× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 697d7ae019aba52a308c3c7850a620ff92661258fdeb8247d3d98d0d3e72357d
File name: Eternal Arena Hack 1.53.exe
Detection ratio: 0 / 56
Analysis date: 2016-03-10 15:10:17 UTC ( 1 year, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware 20160310
AegisLab 20160310
Yandex 20160308
AhnLab-V3 20160310
Alibaba 20160310
ALYac 20160310
Antiy-AVL 20160310
Arcabit 20160310
Avast 20160310
AVG 20160310
Avira (no cloud) 20160310
AVware 20160310
Baidu 20160310
Baidu-International 20160310
BitDefender 20160310
Bkav 20160310
ByteHero 20160310
CAT-QuickHeal 20160310
ClamAV 20160310
CMC 20160307
Comodo 20160310
Cyren 20160310
DrWeb 20160310
Emsisoft 20160310
ESET-NOD32 20160310
F-Prot 20160310
F-Secure 20160310
Fortinet 20160310
GData 20160310
Ikarus 20160310
Jiangmin 20160310
K7AntiVirus 20160310
K7GW 20160310
Kaspersky 20160310
Malwarebytes 20160310
McAfee 20160310
McAfee-GW-Edition 20160310
Microsoft 20160310
eScan 20160310
NANO-Antivirus 20160310
nProtect 20160310
Panda 20160309
Qihoo-360 20160310
Rising 20160310
Sophos AV 20160310
SUPERAntiSpyware 20160310
Symantec 20160309
Tencent 20160310
TheHacker 20160310
TrendMicro 20160310
TrendMicro-HouseCall 20160310
VBA32 20160310
VIPRE 20160310
ViRobot 20160310
Zillya 20160310
Zoner 20160310
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
(C)2009-2014 Scrapebox

Product ScrapeBox Link Checker Free Edition
Original name sblinkchecker.exe
Internal name ScrapeBox Link Checker
File version 1.4.0.1
Description ScrapeBox Link Checker
Signature verification Signed file, verified signature
Signing date 12:53 PM 5/6/2014
Signers
[+] Guenter Kraemer
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer DigiCert Assured ID Code Signing CA-1
Valid from 1:00 AM 4/15/2014
Valid to 1:00 PM 6/19/2015
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 4B648E3E9806D5CD6217605B2AACEA3D8CA848B1
Serial number 0A ED 86 2D 82 36 F8 89 D7 18 4B 8E 1E FA C2 BB
[+] DigiCert Assured ID Code Signing CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 PM 2/11/2011
Valid to 1:00 PM 2/10/2026
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 409AA4A74A0CDA7C0FEE6BD0BB8823D16B5F1875
Serial number 0F A8 49 06 15 D7 00 A0 BE 21 76 FD C5 EC 6D BD
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
Counter signers
[+] DigiCert Timestamp Responder
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer DigiCert Assured ID CA-1
Valid from 1:00 AM 5/21/2013
Valid to 1:00 AM 6/4/2014
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 766489C6D10DC60904E1158E9CC8BE6D4E5EFB53
Serial number 03 9F ED ED CB 79 5B 8D ED 32 0C 89 19 F0 36 89
[+] DigiCert Assured ID CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2021
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing
Algorithm sha1RSA
Thumbrint 19A09B5A36F4DD99727DF783C17A51231A56C117
Serial number 06 FD F9 03 96 03 AD EA 00 0A EB 3F 27 BB BA 1B
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbrint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
Packers identified
F-PROT PECompact, PecBundle
PEiD PECompact 2.xx --> BitSum Technologies
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-06 11:53:17
Entry Point 0x00001000
Number of sections 2
PE sections
Overlays
MD5 384ee7e079b8e04d5cf7c76a8ef582d7
File type data
Offset 1005056
Size 8496
Entropy 7.15
PE imports
RegQueryValueExA
_TrackMouseEvent
PrintDlgA
UnrealizeObject
GdipSetImageAttributesColorKeys
ImmGetCompositionStringW
VirtualFree
LoadLibraryA
VirtualAlloc
GetProcAddress
CreateStreamOnHGlobal
SysFreeString
ShellExecuteExA
GetKeyboardType
VerQueryValueW
OpenPrinterA
WSACleanup
Number of PE resources by type
RT_BITMAP 77
RT_STRING 29
RT_GROUP_CURSOR 23
RT_CURSOR 23
RT_ICON 16
RT_RCDATA 9
RT_GROUP_ICON 8
RT_DIALOG 2
MAD 2
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 80
ENGLISH US 57
DUTCH BELGIAN 54
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
2.25

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.4.0.1

Website
http://www.scrapebox.com

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
ScrapeBox Link Checker

CharacterSet
Windows, Latin1

InitializedDataSize
561664

EntryPoint
0x1000

OriginalFileName
sblinkchecker.exe

MIMEType
application/octet-stream

LegalCopyright
(C)2009-2014 Scrapebox

FileVersion
1.4.0.1

TimeStamp
2014:05:06 12:53:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ScrapeBox Link Checker

ProductVersion
1.4

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
ScrapeBox.com

CodeSize
2251264

ProductName
ScrapeBox Link Checker Free Edition

ProductVersionNumber
1.4.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

SBOrderUrl
http://www.scrapebox.com/tool.html

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 2f53b6308086afd9c779798ab7efbef4
SHA1 56439f5c3e2630269cd7f12924a8c92db57bd6e9
SHA256 697d7ae019aba52a308c3c7850a620ff92661258fdeb8247d3d98d0d3e72357d
ssdeep
24576:aeB4vjPMrLDp6tyrdVRDmZo74wqBNzI3cvykp:aeBWjPMvDp6t0VRSZQ4wqBJPvykp

authentihash cd9000a263c22d6a65c52452e55b98a61c89f90adba07750aab90a7ac071fbc7
imphash d088a2cdd33873bcf8733b59b29f2e03
File size 989.8 KB ( 1013552 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (v2.x) (50.1%)
Win32 EXE PECompact compressed (generic) (35.2%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.8%)
Win16/32 Executable Delphi generic (1.7%)
Tags
pecompact peexe signed overlay

VirusTotal metadata
First submission 2014-05-18 23:30:59 UTC ( 3 years, 5 months ago )
Last submission 2017-07-28 00:54:06 UTC ( 2 months, 3 weeks ago )
File names ScrapeBox Link Checker
vsj41gfa.2qt
vsg60ku9.itv
DomiNations Hack 1.45.exe
file-7906753_exe
League Of Angels Fire Raiders Hack 1.29.exe
Shadowgun Deadzone Hack 1.95.exe
sblinkchecker.exe
Mutants Genetic Gladiators Hack 1.15.exe
Tap Titans Hack 2.1.exe
Siegefall Hack.exe
vs341gg0.ir6
Magic Rush Heroes Hack 2.25.exe
vsj41gfa.2rh
Jetpack Joyride Hack Apk v 1.28.exe
Clash Royale Hack 2.2.exe
PBA Bowling Challenge Hack.exe
FarmVille 2 Country Escape Hack.exe
Royal Revolt 2 Hack 1.45.exe
vsj41gfa.2rp
Stormfall Rise Of Balur Hack.exe
Walking War Robots Hack.exe
Kritika The White Knights Hack 1.6.exe
Shadow Fight 2 Hack Tool v 2.32.exe
vsll1j2g.2o0
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Deleted files
Created mutexes
Hooking activity
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications