× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 57945fd17228d9ec3fe9a9c9a40497d569ab38c670ff4abaf95eaae96394dddb
File name: MapleLegends Feb Prototype rev2.exe
Detection ratio: 7 / 52
Analysis date: 2016-02-03 22:18:31 UTC ( 1 year, 8 months ago ) View latest
Antivirus Result Update
Avast Win32:Evo-gen [Susp] 20160203
Avira (no cloud) TR/Spy.Gen 20160203
Bkav HW32.Packed.6C78 20160202
ESET-NOD32 a variant of Win32/Packed.Themida suspicious 20160202
Ikarus Trojan.Win32.Mapstosteal 20160203
Qihoo-360 HEUR/QVM19.1.Malware.Gen 20160203
TheHacker W32/Behav-Heuristic-064 20160202
Ad-Aware 20160203
AegisLab 20160203
Yandex 20160202
AhnLab-V3 20160202
Alibaba 20160203
ALYac 20160203
Antiy-AVL 20160203
Arcabit 20160203
AVG 20160203
Baidu-International 20160203
BitDefender 20160203
ByteHero 20160203
CAT-QuickHeal 20160203
ClamAV 20160203
Comodo 20160203
Cyren 20160202
DrWeb 20160203
Emsisoft 20160202
F-Prot 20160129
Fortinet 20160202
GData 20160203
Jiangmin 20160203
K7AntiVirus 20160203
K7GW 20160203
Kaspersky 20160203
Malwarebytes 20160203
McAfee 20160203
McAfee-GW-Edition 20160203
Microsoft 20160203
eScan 20160203
NANO-Antivirus 20160203
nProtect 20160201
Panda 20160202
Rising 20160203
Sophos AV 20160203
SUPERAntiSpyware 20160203
Symantec 20160202
Tencent 20160203
TrendMicro 20160203
TrendMicro-HouseCall 20160203
VBA32 20160203
VIPRE 20160203
ViRobot 20160203
Zillya 20160203
Zoner 20160203
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product MapleLegends
Original name MapleLegends.exe
Internal name MapleLegends
File version 3, 2, 2, 6
Description MapleLegends Old School MapleStory
ReversingLabs Taggant packer details
Validity
Valid taggant block

Full file hash
Valid

PKI chain
Valid

Packer Themida (2.3.7)
Timestamp Feb 3 22:05:41 2016 GMT Invalid
User
Validity Valid
Serial Number 1CFB7B652D1BA1812A816ABD4577C675
SPV
Validity Valid
Serial Number 19D169BB9A9042C0607D960325D1D336
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-11-11 07:23:53
Entry Point 0x00B81000
Number of sections 10
PE sections
PE imports
InitCommonControls
PE exports
Number of PE resources by type
RT_BITMAP 4
RT_DIALOG 2
RT_RCDATA 2
RT_ICON 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 12
KOREAN 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.2.2.6

UninitializedDataSize
0

LanguageCode
Korean

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
1200128

EntryPoint
0xb81000

OriginalFileName
MapleLegends.exe

MIMEType
application/octet-stream

FileVersion
3, 2, 2, 6

TimeStamp
2008:11:11 08:23:53+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
MapleLegends

ProductVersion
3, 2, 2, 6

FileDescription
MapleLegends Old School MapleStory

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
5140480

ProductName
MapleLegends

ProductVersionNumber
3.2.2.6

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 72630544bcf6d50823c1f05eb5ec0336
SHA1 cc76e7f97e4581f444a906e9cd68ea0bda31154a
SHA256 57945fd17228d9ec3fe9a9c9a40497d569ab38c670ff4abaf95eaae96394dddb
ssdeep
98304:5RvW+6C3PvPH6/Mq051m+xksTrP5YplPKwKPJrUP6CuoPNPozxFCw7YvVaox:50+6mPvv6/mrksTrPsKwKxrS6qPSfCwf

authentihash 7ede4f7fb33dac3942bb43ff19abe618496297a3a54987068e7fb3a6f9093696
imphash baa93d47220682c04d92f7797d9224ce
File size 5.5 MB ( 5812224 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe

VirusTotal metadata
First submission 2016-02-03 22:18:31 UTC ( 1 year, 8 months ago )
Last submission 2016-02-08 12:26:57 UTC ( 1 year, 8 months ago )
File names MapleLegends Feb Prototype rev2.exe
MapleLegends.exe
MapleLegends
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Searched windows
Hooking activity
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications