× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 645e669b2aa57c3bb6acfad8a0c3c40b9e30f866fa17d9be26ca92800ba90252
File name: output.81430860.txt
Detection ratio: 3 / 67
Analysis date: 2018-06-19 05:24:22 UTC ( 2 days, 20 hours ago )
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20180530
Webroot W32.Malware.Gen 20180619
Yandex Trojan.Agent!GivDIZwDJmw 20180618
Ad-Aware 20180619
AegisLab 20180619
AhnLab-V3 20180619
Alibaba 20180615
ALYac 20180619
Antiy-AVL 20180619
Arcabit 20180619
Avast 20180619
Avast-Mobile 20180619
AVG 20180619
AVware 20180618
Babable 20180406
Baidu 20180615
BitDefender 20180619
Bkav 20180619
CAT-QuickHeal 20180619
ClamAV 20180619
CMC 20180619
Comodo 20180619
Cybereason 20180225
Cylance 20180619
Cyren 20180619
DrWeb 20180619
eGambit 20180619
Emsisoft 20180619
Endgame 20180612
ESET-NOD32 20180619
F-Prot 20180619
F-Secure 20180619
Fortinet 20180619
GData 20180619
Ikarus 20180618
Sophos ML 20180601
Jiangmin 20180619
K7AntiVirus 20180618
K7GW 20180619
Kaspersky 20180619
Kingsoft 20180619
Malwarebytes 20180619
MAX 20180619
McAfee 20180619
McAfee-GW-Edition 20180619
Microsoft 20180619
eScan 20180619
NANO-Antivirus 20180619
Palo Alto Networks (Known Signatures) 20180619
Panda 20180618
Qihoo-360 20180619
Rising 20180619
SentinelOne (Static ML) 20180618
Sophos AV 20180619
SUPERAntiSpyware 20180618
Symantec 20180619
Symantec Mobile Insight 20180619
TACHYON 20180619
Tencent 20180619
TheHacker 20180613
TotalDefense 20180619
TrendMicro 20180619
TrendMicro-HouseCall 20180619
Trustlook 20180619
VBA32 20180618
VIPRE 20180619
ViRobot 20180618
Zillya 20180618
ZoneAlarm by Check Point 20180619
Zoner 20180619
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2008-2009,Stepok Image Lab.

Product SelfPlayer
Original name Player.EXE
Internal name Player
File version 2, 3, 0, 1
Description SCREEN2EXE/SWF Player
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-07-10 01:14:34
Entry Point 0x00010A5F
Number of sections 4
PE sections
Overlays
MD5 3b0ec20af49722bccc291d71b7ecdce3
File type data
Offset 122880
Size 170898
Entropy 7.85
PE imports
GetTextExtentPoint32A
CreateFontA
GetBitmapBits
StretchDIBits
DeleteCriticalSection
GetStartupInfoA
EnterCriticalSection
InitializeCriticalSection
Sleep
GetTickCount
GetModuleFileNameA
GetModuleHandleA
LeaveCriticalSection
Ord(1775)
Ord(4080)
Ord(537)
Ord(4710)
Ord(2414)
Ord(3597)
Ord(1641)
Ord(3136)
Ord(2124)
Ord(2515)
Ord(3626)
Ord(755)
Ord(3798)
Ord(6052)
Ord(3259)
Ord(2446)
Ord(2864)
Ord(4297)
Ord(6215)
Ord(5875)
Ord(815)
Ord(641)
Ord(1175)
Ord(1948)
Ord(5277)
Ord(2514)
Ord(4425)
Ord(5199)
Ord(4441)
Ord(1134)
Ord(4465)
Ord(5300)
Ord(2380)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(2982)
Ord(3920)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5307)
Ord(2753)
Ord(4424)
Ord(4078)
Ord(2554)
Ord(6376)
Ord(4224)
Ord(6307)
Ord(3584)
Ord(1727)
Ord(823)
Ord(2379)
Ord(2725)
Ord(4998)
Ord(800)
Ord(3749)
Ord(2512)
Ord(470)
Ord(4274)
Ord(5261)
Ord(565)
Ord(2859)
Ord(4079)
Ord(1146)
Ord(3147)
Ord(6375)
Ord(4167)
Ord(4699)
Ord(5303)
Ord(3262)
Ord(4317)
Ord(1576)
Ord(2256)
Ord(4299)
Ord(4353)
Ord(6157)
Ord(803)
Ord(5065)
Ord(4407)
Ord(3663)
Ord(3346)
Ord(2396)
Ord(3831)
Ord(6374)
Ord(5280)
Ord(3825)
Ord(2976)
Ord(1089)
Ord(2985)
Ord(2726)
Ord(3922)
Ord(3499)
Ord(4376)
Ord(543)
Ord(324)
Ord(5265)
Ord(521)
Ord(3830)
Ord(2385)
Ord(3619)
Ord(3079)
Ord(4226)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(4622)
Ord(561)
Ord(5715)
Ord(355)
Ord(4133)
Ord(817)
Ord(4486)
Ord(4698)
Ord(5163)
Ord(2567)
Ord(4673)
Ord(5302)
Ord(5731)
__p__fmode
malloc
rand
_ftol
fread
fclose
__dllonexit
_stricmp
fopen
_except_handler3
?terminate@@YAXXZ
fwrite
fseek
_onexit
ftell
exit
_XcptFilter
__setusermatherr
__p__commode
sprintf
_acmdln
_adjust_fdiv
free
__getmainargs
_exit
_setmbcp
__CxxFrameHandler
_initterm
_controlfp
__set_app_type
RedrawWindow
PostMessageA
OffsetRect
DrawIcon
GetSystemMetrics
GetWindowRect
EnableWindow
SetCapture
ReleaseCapture
GetDC
GetCursorPos
ReleaseDC
GetIconInfo
DrawIconEx
SendMessageA
GetClientRect
IsIconic
ScreenToClient
LoadCursorA
LoadIconA
CopyRect
GetDesktopWindow
PtInRect
PostThreadMessageA
SetCursor
waveOutReset
waveOutOpen
waveOutClose
waveOutUnprepareHeader
waveOutPause
waveOutPrepareHeader
waveOutWrite
PE exports
Number of PE resources by type
RT_ICON 12
RT_GROUP_ICON 11
RT_DIALOG 1
RT_GROUP_CURSOR 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 24
CHINESE SIMPLIFIED 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.3.0.1

UninitializedDataSize
0

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
65536

EntryPoint
0x10a5f

OriginalFileName
Player.EXE

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2008-2009,Stepok Image Lab.

FileVersion
2, 3, 0, 1

TimeStamp
2009:07:10 02:14:34+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Player

ProductVersion
2, 3, 0, 1

FileDescription
SCREEN2EXE/SWF Player

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
69632

ProductName
SelfPlayer

ProductVersionNumber
2.3.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 7a621d0a630b4e17c60acfb6888dd95a
SHA1 87930ad2cd8fd1f180a6d3a9697940e5972a711b
SHA256 645e669b2aa57c3bb6acfad8a0c3c40b9e30f866fa17d9be26ca92800ba90252
ssdeep
6144:IU1eoCKboTBl/uUwnRjQ+JzKAuuxTlkn7stD8a6s1NBNzpWP:IuCSoT3/HsOuxHDb6i3LM

authentihash 920343b729063704cba5ae259dafd15e3599e3bea77c2a7452e0cd97a32f1eee
imphash 7330c1a4338b41cb756b94c82fa6f475
File size 286.9 KB ( 293778 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.0%)
Win64 Executable (generic) (31.0%)
Windows screen saver (14.7%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Tags
peexe armadillo overlay

VirusTotal metadata
First submission 2012-12-17 07:15:55 UTC ( 5 years, 6 months ago )
Last submission 2018-06-19 05:24:22 UTC ( 2 days, 20 hours ago )
File names Charset.exe
7a621d0a630b4e17c60acfb6888dd95a.exe
Charset.exe
645e669b2aa57c3bb6acfad8a0c3c40b9e30f866fa17d9be26ca92800ba90252
EMJvZcz.scr
Player
Player.EXE
Charset.exe
Charset.exe.vir
output.81430860.txt
Charset.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V0904.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.