× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4c1409c73b1cf5c53581b062cbb2b3d6015bbfd96e8f2bec849aa9c575077eb0
File name: FEAR.exe
Detection ratio: 2 / 67
Analysis date: 2018-03-12 09:12:44 UTC ( 1 month, 1 week ago )
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_60% (W) 20170201
Cylance Unsafe 20180312
Ad-Aware 20180312
AegisLab 20180312
AhnLab-V3 20180311
Alibaba 20180312
ALYac 20180312
Antiy-AVL 20180312
Arcabit 20180312
Avast 20180312
Avast-Mobile 20180312
AVG 20180312
Avira (no cloud) 20180312
AVware 20180312
Baidu 20180312
BitDefender 20180312
Bkav 20180310
CAT-QuickHeal 20180312
ClamAV 20180312
CMC 20180312
Comodo 20180312
Cybereason 20180225
Cyren 20180312
DrWeb 20180312
eGambit 20180312
Emsisoft 20180312
Endgame 20180308
ESET-NOD32 20180312
F-Prot 20180312
F-Secure 20180312
Fortinet 20180312
GData 20180312
Ikarus 20180311
Sophos ML 20180121
Jiangmin 20180312
K7AntiVirus 20180312
K7GW 20180312
Kaspersky 20180312
Kingsoft 20180312
Malwarebytes 20180312
MAX 20180312
McAfee 20180312
McAfee-GW-Edition 20180312
Microsoft 20180312
eScan 20180312
NANO-Antivirus 20180312
nProtect 20180312
Palo Alto Networks (Known Signatures) 20180312
Panda 20180311
Qihoo-360 20180312
Rising 20180312
SentinelOne (Static ML) 20180225
Sophos AV 20180312
SUPERAntiSpyware 20180312
Symantec 20180312
Symantec Mobile Insight 20180311
Tencent 20180312
TheHacker 20180311
TrendMicro 20180312
TrendMicro-HouseCall 20180312
Trustlook 20180312
VBA32 20180307
VIPRE 20180312
ViRobot 20180312
Webroot 20180312
WhiteArmor 20180223
Yandex 20180308
Zillya 20180309
ZoneAlarm by Check Point 20180312
Zoner 20180312
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2005 Monolith Productions, Inc.

Product F.E.A.R.
File version 1.08.282.0
Description F.E.A.R.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-08-25 21:25:58
Entry Point 0x0020A2D8
Number of sections 16
PE sections
Overlays
MD5 19655537299e787bf9afe6d013d53708
File type data
Offset 4956596
Size 458317
Entropy 7.95
PE imports
RegDeleteKeyA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegEnumKeyA
RegEnumValueA
RegQueryInfoKeyA
ImageList_GetImageCount
InitCommonControlsEx
ImageList_Destroy
ImageList_Draw
Ord(6)
ImageList_LoadImageA
CertOpenStore
CertAddEncodedCertificateToStore
CertFreeCertificateContext
CertGetIssuerCertificateFromStore
CertCloseStore
CertOpenSystemStoreA
CertCreateCertificateContext
CryptDecodeObject
Direct3DCreate9
D3DXCreateEffect
D3DXPlaneTransform
D3DXSaveSurfaceToFileA
D3DXSaveTextureToFileA
D3DXLoadSurfaceFromMemory
D3DXCreateEffectPool
DirectDrawCreate
DirectInput8Create
AddFontResourceA
SetMapMode
TextOutW
PatBlt
GetGlyphOutlineW
CreateFontIndirectA
GetTextMetricsA
GetDeviceCaps
DeleteDC
SetBkMode
BitBlt
CreateDIBSection
SetTextColor
CreatePatternBrush
GetObjectA
CreateBitmap
GetStockObject
CreateDIBitmap
GdiFlush
CreateCompatibleDC
SetBrushOrgEx
RemoveFontResourceA
SelectObject
GetTextExtentPoint32A
GetCharWidth32W
CreateSolidBrush
SetBkColor
DeleteObject
CreateCompatibleBitmap
GetPrivateProfileSectionNamesA
GetStdHandle
GetPrivateProfileStructA
FileTimeToSystemTime
CreateFileMappingA
GetFileAttributesA
SetEvent
GetDriveTypeA
HeapDestroy
DebugBreak
GetFileAttributesW
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
UnhandledExceptionFilter
ReleaseMutex
SetErrorMode
WideCharToMultiByte
GetLogicalDrives
FreeEnvironmentStringsW
GetThreadContext
GetLocaleInfoW
SetFileAttributesA
GetTempPathA
GetCPInfo
GetOverlappedResult
GetStringTypeA
GetDiskFreeSpaceW
InterlockedExchange
_hwrite
WriteFile
MoveFileA
WaitForSingleObject
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
GetStringTypeW
GetFullPathNameA
GetOEMCP
LocalFree
FormatMessageW
ResumeThread
GetLogicalDriveStringsA
GetEnvironmentVariableA
LoadResource
FindClose
InterlockedDecrement
OutputDebugStringA
SetLastError
GetSystemTime
InitializeCriticalSection
lstrcpynW
ExitProcess
GetVersionExA
GetModuleFileNameA
FlushViewOfFile
RaiseException
EnumSystemLocalesA
GetPrivateProfileStringA
GetVolumeInformationW
TerminateProcess
MultiByteToWideChar
SetFilePointerEx
FlushInstructionCache
CreateMutexA
SetFilePointer
_lclose
CreateSemaphoreA
CreateThread
TlsSetValue
GetExitCodeThread
SetUnhandledExceptionFilter
MulDiv
ExitThread
SetEnvironmentVariableA
GlobalMemoryStatus
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
SetCurrentDirectoryA
HeapFree
EnterCriticalSection
PeekNamedPipe
SetHandleCount
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
OpenProcess
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
_hread
_llseek
GetProcAddress
CreateFileMappingW
CompareStringW
GetFileSizeEx
GetFileInformationByHandle
lstrcmpA
FindFirstFileA
lstrcpyA
CompareStringA
GetTempFileNameA
GetComputerNameA
FindNextFileA
IsValidLocale
DuplicateHandle
WaitForMultipleObjects
GetUserDefaultLCID
GetTimeZoneInformation
CreateFileW
CreateEventA
GetFileType
GetPrivateProfileSectionA
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
UnmapViewOfFile
GetSystemInfo
lstrlenA
LCMapStringA
HeapReAlloc
GetEnvironmentStringsW
GlobalUnlock
VirtualQuery
RemoveDirectoryA
GetShortPathNameA
OpenFile
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentProcessId
LockResource
SetFileTime
lstrlenW
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetCurrentThread
OpenMutexA
SuspendThread
_lcreat
QueryPerformanceFrequency
ReleaseSemaphore
MapViewOfFile
GetModuleHandleA
ReadFile
CloseHandle
lstrcpynA
GetVolumeInformationA
GetACP
GlobalLock
GetVersion
OpenEventA
SetStdHandle
SizeofResource
CreateProcessA
TlsGetValue
IsValidCodePage
HeapCreate
VirtualFree
_lopen
Sleep
IsBadReadPtr
GetFileAttributesExA
IsBadCodePtr
FindResourceA
VirtualAlloc
ResetEvent
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?_Nomemory@std@@YAXXZ
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?clear@ios_base@std@@QAEXH_N@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
__p__fmode
??1type_info@@UAE@XZ
fclose
fflush
_CIfmod
_except_handler3
fputc
strtok
fwrite
strncmp
_XcptFilter
_ftol
isspace
sprintf
__CxxFrameHandler
_CxxThrowException
_ismbblead
iswctype
??3@YAXPAX@Z
_aligned_free
_callnewh
strstr
memmove
remove
_mkdir
_CIacos
_purecall
??0exception@@QAE@ABV0@@Z
_stricmp
fgets
strchr
clock
ftell
??_V@YAXPAX@Z
strrchr
_acmdln
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
strcspn
free
_aligned_malloc
__p___argc
__getmainargs
__p___argv
_stat
_vsnprintf
_findnext
_CIpow
_findfirst
_exit
rand
realloc
_getcwd
__dllonexit
_setjmp3
toupper
printf
fopen
_vsnwprintf
strncpy
_cexit
_itoa
qsort
_onexit
wcslen
isalpha
_snprintf
__setusermatherr
wcsncpy
srand
_fdopen
__p__commode
atoi
atol
atof
swscanf
wcscpy
_strnicmp
_controlfp
vsprintf
rename
malloc
sscanf
fread
_finite
_chmod
fprintf
isdigit
_amsg_exit
?terminate@@YAXXZ
_c_exit
floor
fseek
_findclose
rewind
_atoi64
strncat
_wcsicmp
longjmp
tolower
??1exception@@UAE@XZ
_adjust_fdiv
_splitpath
_initterm
_errno
??0exception@@QAE@XZ
time
wcsstr
__set_app_type
CreateStreamOnHGlobal
OleLockRunning
CLSIDFromProgID
CoInitialize
CoTaskMemAlloc
CoUninitialize
CoCreateInstance
OleUninitialize
StringFromCLSID
CoRegisterClassObject
CoTaskMemFree
OleInitialize
CLSIDFromString
CoGetClassObject
LoadRegTypeLib
SysStringLen
SysAllocStringLen
SysStringByteLen
VariantClear
SysAllocString
DispCallFunc
SysFreeString
SysAllocStringByteLen
VariantInit
Ord(253)
ExtractIconA
ShellExecuteA
SHGetFolderPathA
CoInternetGetSession
RedrawWindow
GetForegroundWindow
UnregisterHotKey
SetRectEmpty
ChangeDisplaySettingsA
PostQuitMessage
GetMessagePos
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
SetMenuItemInfoA
WindowFromPoint
DispatchMessageW
GetAsyncKeyState
DrawTextA
SendMessageA
GetClientRect
ToAscii
SetMenuDefaultItem
CallNextHookEx
LoadAcceleratorsA
GetWindowTextLengthA
LoadImageW
GetActiveWindow
RegisterHotKey
LoadImageA
GetMenuItemCount
GetWindowTextA
InvalidateRgn
RegisterClassExA
DestroyMenu
DestroyWindow
DrawEdge
ShowCursor
GetParent
UpdateWindow
AttachThreadInput
EnumWindows
GetClassInfoExA
ShowWindow
DrawFrameControl
CreateIconFromResourceEx
EnableWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
SetWindowsHookExA
LoadStringA
RegisterClassW
GetSystemMetrics
LoadStringW
IsIconic
TrackPopupMenuEx
GetWindowLongA
CreateWindowExA
FillRect
CharNextA
GetSysColorBrush
CreateWindowExW
CreateAcceleratorTableA
IsChild
MapWindowPoints
GetMessageA
SetCapture
BeginPaint
OffsetRect
DefWindowProcW
KillTimer
RegisterWindowMessageA
DefWindowProcA
SendDlgItemMessageA
CharLowerA
GetWindowRect
InflateRect
PostMessageA
ReleaseCapture
EnumChildWindows
SetWindowLongA
CheckDlgButton
SetWindowTextA
GetSubMenu
PtInRect
SetTimer
GetDlgItem
ClientToScreen
LoadCursorA
LoadIconA
GetKeyboardState
EnumDisplaySettingsA
GetMenuItemInfoA
IsDlgButtonChecked
GetDesktopWindow
CreateIconFromResource
GetDC
SetForegroundWindow
DialogBoxIndirectParamA
ReleaseDC
EndDialog
LoadMenuA
ScreenToClient
MessageBeep
SetFocus
GetWindowThreadProcessId
MessageBoxW
UnhookWindowsHookEx
MoveWindow
MessageBoxA
GetClassNameA
GetWindowDC
DestroyCursor
GetSysColor
GetKeyState
SystemParametersInfoA
DestroyIcon
IsWindowVisible
SetCursorPos
FrameRect
InvalidateRect
wsprintfA
SendMessageTimeoutA
TranslateAcceleratorA
AdjustWindowRect
CallWindowProcA
IsMenu
GetFocus
ModifyMenuA
SetCursor
HttpSendRequestA
InternetSetOptionA
HttpOpenRequestA
InternetCloseHandle
InternetOpenA
InternetConnectA
InternetQueryOptionA
InternetCrackUrlA
mmioOpenW
mmioWrite
PlaySoundW
mmioRead
sndPlaySoundA
timeGetTime
mciSendCommandW
timeEndPeriod
PlaySoundA
timeSetEvent
mmioOpenA
mmioClose
mciSendCommandA
sndPlaySoundW
mciSendStringA
mmioSeek
timeBeginPeriod
htonl
getsockname
ioctlsocket
WSAStartup
connect
shutdown
htons
WSASetLastError
WSAGetLastError
gethostname
closesocket
ntohl
inet_addr
send
ntohs
select
__WSAFDIsSet
WSACleanup
gethostbyname
inet_ntoa
recv
setsockopt
socket
bind
recvfrom
sendto
PE exports
Number of PE resources by type
RT_ICON 12
RT_VERSION 1
RT_BITMAP 1
RT_GROUP_ICON 1
REGISTRY 1
Number of PE resources by language
ENGLISH US 16
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2006:08:25 22:25:58+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
1355776

LinkerVersion
7.1

FileTypeExtension
exe

InitializedDataSize
331776

SubsystemVersion
4.0

EntryPoint
0x20a2d8

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 b1036f8cd7eac6c759ce4e296b0aea9b
SHA1 9b19a17a0e4c4820db22903effaaf472d41a3db8
SHA256 4c1409c73b1cf5c53581b062cbb2b3d6015bbfd96e8f2bec849aa9c575077eb0
ssdeep
98304:aa3fAMS/ZJgRNyB8Fo5HN4IQ9KKvl1qzgV6LCAE:aa3fAMS/ZMNrFo3QLT4gEI

authentihash 2fa970497dba6f75b510fb9a1d73d457e3cffb0fd61367ce078561308cf59097
imphash c5318727b623c88bba2462975fe74af7
File size 5.2 MB ( 5414913 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (generic) (79.7%)
Win32 Executable (generic) (8.6%)
OS/2 Executable (generic) (3.8%)
Generic Win/DOS Executable (3.8%)
DOS Executable Generic (3.8%)
Tags
peexe overlay

VirusTotal metadata
First submission 2006-12-18 00:02:41 UTC ( 11 years, 4 months ago )
Last submission 2018-03-12 09:12:44 UTC ( 1 month, 1 week ago )
File names smona131098078090638572168
smona132291017932744209371
smona130759704880753490893
B1036F8CD7EAC6C759CE4E296B0AEA9B
file-3048737_exe
smona131153772482834821881
smona131747468230064340209
FEARDevSP.exe
FEAR (2).exe
FEARDevSP.exe
smona131630352239627114967
is-D2VSB.tmp
FEAR.EXE
smona131236159425076248558
FEAR.exe
fear.exe
FEAR-108-crk.exe
is-KOFEE.tmp
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V1219.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!