× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4c824711bfb61f466ddbd435424f1ca82e344fe98101005bda799d5fdc99e9f1
File name: 1340674226-valentine-day.gadget
Detection ratio: 0 / 68
Analysis date: 2018-09-09 09:56:03 UTC ( 5 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware 20180909
AegisLab 20180909
AhnLab-V3 20180908
Alibaba 20180713
ALYac 20180909
Antiy-AVL 20180906
Arcabit 20180909
Avast 20180909
Avast-Mobile 20180909
AVG 20180909
Avira (no cloud) 20180909
AVware 20180909
Babable 20180907
Baidu 20180906
BitDefender 20180909
Bkav 20180906
CAT-QuickHeal 20180909
ClamAV 20180909
CMC 20180908
Comodo 20180909
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20180909
Cyren 20180909
DrWeb 20180909
eGambit 20180909
Emsisoft 20180909
Endgame 20180730
ESET-NOD32 20180909
F-Prot 20180909
F-Secure 20180909
Fortinet 20180909
GData 20180909
Ikarus 20180909
Sophos ML 20180717
Jiangmin 20180909
K7AntiVirus 20180909
K7GW 20180909
Kaspersky 20180909
Kingsoft 20180909
Malwarebytes 20180909
MAX 20180909
McAfee 20180909
McAfee-GW-Edition 20180909
Microsoft 20180909
eScan 20180909
NANO-Antivirus 20180909
Palo Alto Networks (Known Signatures) 20180909
Panda 20180909
Qihoo-360 20180909
Rising 20180909
SentinelOne (Static ML) 20180830
Sophos AV 20180909
SUPERAntiSpyware 20180907
Symantec 20180908
Symantec Mobile Insight 20180905
TACHYON 20180909
Tencent 20180909
TheHacker 20180907
TotalDefense 20180909
TrendMicro 20180909
TrendMicro-HouseCall 20180909
Trustlook 20180909
VBA32 20180907
VIPRE 20180909
ViRobot 20180909
Webroot 20180909
Yandex 20180908
Zillya 20180908
ZoneAlarm by Check Point 20180909
Zoner 20180908
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT INNO
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0000BF98
Number of sections 8
PE sections
Overlays
MD5 4dc8a074a57d00b9679fb71a9811362c
File type data
Offset 61952
Size 2953235
Entropy 7.99
PE imports
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
InitCommonControls
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetFileAttributesA
GetExitCodeProcess
ExitProcess
GetVersionExA
GetModuleFileNameA
RtlUnwind
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCPInfo
GetCommandLineA
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
WriteFile
CloseHandle
GetTempFileNameA
GetFullPathNameA
LocalFree
CreateProcessA
InitializeCriticalSection
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
GetSystemMetrics
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
CharNextA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 2
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 9
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
47104

LinkerVersion
2.25

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

EntryPoint
0xbf98

InitializedDataSize
16384

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
1.0

UninitializedDataSize
0

File identification
MD5 5b279be9fa8af997f637ce5c3ad0215c
SHA1 5e93e4c59cfaaab1e7779fff510de1ca97b0cf77
SHA256 4c824711bfb61f466ddbd435424f1ca82e344fe98101005bda799d5fdc99e9f1
ssdeep
49152:oVAkAIkiDC3MaP0MEf5r1JB+zYbcrYo/pTEjMV4GdDmufrs5pPAWg+CKnymjsy+m:oVAkAwDCZ0zf5HMMoiMWSKufrSFAsnWm

authentihash 86269a9ac137325177fa74ef269faa8e65b7556b0d7cebdeec07ddc48858adff
imphash e2c1f18f75da1944b68774c16f2adcef
File size 2.9 MB ( 3015187 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (82.8%)
Win32 Executable Delphi generic (10.7%)
Win32 Executable (generic) (3.4%)
Generic Win/DOS Executable (1.5%)
DOS Executable Generic (1.5%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-12-14 23:26:48 UTC ( 6 years, 2 months ago )
Last submission 2016-04-02 18:16:09 UTC ( 2 years, 10 months ago )
File names 1340674226-valentine-day.gadget
4c824711bfb61f466ddbd435424f1ca82e344fe98101005bda799d5fdc99e9f1
4C824711BFB61F466DDBD435424F1CA82E344FE98101005BDA799D5FDC99E9F1
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs