× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4c93259683992bcf5fcedf3e0caca46dabfbf7cff6549e0ac146d30338c7f2d3
File name: 1282315502-gamegain.exe
Detection ratio: 0 / 54
Analysis date: 2015-12-09 18:13:05 UTC ( 3 years, 1 month ago )
Antivirus Result Update
Ad-Aware 20151209
AegisLab 20151209
Yandex 20151208
AhnLab-V3 20151209
Alibaba 20151208
Antiy-AVL 20151209
Arcabit 20151209
Avast 20151209
AVG 20151209
Avira (no cloud) 20151209
AVware 20151209
Baidu-International 20151209
BitDefender 20151209
Bkav 20151209
ByteHero 20151209
CAT-QuickHeal 20151209
ClamAV 20151209
CMC 20151201
Comodo 20151209
Cyren 20151209
DrWeb 20151209
Emsisoft 20151209
ESET-NOD32 20151209
F-Prot 20151209
F-Secure 20151209
Fortinet 20151209
GData 20151209
Ikarus 20151209
Jiangmin 20151208
K7AntiVirus 20151209
K7GW 20151209
Kaspersky 20151209
Malwarebytes 20151209
McAfee 20151209
McAfee-GW-Edition 20151209
Microsoft 20151209
eScan 20151209
NANO-Antivirus 20151209
nProtect 20151209
Panda 20151209
Qihoo-360 20151209
Rising 20151209
SUPERAntiSpyware 20151209
Symantec 20151208
Tencent 20151209
TheHacker 20151209
TotalDefense 20151208
TrendMicro 20151209
TrendMicro-HouseCall 20151209
VBA32 20151209
VIPRE 20151209
ViRobot 20151209
Zillya 20151208
Zoner 20151209
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2003-2010 PGWARE LLC

Publisher PGWARE LLC
Product GameGain
File version 1.0.0.1
Description GameGain Setup
Comments This installation was built with Inno Setup.
Signature verification Signed file, verified signature
Signing date 1:35 AM 8/8/2010
Signers
[+] PGWARE LLC
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 8/2/2010
Valid to 12:59 AM 8/2/2013
Valid usage Code Signing
Algorithm SHA1
Thumbprint 946C6ACCA23C102612413087C1E96CB039897C64
Serial number 00 90 94 DB AA 7A DE E9 34 F6 9D 72 C5 82 F5 DC B4
[+] USERTrust (Code Signing)
Status Valid
Issuer None
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm SHA1
Thumbprint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
Counter signers
[+] COMODO Time Stamping Signer
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 5/10/2010
Valid to 12:59 AM 5/11/2015
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 3DBB6DB5085C6DD5A1CA7F9CF84ECB1A3910CAC8
Serial number 47 8A 8E FB 59 E1 D8 3F 0C E1 42 D2 A2 87 07 BE
[+] USERTrust (Code Signing)
Status Valid
Issuer None
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm SHA1
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
Packers identified
F-PROT INNO, appended, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-06-10 14:33:52
Entry Point 0x000163C4
Number of sections 9
PE sections
Overlays
MD5 64f2297161fb3e5d5bae7d8f5625298b
File type data
Offset 254464
Size 1508280
Entropy 8.00
PE imports
RegCloseKey
OpenProcessToken
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
InitCommonControls
GetLastError
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetThreadLocale
VirtualProtect
GetFileAttributesW
RtlUnwind
lstrlenW
GetLocalTime
CreateProcessW
DeleteCriticalSection
GetStartupInfoA
SizeofResource
GetWindowsDirectoryW
LocalAlloc
LockResource
GetDiskFreeSpaceW
GetCommandLineW
SetErrorMode
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
EnumCalendarInfoW
GetCPInfo
DeleteFileW
GetProcAddress
GetDateFormatW
InterlockedCompareExchange
GetLocaleInfoW
lstrcpynW
CompareStringW
RaiseException
WideCharToMultiByte
RemoveDirectoryW
SetFilePointer
GetFullPathNameW
ReadFile
GetEnvironmentVariableW
InterlockedExchange
CreateDirectoryW
WriteFile
GetCurrentProcess
CloseHandle
FindFirstFileW
GetACP
GetModuleHandleW
SignalObjectAndWait
SetEvent
FormatMessageW
LoadLibraryW
CreateEventW
GetExitCodeProcess
GetVersion
InitializeCriticalSection
LoadResource
FindResourceW
CreateFileW
VirtualQuery
VirtualFree
FindClose
TlsGetValue
Sleep
SetEndOfFile
TlsSetValue
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
GetFileSize
SetLastError
ResetEvent
VariantChangeType
SafeArrayGetLBound
SafeArrayPtrOfIndex
SysAllocStringLen
VariantClear
SafeArrayCreate
SysReAllocStringLen
SafeArrayGetUBound
VariantCopy
SysFreeString
VariantInit
GetSystemMetrics
SetWindowLongW
MessageBoxW
PeekMessageW
LoadStringW
MessageBoxA
CreateWindowExW
MsgWaitForMultipleObjects
TranslateMessage
CharUpperBuffW
CallWindowProcW
CharNextW
GetKeyboardType
ExitWindowsEx
DispatchMessageW
DestroyWindow
Number of PE resources by type
RT_ICON 15
RT_STRING 6
RT_RCDATA 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 19
NEUTRAL 9
PE resources
ExifTool file metadata
FileDescription
GameGain Setup

Comments
This installation was built with Inno Setup.

InitializedDataSize
166400

ImageVersion
6.0

ProductName
GameGain

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
2.25

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.1

TimeStamp
2010:06:10 15:33:52+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0.0.1

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

LegalCopyright
Copyright 2003-2010 PGWARE LLC

MachineType
Intel 386 or later, and compatibles

CompanyName
PGWARE LLC

CodeSize
87040

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0x163c4

ObjectFileType
Executable application

File identification
MD5 fc9d87a59a63bdecc60ef0ccf62a342f
SHA1 e8d29544cc1e4ec0270d9edf2ac3e0556d45c1ff
SHA256 4c93259683992bcf5fcedf3e0caca46dabfbf7cff6549e0ac146d30338c7f2d3
ssdeep
49152:IhgO2sOu5mMTIyslGlM8KnGNhxeRbHS/dzgMpX:I+VsOu5XTEGdgGLxEby/d3

authentihash 521869590bfeedabae47bb7296bd73307ea8d32ccc97f843a950f14b86ed7591
imphash 483f0c4259a9148c34961abbda6146c1
File size 1.7 MB ( 1762744 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (81.5%)
Win32 Executable Delphi generic (10.5%)
Win32 Executable (generic) (3.3%)
Win16/32 Executable Delphi generic (1.5%)
Generic Win/DOS Executable (1.4%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2010-08-09 17:22:04 UTC ( 8 years, 5 months ago )
Last submission 2015-12-09 18:13:05 UTC ( 3 years, 1 month ago )
File names F63E9F1AB8D6E2BAE5201A06F20D93003EE1FF3A.exe
gamegain.exe
1282315502-gamegain.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Opened mutexes
Runtime DLLs