× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 48a6ca872752c457b4844cbcf11e0bab80f0fee84d37659c1a70c8025c32e503
File name: eurgrandparker.exe
Detection ratio: 3 / 50
Analysis date: 2014-03-12 16:40:39 UTC ( 1 year, 5 months ago )
Antivirus Result Update
AVG Casino.E 20140311
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-DTR.S 20140312
Qihoo-360 Malware.QVM10.Gen 20140312
Ad-Aware 20140312
Agnitum 20140312
AhnLab-V3 20140312
AntiVir 20140312
Antiy-AVL 20140311
Avast 20140312
Baidu-International 20140312
BitDefender 20140312
Bkav 20140312
ByteHero 20140312
CAT-QuickHeal 20140312
CMC 20140312
ClamAV 20140312
Commtouch 20140312
Comodo 20140312
DrWeb 20140312
ESET-NOD32 20140312
Emsisoft 20140312
F-Prot 20140312
F-Secure 20140312
Fortinet 20140312
GData 20140312
Ikarus 20140312
Jiangmin 20140312
K7AntiVirus 20140312
K7GW 20140312
Kaspersky 20140312
Kingsoft 20140312
Malwarebytes 20140312
McAfee 20140312
MicroWorld-eScan 20140312
Microsoft 20140312
NANO-Antivirus 20140312
Norman 20140312
Panda 20140312
Rising 20140312
SUPERAntiSpyware 20140311
Sophos 20140312
Symantec 20140312
TheHacker 20140312
TotalDefense 20140312
TrendMicro 20140312
TrendMicro-HouseCall 20140312
VBA32 20140312
VIPRE 20140312
ViRobot 20140312
nProtect 20140312
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (c) 2012 Real-Time Gaming

Publisher Hastings International B.V.
Product Grand Parker Casino Euro French
Original name InstallShield Setup.exe
Internal name Setup
File version 13.1.0-RTG
Description Installer
Signature verification Signed file, verified signature
Signers
[+] Hastings International B.V.
Status Valid
Valid from 1:00 AM 1/16/2012
Valid to 12:59 AM 2/12/2015
Valid usage Code Signing
Algorithm SHA1
Thumbprint E5B994EE3C4B08A72381C163CDFBA9BC0FEBF1D3
Serial number 45 86 B3 E3 A9 F3 59 A1 15 87 85 6D 25 5E 3F E0
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm SHA1
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-12-05 08:19:55
Entry Point 0x0000F870
Number of sections 4
PE sections
PE imports
AreFileApisANSI
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
GetSystemInfo
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
OutputDebugStringA
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
WaitForSingleObjectEx
RtlUnwind
DeleteCriticalSection
GetCurrentProcess
CreateThread
GetConsoleMode
HeapSize
GetCurrentProcessId
WriteConsoleW
HeapQueryInformation
GetCPInfo
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetProcessHeap
SetStdHandle
GetTempPathA
RaiseException
WideCharToMultiByte
TlsFree
GetModuleHandleA
GetSystemTimeAsFileTime
ReadFile
SetEndOfFile
SetUnhandledExceptionFilter
WriteFile
HeapValidate
CloseHandle
IsProcessorFeaturePresent
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
HeapAlloc
TerminateProcess
GetModuleHandleExW
IsValidCodePage
OutputDebugStringW
CreateFileW
GetStringTypeW
TlsGetValue
GetFileType
ReadConsoleW
TlsSetValue
EncodePointer
GetCurrentThreadId
SetLastError
LeaveCriticalSection
Number of PE resources by type
RT_ICON 11
RT_GROUP_ICON 3
RT_RCDATA 2
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 15
NEUTRAL DEFAULT 2
ENGLISH US 1
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
1277952

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
13.1.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Installer

CharacterSet
Unicode

LinkerVersion
12.0

FileOS
Win32

InternalBuildNumber
99584

ISInternalVersion
17.0.717

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
13.1.0-RTG

TimeStamp
2013:12:05 09:19:55+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Setup

FileAccessDate
2014:03:12 17:40:45+01:00

ProductVersion
13.1.0-RTG

SubsystemVersion
5.1

ISInternalDescription
Setup Launcher Unicode

OSVersion
5.1

FileCreateDate
2014:03:12 17:40:45+01:00

OriginalFilename
InstallShield Setup.exe

LegalCopyright
Copyright (c) 2012 Real-Time Gaming

MachineType
Intel 386 or later, and compatibles

CompanyName
RealTimeGaming Software

CodeSize
217600

ProductName
Grand Parker Casino Euro French

ProductVersionNumber
13.1.0.0

EntryPoint
0xf870

ObjectFileType
Dynamic link library

File identification
MD5 8326886267203e07145f63adf2e8f0a1
SHA1 6931e335e9a4d9954b0aef668a8d28d6e3070181
SHA256 48a6ca872752c457b4844cbcf11e0bab80f0fee84d37659c1a70c8025c32e503
ssdeep
24576:LYG44332AF+PGnkbEnsMJ4TYg48tHgDA6dtItuRD3OlYiC1CMWt7tTGyh:b32AF+OpuTfVHirdjF3ODCtqjh

imphash 3a9231ebe35f440c38836d3feaadb597
File size 1.4 MB ( 1500280 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe signed

VirusTotal metadata
First submission 2014-03-12 16:40:39 UTC ( 1 year, 5 months ago )
Last submission 2014-03-12 16:40:39 UTC ( 1 year, 5 months ago )
File names InstallShield Setup.exe
Setup
eurgrandparker.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections