× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 65cbed2e8db313b8966638e40eb27f94156c294eb060b28a02c130d146518c39
File name: standalonephase2.dat
Detection ratio: 0 / 50
Analysis date: 2014-02-25 13:56:21 UTC ( 3 years, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware 20140225
Yandex 20140223
AhnLab-V3 20140224
AntiVir 20140225
Antiy-AVL 20140225
Avast 20140225
AVG 20140225
Baidu-International 20140225
BitDefender 20140225
Bkav 20140224
ByteHero 20140225
CAT-QuickHeal 20140225
ClamAV 20140225
CMC 20140220
Commtouch 20140225
Comodo 20140225
DrWeb 20140225
Emsisoft 20140225
ESET-NOD32 20140225
F-Prot 20140225
F-Secure 20140225
Fortinet 20140225
GData 20140225
Ikarus 20140225
Jiangmin 20140225
K7AntiVirus 20140225
K7GW 20140225
Kaspersky 20140225
Kingsoft 20140225
Malwarebytes 20140225
McAfee 20140225
McAfee-GW-Edition 20140225
Microsoft 20140225
eScan 20140225
NANO-Antivirus 20140225
Norman 20140224
nProtect 20140225
Panda 20140225
Qihoo-360 20140225
Rising 20140223
Sophos 20140225
SUPERAntiSpyware 20140225
Symantec 20140225
TheHacker 20140224
TotalDefense 20140225
TrendMicro 20140225
TrendMicro-HouseCall 20140225
VBA32 20140224
VIPRE 20140225
ViRobot 20140225
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 3:09 AM 6/2/2013
Signers
[+] Cheat Engine
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer GlobalSign CodeSigning CA - G2
Valid from 3:26 AM 3/25/2013
Valid to 12:08 PM 7/22/2014
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint E896DC18DF16CAE692BD11C874FD70395AFA5A6A
Serial number 11 21 EC FE BA 3F 53 10 2B 74 1B 7E 1A ED B2 50 1C 7C
[+] GlobalSign CodeSigning CA - G2
Status Valid
Issuer GlobalSign Root CA
Valid from 11:00 AM 4/13/2011
Valid to 11:00 AM 4/13/2019
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 9000401777DD2B43393D7B594D2FF4CBA4516B38
Serial number 04 00 00 00 00 01 2F 4E E1 35 5C
[+] GlobalSign
Status Valid
Issuer GlobalSign Root CA
Valid from 1:00 PM 9/1/1998
Valid to 1:00 PM 1/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbprint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
Counter signers
[+] GlobalSign Time Stamping Authority
Status The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer GlobalSign Timestamping CA
Valid from 10:32 AM 12/21/2009
Valid to 10:32 AM 12/22/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint AEDF7DF76BBA2410D67DBAF18F5BA15B417E496C
Serial number 01 00 00 00 00 01 25 B0 B4 CC 01
[+] GlobalSign Timestamping CA
Status Valid
Issuer GlobalSign Root CA
Valid from 12:00 PM 3/18/2009
Valid to 1:00 PM 1/28/2028
Valid usage All
Algorithm sha1RSA
Thumbrint 958D23902D5448314F2F811034356A58255CDC9B
Serial number 04 00 00 00 00 01 20 19 C1 90 66
[+] GlobalSign
Status Valid
Issuer GlobalSign Root CA
Valid from 1:00 PM 9/1/1998
Valid to 1:00 PM 1/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbrint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Entry Point 0x000277D0
Number of sections 6
PE sections
Overlays
MD5 c2efe7a843dac5d676184270add0e63d
File type data
Offset 195072
Size 5816
Entropy 7.42
PE imports
SetFilePointer
SetThreadLocale
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
GetConsoleOutputCP
ReadFile
GetStartupInfoA
FileTimeToDosDateTime
GetFileAttributesA
TryEnterCriticalSection
FreeLibrary
TlsSetValue
WaitForSingleObject
ExitProcess
GetThreadLocale
TlsAlloc
GetVersionExA
GetModuleFileNameA
RemoveDirectoryA
DeleteCriticalSection
EnumCalendarInfoA
FileTimeToLocalFileTime
SizeofResource
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
LockResource
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
MultiByteToWideChar
ReadProcessMemory
GetCommandLineA
GetProcAddress
TerminateThread
GetProcessHeap
EnumResourceTypesA
CompareStringW
FindResourceExA
CreateThread
GetModuleHandleA
FindFirstFileA
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
EnumResourceNamesA
CloseHandle
ResetEvent
EnumResourceLanguagesA
FindNextFileA
SuspendThread
ExitThread
GetUserDefaultLCID
FreeResource
ResumeThread
SetEvent
LocalFree
SetThreadPriority
GetThreadPriority
CreateProcessA
WideCharToMultiByte
InitializeCriticalSection
LoadResource
VirtualFree
CreateEventA
FindClose
TlsGetValue
Sleep
FormatMessageA
SetEndOfFile
LeaveCriticalSection
CreateFileA
HeapAlloc
GetCurrentThreadId
FindResourceA
LocalAlloc
SetLastError
CompareStringA
SysReAllocStringLen
SysFreeString
SysAllocStringLen
CharLowerBuffW
CharLowerA
GetSystemMetrics
CharUpperBuffA
MessageBoxA
CharLowerBuffA
CharUpperBuffW
MessageBeep
CharUpperA
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
0000:00:00 00:00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
157696

