× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 585f39350180598ed1719d9cb486a731352701cd0b11f092d7285c5cff1384e9
File name: Super Gamez Downloader 2.3.2.exe
Detection ratio: 4 / 44
Analysis date: 2012-10-30 00:57:24 UTC ( 5 years, 6 months ago ) View latest
Antivirus Result Update
ByteHero Trojan.Win32.Heur.Gen 20121029
DrWeb Trojan.Siggen4.10897 20121030
McAfee-GW-Edition Heuristic.BehavesLike.Win32.ModifiedUPX.N 20121029
VBA32 Trojan.Buzus.lwdl 20121029
Yandex 20121029
AhnLab-V3 20121029
AntiVir 20121029
Antiy-AVL 20121027
Avast 20121029
AVG 20121030
BitDefender 20121030
CAT-QuickHeal 20121029
ClamAV 20121029
Commtouch 20121029
Comodo 20121030
Emsisoft 20121030
eSafe 20121028
ESET-NOD32 20121029
F-Prot 20121030
F-Secure 20121030
Fortinet 20121030
GData 20121030
Ikarus 20121029
Jiangmin 20121029
K7AntiVirus 20121029
Kaspersky 20121029
Kingsoft 20121028
McAfee 20121030
Microsoft 20121029
eScan 20121030
Norman 20121029
nProtect 20121029
Panda 20121029
PCTools 20121029
Rising 20121029
Sophos AV 20121030
SUPERAntiSpyware 20121030
Symantec 20121030
TheHacker 20121028
TotalDefense 20121029
TrendMicro 20121030
TrendMicro-HouseCall 20121030
VIPRE 20121030
ViRobot 20121029
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2011-2013 A.tawaly

Publisher 1905co
File version 2.3.2.0
Description Super Gamez Downloader
Packers identified
F-PROT Armadillo
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-06-24 14:30:01
Entry Point 0x0014B000
Number of sections 8
PE sections
PE imports
CreateDCA
DeleteDC
SelectObject
CreatePalette
CreateDIBitmap
SelectPalette
BitBlt
CreateCompatibleDC
DeleteObject
RealizePalette
FreeConsole
GetConsoleOutputCP
ReleaseMutex
GetFileAttributesA
WaitForSingleObject
FindNextFileA
HeapDestroy
SetFileTime
GetFileAttributesW
GetLocalTime
GetStdHandle
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetDiskFreeSpaceExA
GetCurrentDirectoryA
GetConsoleMode
GetLocaleInfoA
SetErrorMode
FreeEnvironmentStringsW
GetThreadContext
GetLocaleInfoW
SetStdHandle
GetFileTime
GetTempPathA
WideCharToMultiByte
WaitForDebugEvent
InterlockedExchange
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
FreeLibrary
LocalFree
MoveFileA
ResumeThread
GetExitCodeProcess
GetEnvironmentVariableA
OutputDebugStringW
FindClose
TlsGetValue
MoveFileW
GetFullPathNameW
OutputDebugStringA
SetLastError
InitializeCriticalSection
CopyFileW
WriteProcessMemory
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetVersionExA
GetModuleFileNameA
EnumSystemLocalesA
GetPrivateProfileStringA
SetConsoleCtrlHandler
GetUserDefaultLCID
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FatalAppExitA
FormatMessageA
CreateMutexA
GetModuleHandleA
GlobalAddAtomW
CreateThread
GlobalAddAtomA
SetUnhandledExceptionFilter
SetEnvironmentVariableA
SetThreadContext
TerminateProcess
WriteConsoleA
SetCurrentDirectoryW
GlobalAlloc
DebugActiveProcess
SearchPathA
VirtualQueryEx
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
SetCurrentDirectoryA
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
GlobalGetAtomNameW
SetEvent
QueryPerformanceCounter
GetTickCount
CreateDirectoryA
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
GetFileSize
LCMapStringW
CreateHardLinkW
DeleteFileA
GetWindowsDirectoryA
ReadProcessMemory
CreateDirectoryW
GetFileAttributesExA
GetProcAddress
VirtualProtectEx
GetProcessHeap
GetTempFileNameW
CompareStringW
RemoveDirectoryW
GetFileInformationByHandle
FindNextFileW
CompareStringA
GetTempFileNameA
CreateFileMappingA
FindFirstFileW
IsValidLocale
DuplicateHandle
GlobalLock
GetTimeZoneInformation
CreateFileW
CreateEventA
CopyFileA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
GlobalDeleteAtom
GetShortPathNameW
HeapCreate
GlobalFree
GetConsoleCP
LCMapStringA
CreateHardLinkA
GlobalGetAtomNameA
GetEnvironmentStringsW
GlobalUnlock
RemoveDirectoryA
GetShortPathNameA
GetEnvironmentStrings
GetCurrentDirectoryW
WritePrivateProfileStringA
GetCurrentProcessId
GetDiskFreeSpaceExW
ContinueDebugEvent
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
InterlockedCompareExchange
GetStringTypeA
GetCurrentThread
OpenMutexA
SuspendThread
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
FindFirstFileA
CloseHandle
GetACP
GetFileAttributesExW
CreateProcessA
IsValidCodePage
UnmapViewOfFile
WriteFile
VirtualFree
Sleep
IsBadReadPtr
SetThreadPriority
VirtualAlloc
DeleteFileW
GetOEMCP
GetTimeFormatA
GetMessageA
PackDDElParam
UpdateWindow
SetPropA
BeginPaint
EnumWindows
DefWindowProcW
CreateDialogIndirectParamA
KillTimer
FindWindowA
DefWindowProcA
ShowWindow
GetPropA
GetWindowThreadProcessId
FreeDDElParam
GetSystemMetrics
IsWindow
SetTimer
DispatchMessageA
EndPaint
PostMessageA
MoveWindow
MessageBoxA
PeekMessageA
TranslateMessage
DialogBoxParamA
PostMessageW
RegisterClassExA
GetAsyncKeyState
DrawTextA
SetWindowTextA
SendMessageW
LoadStringA
RegisterClassW
SendMessageA
LoadStringW
UnpackDDElParam
GetDlgItem
CreateDialogParamA
RegisterClassA
InSendMessage
GetWindowTextLengthA
CreateWindowExA
LoadCursorA
DefDlgProcA
EnumThreadWindows
WaitForInputIdle
GetDesktopWindow
IsWindowUnicode
CreateWindowExW
GetWindowTextA
DestroyWindow
GetOpenFileNameA
GetSaveFileNameA
Number of PE resources by type
RT_DIALOG 5
RT_GROUP_CURSOR 1
RT_ICON 1
RT_MANIFEST 1
RT_CURSOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 8
NEUTRAL 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
83.82

ImageVersion
0.0

FileVersionNumber
1.34.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
3985408

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.3.2.0

TimeStamp
2010:06:24 15:30:01+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
Super Gamez Downloader

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright 2011-2013 A.tawaly

MachineType
Intel 386 or later, and compatibles

CompanyName
1905co

CodeSize
720896

FileSubtype
0

ProductVersionNumber
1.34.0.0

EntryPoint
0x14b000

ObjectFileType
Executable application

File identification
MD5 d6f0495e51d042e2cdc700e8ed95d05b
SHA1 2a432231c902191c7ae229224217aa7a117699e0
SHA256 585f39350180598ed1719d9cb486a731352701cd0b11f092d7285c5cff1384e9
ssdeep
98304:rz2OIElmJ/d126zC5zocnMarCojiqpVCPOQj3zZHM9H7uzRT:rzDmr26+hocDfpVFQxPZ

authentihash 789682fee9737d96c76565d3663f5be91ee5821f56a6a25084a3428786828238
imphash 7dceeef930900042ca75be60815b470c
File size 4.5 MB ( 4710400 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2012-10-30 00:57:24 UTC ( 5 years, 6 months ago )
Last submission 2014-07-17 10:02:34 UTC ( 3 years, 10 months ago )
File names Super Gamez Downloader 2.3.2.exe
file-4783420_exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Set keys
Deleted keys
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.