× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4ee9d98fa538147b93af893462d9b1c270b9a488afd2ebc60ebf0526d2c86aca
File name: DfC.exe
Detection ratio: 2 / 57
Analysis date: 2015-09-24 14:27:12 UTC ( 1 year, 9 months ago )
Antivirus Result Update
Microsoft Trojan:Win32/Dorv.B!rfn 20150924
Rising PE:Malware.RDM.27!5.21[F1] 20150923
Ad-Aware 20150924
AegisLab 20150924
Yandex 20150923
AhnLab-V3 20150924
Alibaba 20150924
ALYac 20150924
Antiy-AVL 20150924
Arcabit 20150924
Avast 20150924
AVG 20150924
Avira (no cloud) 20150924
AVware 20150924
Baidu-International 20150924
BitDefender 20150924
Bkav 20150923
ByteHero 20150924
CAT-QuickHeal 20150924
ClamAV 20150923
CMC 20150922
Comodo 20150924
Cyren 20150924
DrWeb 20150924
Emsisoft 20150924
ESET-NOD32 20150924
F-Prot 20150924
F-Secure 20150924
Fortinet 20150924
GData 20150924
Ikarus 20150924
Jiangmin 20150922
K7AntiVirus 20150924
K7GW 20150924
Kaspersky 20150924
Kingsoft 20150924
Malwarebytes 20150924
McAfee 20150924
McAfee-GW-Edition 20150924
eScan 20150924
NANO-Antivirus 20150924
nProtect 20150924
Panda 20150924
Qihoo-360 20150924
Sophos 20150924
SUPERAntiSpyware 20150924
Symantec 20150923
Tencent 20150924
TheHacker 20150923
TotalDefense 20150924
TrendMicro 20150924
TrendMicro-HouseCall 20150924
VBA32 20150924
VIPRE 20150924
ViRobot 20150924
Zillya 20150924
Zoner 20150924
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Drakefire Chasm
File version v1.3.2
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-08-29 05:32:55
Entry Point 0x00001240
Number of sections 6
PE sections
Overlays
MD5 ac01c70d8026a09fab561ab0dbf3112f
File type data
Offset 595968
Size 287297
Entropy 5.00
PE imports
GetLastError
GetAtomNameA
ReleaseSemaphore
CreateSemaphoreA
TlsGetValue
TlsFree
AddAtomA
WaitForSingleObject
SetUnhandledExceptionFilter
FindAtomA
InterlockedDecrement
ExitProcess
TlsAlloc
TlsSetValue
Sleep
SetLastError
InterlockedIncrement
_ZN10TCODSystem10sleepMilliEj
_ZNK11TCODConsole17getCharBackgroundEii
_ZN11TCODConsole4blitEPKS_iiiiPS_iiff
_ZN7TCODZip9putStringEPKc
_ZN10TCODSystem14saveScreenshotEPKc
_ZN7TCODZip10saveToFileEPKc
_ZN11TCODConsole15setColorControlE14TCOD_colctrl_tRK9TCODColorS3_
_ZN10TCODRandom11getInstanceEv
_ZN11TCODConsole12isFullscreenEv
_ZN11TCODConsole20setDefaultBackgroundE9TCODColor
_ZN8TCODPathC1EPK7TCODMapf
_ZNK7TCODMap7isInFovEii
_ZN8TCODLine4initEiiii
_ZN11TCODConsole10printFrameEiiiib17TCOD_bkgnd_flag_tPKcz
_ZN9TCODImageC1EPKc
_ZN7TCODZipC1Ev
_ZN10TCODRandomC1E18TCOD_random_algo_tb
_ZN9TCODNoise6getFbmEPff17TCOD_noise_type_t
_ZN9TCODColor5whiteE
_ZN11TCODConsole16checkForKeypressEi
_ZN11TCODConsole7setCharEiii
_ZN11TCODConsoleC1Eii
TCOD_random_get_int_mean
_ZN11TCODConsole8initRootEiiPKcb15TCOD_renderer_t
_ZN7TCODZipD1Ev
_ZN11TCODConsole5printEiiPKcz
_ZN7TCODMap13setPropertiesEiibb
_ZN9TCODImage11setKeyColorE9TCODColor
TCOD_random_get_int
_ZN11TCODConsole14isWindowClosedEv
_ZN11TCODConsole5clearEv
_ZN8TCODPath7computeEiiii
_ZNK11TCODConsole17getCharForegroundEii
_ZN8TCODLine4stepEPiS0_
_ZN11TCODConsole17setCharForegroundEiiRK9TCODColor
_ZN11TCODConsole9printRectEiiiiPKcz
_ZN7TCODZip9getStringEv
_ZN11TCODConsole15waitForKeypressEb
_ZN11TCODConsole13setCustomFontEPKciii
_ZN9TCODNoiseC1Eiff17TCOD_noise_type_t
_ZN10TCODRandomD1Ev
_ZN11TCODConsole7putCharEiii17TCOD_bkgnd_flag_t
_ZN11TCODConsole5flushEv
_ZN11TCODConsole7setFadeEhRK9TCODColor
_ZN7TCODZip12loadFromFileEPKc
_ZN9TCODColor5blackE
_ZN7TCODZip6getIntEv
_ZN11TCODConsole12setAlignmentE16TCOD_alignment_t
_ZNK9TCODImage6blit2xEP11TCODConsoleiiiiii
_ZN11TCODConsole20setDefaultForegroundE9TCODColor
_ZN11TCODConsole4rootE
_ZN7TCODMap10computeFovEiiib20TCOD_fov_algorithm_t
_ZN10TCODSystem18getLastFrameLengthEv
_ZN10TCODSystem6setFpsEi
_ZN8TCODPath4walkEPiS0_b
_ZN7TCODZip6putIntEi
_ZN11TCODConsole17setCharBackgroundEiiRK9TCODColor17TCOD_bkgnd_flag_t
_ZN11TCODConsole9putCharExEiiiRK9TCODColorS2_
_ZN11TCODConsole13setFullscreenEb
_ZN7TCODMapC1Eii
__p__fmode
malloc
getc
toupper
__p__environ
fread
fclose
atexit
abort
_setmode
_assert
fflush
fopen
strlen
_cexit
ungetc
_fdopen
_errno
strtod
fwrite
fgetpos
_onexit
strftime
_strdup
putc
time
_ctype
strxfrm
fsetpos
memset
_isctype
_pctype
free
getenv
setlocale
signal
_fstati64
__getmainargs
_write
strcoll
memcpy
_lseeki64
_vsnprintf
ctime
memmove
_read
strcmp
_filelengthi64
strcpy
setvbuf
__mb_cur_max
_strnicmp
fprintf
__set_app_type
vsprintf
localeconv
memchr
_iob
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 5
PE resources
ExifTool file metadata
UninitializedDataSize
22016

LinkerVersion
2.56

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.3.2.434

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Windows, Latin1

InitializedDataSize
594944

EntryPoint
0x1240

MIMEType
application/octet-stream

FileVersion
v1.3.2

TimeStamp
2015:08:29 06:32:55+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Unknown (0)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
544256

ProductName
Drakefire Chasm

ProductVersionNumber
1.3.2.434

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 918cafe486ce2d76ed75f9fb53298ea2
SHA1 d802413fec68c71eca7e060556730021a8c891ba
SHA256 4ee9d98fa538147b93af893462d9b1c270b9a488afd2ebc60ebf0526d2c86aca
ssdeep
24576:JoAJ+WegpEpOXR1HUTDdgVLnoHg/r6/pSZ3SmmPo/R:J54B26/pSZ3L

authentihash 9edd38039b479c8f7faf439b3d00b47b5faf7d854d5c7630bf9e8c3c0b4725b6
imphash 6eba24651eb601215c03222b53b6a43d
File size 862.6 KB ( 883265 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.0%)
Win64 Executable (generic) (31.0%)
Windows screen saver (14.6%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-08-29 05:35:54 UTC ( 1 year, 10 months ago )
Last submission 2015-08-29 05:35:54 UTC ( 1 year, 10 months ago )
File names DfC.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!