LinkerVersion
2.62

FileTypeExtension
exe

InitializedDataSize
31404

SubsystemVersion
4.0

EntryPoint
0x277d0

OSVersion
4.0

ImageVersion
1.0

UninitializedDataSize
14292

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 808de473370ef6b5d98ab752f245a3ca
SHA1 800bd4ad10c17471829693fac3cee4502b14f029
SHA256 65cbed2e8db313b8966638e40eb27f94156c294eb060b28a02c130d146518c39
ssdeep
3072:WkHnWPw0GnbgoCxI+HRoEp51jdnRNuCQJYgl/Ftgpu5ivZ2in:x240Gnbgog37uCQJYgNPgV2E

authentihash e47349de44206ce473f25304aac642ca5cac9c1e6da687ec7875d6b7477730ff
imphash fa12988c1f536d0d5a773434549432dc
File size 196.2 KB ( 200888 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
Win16/32 Executable Delphi generic (2.7%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2013-06-11 14:06:26 UTC ( 3 years, 11 months ago )
Last submission 2017-05-17 03:44:50 UTC ( 1 week, 6 days ago )
File names Trainer 59 Watch Dogs Deluxe Edition Bad Blood [Ver.1.05.324] by {MaxTre}.EXE
Grand Theft Auto 5 V1.00 Trainer 7 MrAntiFun.EXE
HRM.EXE
FTH_v1.7.33364.EXE
maa trainer.exe
Mad Games Tycoon V0.150619 Trainer 3 MrAntiFun.EXE
This War Of Mine V1.00 Trainer +1 MrAntiFun.EXE
vs060kta.o1j
SE3.EXE
8 Ball Pool Long Line Size Hack.EXE
BH.EXE
vsbl0ruq.gka
xenus2trn.EXE
Dead Island - Riptide v1.4.1.1.13 Trainer 19.EXE
HACK PACK V2.9.EXE
Guns N Zombies V1.00 Trainer 3MrAntiFun.EXE
DOA5.EXE
vsdl194c.9a1
vsr419ik.o1e
WTOB.EXE
Tom Clancys Rainbow Six Siege V1.00 Trainer 4 MrAntiFun.EXE
UplinkTrainer.exe
maa hack.exe
GTAV.EXE
State Of Decay Year One V1.00 Trainer 15 MrAntiFun.EXE
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.