× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 63ed67dd0fd2376c656da3fca6e36dacf51c536a6cbb84a8ef1e89f2601118a9
Detection ratio: 0 / 66
Analysis date: 2018-08-03 18:40:22 UTC ( 6 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware 20180803
AegisLab 20180803
AhnLab-V3 20180803
Alibaba 20180713
ALYac 20180803
Antiy-AVL 20180803
Arcabit 20180803
Avast 20180803
Avast-Mobile 20180803
AVG 20180803
Avira (no cloud) 20180803
AVware 20180727
Babable 20180725
Baidu 20180802
BitDefender 20180803
Bkav 20180803
CAT-QuickHeal 20180803
ClamAV 20180803
CMC 20180803
Comodo 20180803
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20180803
Cyren 20180803
DrWeb 20180803
eGambit 20180803
Emsisoft 20180803
Endgame 20180730
ESET-NOD32 20180803
F-Prot 20180803
F-Secure 20180803
Fortinet 20180803
GData 20180803
Ikarus 20180803
Sophos ML 20180717
Jiangmin 20180803
K7AntiVirus 20180803
K7GW 20180803
Kaspersky 20180803
Kingsoft 20180803
Malwarebytes 20180803
MAX 20180803
McAfee 20180803
McAfee-GW-Edition 20180803
Microsoft 20180803
eScan 20180803
NANO-Antivirus 20180803
Palo Alto Networks (Known Signatures) 20180803
Panda 20180803
Qihoo-360 20180803
Rising 20180803
SentinelOne (Static ML) 20180701
Sophos AV 20180803
SUPERAntiSpyware 20180803
Symantec 20180803
Symantec Mobile Insight 20180801
TACHYON 20180803
Tencent 20180803
TheHacker 20180802
TrendMicro 20180803
TrendMicro-HouseCall 20180803
Trustlook 20180803
VBA32 20180803
VIPRE 20180803
ViRobot 20180803
Webroot 20180803
Yandex 20180803
ZoneAlarm by Check Point 20180803
Zoner 20180803
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
2014 - OyunCeviri.com

Product Tomb Raider 2013 Türkçe Yama
File version 1.00
Description Tomb Raider 2013 TR v1.00
Comments Oyunlar artýk Türkçe :)
Packers identified
F-PROT NSIS, docwrite, UPX, appended
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-12-05 22:50:46
Entry Point 0x0003D5A0
Number of sections 3
PE sections
Overlays
MD5 98a60f0cfd1c9b9e04b1f63a5f886be2
File type data
Offset 25088
Size 713700
Entropy 8.00
PE imports
RegEnumKeyA
SetBkMode
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
ShellExecuteA
VerQueryValueA
CoTaskMemFree
Number of PE resources by type
RT_DIALOG 5
RT_ICON 1
RT_MANIFEST 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 9
NEUTRAL 1
PE resources
ExifTool file metadata
CodeSize
20480

SubsystemVersion
4.0

Comments
Oyunlar art k T rk e :)

LinkerVersion
6.0

ImageVersion
6.0

CompanyWebsite
http://www.OyunCeviri.com

ProductName
Tomb Raider 2013 T rk e Yama

FileVersionNumber
1.0.0.0

UninitializedDataSize
229376

LanguageCode
Neutral

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
8192

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0

TimeStamp
2009:12:05 23:50:46+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0

FileDescription
Tomb Raider 2013 TR v1.00

OSVersion
4.0

FileOS
Win32

LegalCopyright
2014 - OyunCeviri.com

MachineType
Intel 386 or later, and compatibles

CompanyName
OyunCeviri.com

LegalTrademarks
Tomb Raider 2013 Square Enix

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x3d5a0

ObjectFileType
Executable application

File identification
MD5 0d551ac6ed27ab5e363e3a541500ddc9
SHA1 2bbc83b2ada17c60c676b8a2d0288a2dba69323c
SHA256 63ed67dd0fd2376c656da3fca6e36dacf51c536a6cbb84a8ef1e89f2601118a9
ssdeep
12288:HN4fdzMRq6V7RwY8HoLQSIZGNiyMRrRZDWqLa8gGtmPfpC+gwWmS2DOIs:H+WRDV7RwluIZktcfD3LAGtEsdZ

authentihash add7a537c25c0d73959fa7cf05c7cf28c7320128a6655546deedec4e7605eaf4
imphash 2134f794bcda54794e74b7208adb2204
File size 721.5 KB ( 738788 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (38.2%)
Win32 EXE Yoda's Crypter (37.5%)
Win32 Dynamic Link Library (generic) (9.2%)
Win32 Executable (generic) (6.3%)
OS/2 Executable (generic) (2.8%)
Tags
nsis peexe upx overlay

VirusTotal metadata
First submission 2014-03-08 15:16:50 UTC ( 4 years, 11 months ago )
Last submission 2018-04-02 14:11:28 UTC ( 10 months, 3 weeks ago )
File names Tomb_Raider_2013_Turkce_Yama.exe
Tomb_Raider_2013_Turkce_Yama.exe
Tomb Raider 2013_TR_Yama_v1.00.exe
Tomb Raider 2013_TR_Yama_v1.00.exe
Turkce Yama !!.exe
tomb_raider_2013_turkce_yama.exe
Tomb_Raider_2013_Turkce_Yama.exe
tomb raider 2013_tr_yama_v1.00.exe
Tomb Raider 2013_TR_Yama_v1.00.exe
tomb raider 2013_tr_yama_v1.00.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V1025.

Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
keylogger

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications