× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 47befbf387fbd301454b2f4edee07e974e4f3a4e04ddf9a15faab4deb798f726
File name: output.21919753.txt
Detection ratio: 0 / 55
Analysis date: 2014-11-16 01:08:06 UTC ( 3 years, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware 20141116
AegisLab 20141116
Yandex 20141115
AhnLab-V3 20141115
Antiy-AVL 20141115
Avast 20141116
AVG 20141115
Avira (no cloud) 20141115
AVware 20141116
Baidu-International 20141107
BitDefender 20141116
Bkav 20141115
ByteHero 20141116
CAT-QuickHeal 20141114
ClamAV 20141115
CMC 20141114
Comodo 20141116
Cyren 20141116
DrWeb 20141116
Emsisoft 20141116
ESET-NOD32 20141115
F-Prot 20141115
F-Secure 20141115
Fortinet 20141116
GData 20141116
Ikarus 20141115
Jiangmin 20141115
K7AntiVirus 20141114
K7GW 20141115
Kaspersky 20141115
Kingsoft 20141116
Malwarebytes 20141116
McAfee 20141116
McAfee-GW-Edition 20141116
Microsoft 20141116
eScan 20141116
NANO-Antivirus 20141116
Norman 20141115
nProtect 20141114
Panda 20141115
Qihoo-360 20141116
Rising 20141115
Sophos AV 20141115
SUPERAntiSpyware 20141115
Symantec 20141116
Tencent 20141116
TheHacker 20141115
TotalDefense 20141115
TrendMicro 20141116
TrendMicro-HouseCall 20141116
VBA32 20141114
VIPRE 20141116
ViRobot 20141115
Zillya 20141115
Zoner 20141112
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
BattleLine Games LLC. 2007

Product Bonus Poker
Internal name Bonus Poker
File version 2.5.0.23
Description Bonus Poker
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x005F4850
Number of sections 3
PE sections
Overlays
MD5 9b0ab5d436d52ff1eac90ae923140400
File type data
Offset 2427392
Size 503380
Entropy 8.00
PE imports
LoadLibraryA
ExitProcess
GetProcAddress
HlinkNavigateString
ImageList_Add
PrintDlgA
SaveDC
IcmpSendEcho
OleRun
DragFinish
VerQueryValueA
InternetOpenA
mmioSeek
OpenPrinterA
Number of PE resources by type
RT_BITMAP 70
RT_STRING 48
RT_RCDATA 21
RT_GROUP_CURSOR 9
RT_CURSOR 9
UNICODEDATA 6
RT_ICON 5
RT_DIALOG 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 155
ENGLISH UK 7
ENGLISH US 6
NEUTRAL SYS DEFAULT 2
GERMAN 1
PE resources
ExifTool file metadata
Tag023
j%InternalName

UninitializedDataSize
3846144

LinkerVersion
2.25

ImageVersion
0.0

FileVersionNumber
2.5.0.23

LanguageCode
English (British)

FileFlagsMask
0x003f

FileDescription
Bonus Poker

CharacterSet
Windows, Latin1

InitializedDataSize
32768

EntryPoint
0x5f4850

yright2007BattleLineGamesLLC
r%OriginalFilename

MIMEType
application/octet-stream

LegalCopyright
BattleLine Games LLC. 2007

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0.0.1

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
BattleLine Games LLC.

CodeSize
2396160

FileSubtype
0

ProductVersionNumber
2.5.0.23

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 315355f88353c7af54b5edad278c1b52
SHA1 566e571f5f7f36a454759cdf7317747a92cd377e
SHA256 47befbf387fbd301454b2f4edee07e974e4f3a4e04ddf9a15faab4deb798f726
ssdeep
49152:Kc3dJ6w7TZB5MPGxil1IV6l+DZGN9NS3TGUIGdOn2qPjjrB9ALEFXbmR:K4R7Sexed9ADGUIGExPjR9AgAR

authentihash 617a9713f5dc6abc1cb6f77390eb48a6d6c86b1f7465bcc2e9fdccbcb30cbcfa
imphash accaa24ec20c134ca513679bd03bbbb4
File size 2.8 MB ( 2930772 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (41.1%)
Win32 EXE Yoda's Crypter (35.7%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Win16/32 Executable Delphi generic (2.7%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2009-08-31 14:46:14 UTC ( 9 years ago )
Last submission 2016-03-27 18:33:39 UTC ( 2 years, 6 months ago )
File names bonuspoker.exe
1340723822-bonuspoker.exe
output.21919753.txt
Bonus Poker
21919753
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!