× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 49ae454826038c5697bcb0287b4754281a4f2d95b6bcfa24d3c1dc9dc49581c6
File name: alliance-of-valiant-arms-ava-4411-jetelecharge.exe
Detection ratio: 0 / 61
Analysis date: 2017-05-12 13:36:23 UTC ( 8 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware 20170512
AegisLab 20170512
AhnLab-V3 20170512
Alibaba 20170512
ALYac 20170512
Antiy-AVL 20170512
Arcabit 20170512
Avast 20170512
AVG 20170512
Avira (no cloud) 20170512
AVware 20170512
Baidu 20170503
BitDefender 20170512
Bkav 20170512
CAT-QuickHeal 20170512
ClamAV 20170512
CMC 20170511
Comodo 20170512
CrowdStrike Falcon (ML) 20170130
Cyren 20170512
DrWeb 20170512
Emsisoft 20170512
Endgame 20170503
ESET-NOD32 20170512
F-Prot 20170512
F-Secure 20170512
Fortinet 20170512
GData 20170512
Ikarus 20170512
Sophos ML 20170413
Jiangmin 20170512
K7AntiVirus 20170512
K7GW 20170512
Kaspersky 20170512
Kingsoft 20170512
Malwarebytes 20170512
McAfee 20170512
McAfee-GW-Edition 20170511
Microsoft 20170512
eScan 20170512
NANO-Antivirus 20170512
nProtect 20170512
Palo Alto Networks (Known Signatures) 20170512
Panda 20170512
Qihoo-360 20170512
Rising 20170512
SentinelOne (Static ML) 20170330
Sophos AV 20170512
SUPERAntiSpyware 20170512
Symantec 20170511
Symantec Mobile Insight 20170512
Tencent 20170512
TheHacker 20170508
TotalDefense 20170512
TrendMicro 20170512
VBA32 20170512
VIPRE 20170512
ViRobot 20170512
Webroot 20170512
WhiteArmor 20170512
Yandex 20170510
Zillya 20170511
ZoneAlarm by Check Point 20170512
Zoner 20170512
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© 2012 Aeria Games & Entertainment, Inc.

Product Downloader
Original name Downloader.exe
Internal name Downloader
File version 2,1,0,0
Description Downloader
Signature verification Signed file, verified signature
Signing date 12:50 PM 12/13/2012
Signers
[+] Aeria Games and Entertainment
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Code Signing CA - G2
Valid from 1:00 AM 1/25/2012
Valid to 12:59 AM 1/25/2014
Valid usage Code Signing, 1.3.6.1.4.1.311.2.1.22
Algorithm sha1RSA
Thumbprint 78B6CFC72DDC38CE7871443DEA4CEA2F05D3C632
Serial number 1A 25 B9 20 7D 56 56 05 61 E7 12 46 2D E8 7F 87
[+] Thawte Code Signing CA - G2
Status Valid
Issuer thawte Primary Root CA
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 808D62642B7D1C4A9A83FD667F7A2A9D243FB1C7
Serial number 47 97 4D 78 73 A5 BC AB 0D 2F B3 70 19 2F CE 5E
[+] thawte
Status Valid
Issuer thawte Primary Root CA
Valid from 1:00 AM 11/17/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 91C6D6EE3E8AC86384E548C299295C756C817B81
Serial number 34 4E D5 57 20 D5 ED EC 49 F4 2F CE 37 DB 2B 6D
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 5/20/2022
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint D43989A11E5961CC13A58008172BF544DA11F1E6
Serial number 7E 1F DF 72 99 E8 D2 45 A1 5D 0B A8 E5 B1 59 BA
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-12-13 11:50:42
Entry Point 0x00021871
Number of sections 5
PE sections
Overlays
MD5 438e2673c4a1dcd9d69f57ad7885dc02
File type data
Offset 479232
Size 5808
Entropy 7.42
PE imports
RegCreateKeyExW
RegDeleteValueW
CryptReleaseContext
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
CryptAcquireContextW
RegDeleteKeyW
CryptHashData
CryptGetHashParam
RegQueryValueExW
CryptDestroyHash
CryptCreateHash
ImageList_Destroy
_TrackMouseEvent
ImageList_Draw
ImageList_GetIconSize
ImageList_Create
ImageList_Add
GetDeviceCaps
ExtTextOutW
DeleteDC
CreateFontIndirectW
RestoreDC
SetBkMode
BitBlt
GetStockObject
SaveDC
CreateSolidBrush
GetObjectW
SelectObject
SetBkColor
CreateRoundRectRgn
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetTextColor
GetAdaptersInfo
GetStdHandle
InterlockedPopEntrySList
WaitForSingleObject
EncodePointer
GetFileAttributesW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
IsWow64Process
ResumeThread
InterlockedPushEntrySList
LoadResource
TlsGetValue
SetFileAttributesW
SetLastError
InterlockedDecrement
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
HeapSetInformation
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
FlushInstructionCache
GetPrivateProfileStringW
CreateThread
GetSystemDirectoryW
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
TerminateProcess
GlobalAlloc
GetDiskFreeSpaceExW
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
lstrcmpiW
RtlUnwind
GetStartupInfoW
CreateDirectoryW
GlobalLock
GetProcessHeap
CompareStringW
lstrcmpW
GetProcAddress
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
CreateProcessW
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
InterlockedCompareExchange
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
FindResourceW
VirtualFree
Sleep
VirtualAlloc
LoadRegTypeLib
OleCreateFontIndirect
SysStringLen
SysAllocStringLen
VariantClear
SysAllocString
LoadTypeLib
SysFreeString
VariantInit
VarUI4FromStr
Shell_NotifyIconW
SHGetSpecialFolderPathW
ShellExecuteW
StrCmpNW
StrCpyW
RedrawWindow
SetWindowRgn
DrawTextW
DestroyMenu
SetWindowPos
IsWindow
EndPaint
DispatchMessageW
GetCursorPos
ReleaseDC
GetDlgCtrlID
SendMessageW
UnregisterClassA
GetClientRect
SetMenuDefaultItem
LoadImageW
GetActiveWindow
GetWindowTextW
GetWindowTextLengthW
InvalidateRgn
PtInRect
DrawEdge
GetClassInfoExW
UpdateWindow
GetMessageW
ShowWindow
PeekMessageW
TranslateMessage
IsWindowEnabled
GetWindow
LoadStringW
EnableMenuItem
GetSubMenu
SetTimer
IsDialogMessageW
FillRect
MonitorFromPoint
CreateAcceleratorTableW
CreateWindowExW
GetWindowLongW
DestroyWindow
IsChild
SetFocus
RegisterWindowMessageW
GetMonitorInfoW
BeginPaint
DefWindowProcW
KillTimer
MapWindowPoints
GetParent
GetSystemMetrics
SetWindowLongW
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
PostMessageW
CreateDialogParamW
DrawFocusRect
SetWindowTextW
GetDlgItem
ClientToScreen
TrackPopupMenu
DestroyAcceleratorTable
GetDesktopWindow
LoadCursorW
GetMenuItemID
SetForegroundWindow
EndDialog
FindWindowW
GetCapture
ScreenToClient
LoadMenuW
GetMenu
RegisterClassExW
MoveWindow
DialogBoxParamW
AdjustWindowRectEx
GetSysColor
SystemParametersInfoW
GetDC
InvalidateRect
CharNextW
CallWindowProcW
GetClassNameW
ModifyMenuW
MonitorFromWindow
GetFocus
SetCursor
WinHttpConnect
WinHttpQueryHeaders
WinHttpSendRequest
WinHttpCloseHandle
WinHttpAddRequestHeaders
WinHttpSetStatusCallback
WinHttpReceiveResponse
WinHttpOpen
WinHttpOpenRequest
WinHttpReadData
HttpQueryInfoW
HttpSendRequestA
InternetSetOptionA
HttpOpenRequestA
InternetReadFile
InternetCloseHandle
InternetOpenA
InternetConnectA
InternetQueryOptionA
InternetErrorDlg
HttpQueryInfoA
socket
recv
send
WSACleanup
WSAStartup
gethostbyname
connect
htons
closesocket
GdipFree
GdipCreateHBITMAPFromBitmap
GdipAlloc
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
CreateStreamOnHGlobal
OleLockRunning
CLSIDFromProgID
OleInitialize
CoInitializeEx
CoCreateGuid
CoTaskMemRealloc
CoCreateInstance
OleUninitialize
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromString
StringFromGUID2
CoSetProxyBlanket
CoGetClassObject
PE exports
Number of PE resources by type
RT_HTML 28
RT_ICON 5
RT_DIALOG 4
RT_MANIFEST 1
RT_STRING 1
RT_MENU 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 42
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.1.2005.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
275968

EntryPoint
0x21871

OriginalFileName
Downloader.exe

MIMEType
application/octet-stream

LegalCopyright
2012 Aeria Games & Entertainment, Inc.

FileVersion
2,1,0,0

TimeStamp
2012:12:13 12:50:42+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Downloader

ProductVersion
2,1,2005,0

FileDescription
Downloader

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Aeria Games & Entertainment

CodeSize
202240

ProductName
Downloader

ProductVersionNumber
2.1.2005.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Execution parents
File identification
MD5 60675d93330b3bb178d5efb45c690382
SHA1 ff271bc84341dd2c8f186c44a1fe33c522514863
SHA256 49ae454826038c5697bcb0287b4754281a4f2d95b6bcfa24d3c1dc9dc49581c6
ssdeep
12288:FRmKmGMqUeN9STPIVBAVSYJtk5aT6E63PH8dkIam/:FQKK3eNMsVBqJtkIT6HPhA/

authentihash 191c2f65b7f55304b0ea9ccb4e69764baed905888b7d4927cfc24c3925f7ebad
imphash dbf556951120f637dfa12a0b8067e2d3
File size 473.7 KB ( 485040 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2013-05-05 23:51:03 UTC ( 4 years, 8 months ago )
Last submission 2017-05-12 13:36:23 UTC ( 8 months, 1 week ago )
File names alliance-of-valiant-arms_fr_429967.exe
alliance-of-valiant-arms-ava-4411-jetelecharge.exe
alliance-of-valiant-arms-ava-4411-jetelecharge.exe
2015-02-05_49ae454826038c5697bcb0287b4754281a4f2d95b6bcfa24d3c1dc9dc49581c6
Downloader
ava_fr_downloader.exe
alliance-of-valiant-arms-ava-4411-jetelecharge.exe
Downloader.exe
alliance-of-valiant-arms-ava-4411-jetelecharge.exe
file-5457551_exe
alliance-of-valiant-arms-ava-4411-jetelecharge.exe
ava_fr_downloader (1).exe
filename
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Set keys
Searched windows
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications