× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 42bd8317eba4d042fe1970bd12d5782a3f4e4d1b514955ad71dd2e01e4674b06
File name: GameDownload_PUBG_MOBILE_100103_1.0.5727.123.exe
Detection ratio: 0 / 70
Analysis date: 2019-02-06 21:07:46 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
Acronis 20190130
Ad-Aware 20190206
AegisLab 20190206
AhnLab-V3 20190206
Alibaba 20180921
ALYac 20190206
Antiy-AVL 20190206
Arcabit 20190206
Avast 20190206
Avast-Mobile 20190206
AVG 20190206
Avira (no cloud) 20190206
Babable 20180918
Baidu 20190202
BitDefender 20190206
Bkav 20190201
CAT-QuickHeal 20190206
ClamAV 20190206
CMC 20190206
Comodo 20190206
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cylance 20190206
Cyren 20190206
DrWeb 20190206
eGambit 20190206
Emsisoft 20190206
Endgame 20181108
ESET-NOD32 20190206
F-Prot 20190206
F-Secure 20190206
Fortinet 20190206
GData 20190206
Ikarus 20190206
Sophos ML 20181128
Jiangmin 20190206
K7AntiVirus 20190206
K7GW 20190206
Kaspersky 20190206
Kingsoft 20190206
Malwarebytes 20190206
MAX 20190206
McAfee 20190206
McAfee-GW-Edition 20190206
Microsoft 20190206
eScan 20190206
NANO-Antivirus 20190206
Palo Alto Networks (Known Signatures) 20190206
Panda 20190206
Qihoo-360 20190206
Rising 20190206
SentinelOne (Static ML) 20190203
Sophos AV 20190206
SUPERAntiSpyware 20190130
Symantec 20190206
TACHYON 20190206
Tencent 20190206
TheHacker 20190203
Trapmine 20190123
TrendMicro 20190206
TrendMicro-HouseCall 20190206
Trustlook 20190206
VBA32 20190206
VIPRE 20190206
ViRobot 20190206
Webroot 20190206
Yandex 20190206
Zillya 20190206
ZoneAlarm by Check Point 20190206
Zoner 20190206
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2017 Tencent. All Rights Reserved.

Product Tencent Gaming Buddy
Original name GameDownload.exe
Internal name GameDownload
File version 1.0.5727.123
Description Tencent Gaming Buddy - Install
Signature verification Signed file, verified signature
Signing date 1:16 PM 6/27/2018
Signers
[+] Tencent Technology(Shenzhen) Company Limited
Status Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 12:00 AM 02/04/2016
Valid to 11:59 PM 03/28/2019
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint C57B841B09620EA6278E62AF20963FAEC8F9E03D
Serial number 52 04 8B 9C 8A 67 E2 8F 0C C8 CC 75 81 3D DC 5A
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 12:00 AM 02/08/2010
Valid to 11:59 PM 02/07/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 12:00 AM 11/08/2006
Valid to 11:59 PM 07/16/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 12:00 AM 10/18/2012
Valid to 11:59 PM 12/29/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 12/21/2012
Valid to 11:59 PM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 01/01/1997
Valid to 11:59 PM 12/31/2020
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT CAB
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-27 12:15:55
Entry Point 0x000C43A2
Number of sections 4
PE sections
Overlays
MD5 a0420801ee284a98cbdc56ffc8783982
File type data
Offset 9076736
Size 13048
Entropy 7.38
PE imports
RegCreateKeyExW
RegCloseKey
OpenServiceW
AdjustTokenPrivileges
ControlService
LookupPrivilegeValueW
RegOpenKeyExW
RegDeleteKeyW
CryptHashData
RegQueryValueExW
CryptCreateHash
CloseServiceHandle
OpenProcessToken
RegEnumKeyW
GetTokenInformation
LookupPrivilegeNameW
CryptReleaseContext
CryptAcquireContextA
RegQueryInfoKeyW
RegEnumKeyExW
CryptDestroyHash
RegDeleteValueW
RegSetValueExW
CryptGetHashParam
OpenSCManagerW
QueryServiceStatusEx
_TrackMouseEvent
GetTextMetricsW
TextOutW
CreateFontIndirectW
OffsetRgn
CreatePen
SaveDC
RoundRect
CreateRectRgnIndirect
CombineRgn
Rectangle
LineTo
DeleteDC
RestoreDC
SetBkMode
RectInRegion
GetObjectW
BitBlt
CreateDIBSection
SetTextColor
GetCurrentObject
MoveToEx
ExtTextOutW
CreateBitmap
GetTextExtentPoint32W
GetStockObject
SelectClipRgn
CreateCompatibleDC
StretchBlt
CreateRectRgn
SelectObject
CreateCompatibleBitmap
CreateSolidBrush
GetClipRgn
SetBkColor
DeleteObject
SetRectRgn
ImmDisableIME
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
ReleaseMutex
FileTimeToSystemTime
WaitForSingleObject
LockResource
GetDriveTypeA
HeapDestroy
GetFileAttributesW
GetLocalTime
FreeEnvironmentStringsA
CreatePipe
GetCurrentProcess
GetCurrentDirectoryA
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
SetErrorMode
GetLogicalDrives
GetFileInformationByHandle
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetProcAddress
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
SizeofResource
GlobalMemoryStatusEx
HeapReAlloc
GetStringTypeW
GetFullPathNameA
GetOEMCP
LocalFree
FormatMessageW
GetTimeZoneInformation
OutputDebugStringW
FindClose
TlsGetValue
FormatMessageA
SetLastError
GetUserDefaultUILanguage
PeekNamedPipe
DeviceIoControl
InitializeCriticalSection
CopyFileW
WriteProcessMemory
LoadResource
RemoveDirectoryW
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
lstrcmpiW
EnumSystemLocalesA
GetUserDefaultLCID
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FlushInstructionCache
GetPrivateProfileStringW
GetModuleHandleA
CreateThread
MoveFileExW
GetSystemDirectoryW
DeleteCriticalSection
SetUnhandledExceptionFilter
CreateMutexW
IsProcessorFeaturePresent
ExitThread
SetHandleInformation
SetEnvironmentVariableA
TerminateProcess
SearchPathW
WriteConsoleA
GetVersion
SetCurrentDirectoryW
GlobalAlloc
GetDiskFreeSpaceExW
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
SleepEx
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetSystemDirectoryA
FreeLibrary
GetStartupInfoA
GetWindowsDirectoryW
GetFileSize
OpenProcess
GetStartupInfoW
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
GetPrivateProfileIntW
GetProcessHeap
GetTempFileNameW
GetComputerNameW
CompareStringW
GetModuleFileNameW
ExpandEnvironmentStringsW
FindNextFileW
ResetEvent
FindFirstFileW
IsValidLocale
ExpandEnvironmentStringsA
SetEvent
GetPrivateProfileSectionW
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LoadLibraryExW
SystemTimeToFileTime
LCMapStringW
VirtualAllocEx
GetSystemInfo
lstrlenA
GetConsoleCP
FindResourceW
LCMapStringA
GetThreadLocale
GetEnvironmentStringsW
IsDBCSLeadByte
lstrlenW
Process32NextW
VirtualFree
GetQueuedCompletionStatus
SwitchToThread
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
CreateIoCompletionPort
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
InterlockedCompareExchange
Process32FirstW
lstrcpynW
GetSystemDefaultLangID
RaiseException
TlsFree
SetFilePointer
ReadFile
FindFirstFileA
CloseHandle
GetACP
GlobalLock
GetModuleHandleW
FreeResource
FileTimeToLocalFileTime
GetLongPathNameW
IsValidCodePage
HeapCreate
FindResourceExW
PostQueuedCompletionStatus
CreateProcessW
Sleep
VirtualAlloc
CompareStringA
VarUI4FromStr
SysFreeString
SysStringLen
OleLoadPicture
SysAllocString
GetModuleFileNameExW
SHCreateDirectoryExW
SHBrowseForFolderW
SHFileOperationW
ShellExecuteW
SHGetPathFromIDListW
ShellExecuteExW
SHGetSpecialFolderPathW
CommandLineToArgvW
StrStrIA
PathFindFileNameW
wnsprintfW
PathFileExistsW
PathRemoveFileSpecW
StrToIntA
PathAddBackslashW
StrStrIW
PathAppendW
SHDeleteKeyW
PathIsDirectoryW
MapWindowPoints
RegisterWindowMessageW
GetDlgCtrlID
SetWindowRgn
EnableWindow
GetWindow
EqualRect
GetMessageW
GetFocus
DefWindowProcW
CopyRect
GetParent
KillTimer
WaitMessage
PostQuitMessage
ShowWindow
GetMonitorInfoW
IsWindowEnabled
DrawFrameControl
SetWindowPos
GetClassInfoExW
SetWindowLongW
MessageBoxW
PeekMessageW
GetWindowRect
InflateRect
EndPaint
IsWindow
SetCapture
ReleaseCapture
TranslateMessage
GetSystemMenu
GetWindowDC
CharNextW
GetActiveWindow
SendMessageTimeoutW
PostMessageW
GetSysColor
MoveWindow
GetDC
CopyImage
ReleaseDC
BeginPaint
GetKeyState
SendMessageW
UnregisterClassA
GetQueueStatus
DestroyWindow
GetWindowLongW
DrawIconEx
CreateWindowExW
OffsetRect
UnregisterClassW
SetWindowTextW
SetTimer
GetDlgItem
SystemParametersInfoW
DrawTextW
CallWindowProcW
MonitorFromWindow
ClientToScreen
SetRect
InvalidateRect
MsgWaitForMultipleObjectsEx
LoadImageW
TrackPopupMenu
LoadStringW
PostThreadMessageW
FlashWindow
GetClientRect
GetWindowTextW
SetActiveWindow
GetDesktopWindow
LoadCursorW
LoadIconW
GetWindowTextLengthW
DispatchMessageW
MsgWaitForMultipleObjects
RegisterClassExW
IsWindowVisible
PtInRect
SetCursor
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
InternetCanonicalizeUrlW
InternetQueryOptionW
InternetConnectW
HttpQueryInfoW
InternetReadFile
InternetCreateUrlW
InternetCrackUrlW
InternetSetOptionW
HttpSendRequestW
InternetCloseHandle
InternetOpenW
DeleteUrlCacheEntryW
HttpOpenRequestW
timeKillEvent
timeSetEvent
Ord(301)
Ord(50)
Ord(27)
Ord(22)
Ord(60)
Ord(79)
Ord(46)
Ord(211)
Ord(30)
Ord(33)
Ord(200)
Ord(143)
Ord(32)
Ord(26)
Ord(41)
Ord(35)
htonl
accept
WSACreateEvent
WSAStartup
connect
getsockname
htons
WSASetLastError
select
gethostname
getsockopt
closesocket
ntohl
inet_addr
send
getservbyport
WSAWaitForMultipleEvents
WSAGetLastError
gethostbyaddr
listen
WSASocketW
__WSAFDIsSet
ioctlsocket
WSACleanup
gethostbyname
WSAJoinLeaf
inet_ntoa
WSAEventSelect
recv
setsockopt
socket
getpeername
bind
recvfrom
WSAEnumNetworkEvents
sendto
ntohs
getservbyname
GdipDisposeImageAttributes
GdiplusShutdown
GdipCreateFromHDC
GdipSetImageAttributesColorMatrix
GdipLoadImageFromStream
GdipFree
GdipGetImageHeight
GdipCreateHBITMAPFromBitmap
GdipCreateImageAttributes
GdipCreateBitmapFromStream
GdipAlloc
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipGetImageWidth
GdipDrawImageI
GdipDrawImageRectI
GdipDeleteGraphics
GdipDrawImageRectRectI
UnMapAndLoad
MapAndLoad
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
URLDownloadToFileW
PE exports
Number of PE resources by type
RT_ICON 9
DLL 4
EXE 2
RT_STRING 2
RT_GROUP_ICON 2
RT_MANIFEST 1
SKIN 1
CUSTOM 1
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 22
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.5727.123

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Tencent Gaming Buddy - Install

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
8122368

EntryPoint
0xc43a2

OriginalFileName
GameDownload.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2017 Tencent. All Rights Reserved.

FileVersion
1.0.5727.123

TimeStamp
2018:06:27 13:15:55+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
GameDownload

ProductVersion
1,0,5727,123

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Tencent

CodeSize
950272

ProductName
Tencent Gaming Buddy

ProductVersionNumber
1.0.5727.123

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
PE resource-wise parents
File identification
MD5 79da347f4183c208a22cd5e6eb8acfa5
SHA1 59c996cd875462688d64f797142690dfca3bc2b1
SHA256 42bd8317eba4d042fe1970bd12d5782a3f4e4d1b514955ad71dd2e01e4674b06
ssdeep
196608:BeKqqlUgN7AktVweDOaG5eWWi/zio/iXo:Ba2ONwWrX/Wo

authentihash 5dfc565e961db7b1f1befc2b40b424b5ac77ea32ccda0f7d4316f6532c65173f
imphash 5b2ccd31e75b3b05c8bd2695c63956a2
File size 8.7 MB ( 9089784 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows ActiveX control (47.4%)
InstallShield setup (17.5%)
Win32 Executable MS Visual C++ (generic) (12.7%)
Win64 Executable (generic) (11.2%)
Microsoft Visual C++ compiled executable (generic) (6.7%)
Tags
revoked-cert peexe signed overlay

VirusTotal metadata
First submission 2018-06-27 15:19:42 UTC ( 8 months, 3 weeks ago )
Last submission 2019-03-17 03:59:20 UTC ( 2 days ago )
File names a7dbfd219f199d94049b22a7fdadd4cdcab91be5
Tencent Game Buddy.exe
gamedownload-pubg-mobile-100103-1.0.5727.123.exe
GameDownload_PUBG_MOBILE_100103_1.0.5727.123.exe
GameDownload_PUBG_MOBILE_100103_1.0.5727.123(1).exe
pubg-mobile_090.exe
gamedownload_pubg_mobile_100103_1.0.5727.123
GameDownload_PUBG_MOBILE_100103_1.0.5727.123.exe
GameDownload_PUBG_MOBILE_100103_1.0.5727.123_3.exe
PUBG_MOBILE_100103_1.0.5727.123.exe
gamedownload_pubg_mobile_100103.exe
pubgkurulumdosyasi.exe
Tencent%20Game%20Buddy.exe
42bd8317eba4d042fe1970bd12d5782a3f4e4d1b514955ad71dd2e01e4674b06.file
GameDownload
GameDownload_PUBG_MOBILE_100103_1.0.5727.123(2).exe
99270067.exe
output.114785060.txt
GameDownload_PUBG_MOBILE_100103_1.0.5727.123.exe
PUBG.exe
pubg-mobile_080.exe
GameDownload_PUBG_MOBILE_100103_1.0.5727.123.exe
556474009.exe
PUBG_PATCH.exe
GameDownload_PUBG_MOBILE_100103_1.0.5727.123.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
DNS requests
TCP connections
UDP communications