4523d937d
SHA1 b345dd4ba5476bbf9b96ee29539f58cd2ee8b6f0
SHA256 418fc58722da02f30b9b06f757c0dcc9237cd47bfee75fbdf4d1ad5d47c22072
ssdeep
24576:bC59cJJOGEybw6yFyKJ1ffQS2+95+2r3GKvlat4J9ht3aLebA/WQsRbnoS2x54F:bocJMGXD9MxQylGK95t8ebA/ChnoS2gF

authentihash 42cc6620478fe86b5b6154b9ee3377e981899fa559f02f9b58da41a05f215f18
imphash dbafcd1eb78ccc1c29dad4e15bbcfab7
File size 1.6 MB ( 1649249 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (38.2%)
Win32 EXE Yoda's Crypter (37.5%)
Win32 Dynamic Link Library (generic) (9.2%)
Win32 Executable (generic) (6.3%)
OS/2 Executable (generic) (2.8%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2010-04-25 08:44:55 UTC ( 9 years ago )
Last submission 2019-02-13 23:19:23 UTC ( 2 months, 1 week ago )
File names silent hill 3 tr yama.exe
sh3.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Searched windows
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.