× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 71d961f314257e856f8b41e270bdfc886799ffa6416a0add0d74dd308bc7ac0e
File name: PotPlayer_icon_replacer_v1.0.exe
Detection ratio: 4 / 58
Analysis date: 2017-02-20 03:55:04 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_66% (D) 20170130
Endgame malicious (moderate confidence) 20170217
Sophos ML virtool.win32.autinject.cg 20170203
Qihoo-360 HEUR/QVM11.1.0000.Malware.Gen 20170220
Ad-Aware 20170220
AegisLab 20170220
AhnLab-V3 20170219
Alibaba 20170220
ALYac 20170220
Antiy-AVL 20170220
Arcabit 20170220
Avast 20170220
AVG 20170220
Avira (no cloud) 20170219
AVware 20170220
Baidu 20170217
BitDefender 20170220
CAT-QuickHeal 20170218
ClamAV 20170220
CMC 20170219
Comodo 20170220
Cyren 20170220
DrWeb 20170220
Emsisoft 20170220
ESET-NOD32 20170219
F-Prot 20170220
F-Secure 20170220
Fortinet 20170220
GData 20170220
Ikarus 20170219
Jiangmin 20170220
K7AntiVirus 20170220
K7GW 20170220
Kaspersky 20170220
Kingsoft 20170220
Malwarebytes 20170220
McAfee 20170220
McAfee-GW-Edition 20170219
Microsoft 20170220
eScan 20170220
NANO-Antivirus 20170220
nProtect 20170220
Panda 20170219
Rising 20170220
Sophos AV 20170220
SUPERAntiSpyware 20170219
Symantec 20170219
Tencent 20170220
TheHacker 20170218
TotalDefense 20170219
TrendMicro 20170220
TrendMicro-HouseCall 20170220
Trustlook 20170220
VBA32 20170217
VIPRE 20170220
ViRobot 20170219
Webroot 20170220
WhiteArmor 20170215
Yandex 20170219
Zillya 20170218
Zoner 20170220
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
©V@no 2017

Product PotPlayer icon replacer
File version 1.0.0.0
Description Replace PotPlayer icon
Comments http://www.autoitscript.com/autoit3/
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-20 03:08:20
Entry Point 0x001B6B20
Number of sections 3
PE sections
PE imports
ImageList_Remove
GetOpenFileNameW
LineTo
IcmpSendEcho
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
WNetUseConnectionW
VariantInit
GetProcessMemoryInfo
DragFinish
LoadUserProfileW
IsThemeActive
VerQueryValueW
FtpOpenFileW
timeGetTime
connect
CoGetObject
Number of PE resources by type
RT_ICON 9
RT_STRING 7
RT_GROUP_ICON 4
RT_MANIFEST 1
RT_MENU 1
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 22
NEUTRAL 1
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
1441792

Comments
http://www.autoitscript.com/autoit3/

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
913408

EntryPoint
0x1b6b20

MIMEType
application/octet-stream

LegalCopyright
V@no 2017

FileVersion
1.0.0.0

TimeStamp
2017:02:20 04:08:20+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.1

ProductVersion
1.0

FileDescription
Replace PotPlayer icon

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
352256

ProductName
PotPlayer icon replacer

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Unknown

File identification
MD5 3d385a808c8c8d3c970bc50e147a205a
SHA1 dec0f4cff4fedf3cac1184508c2d96fa36d805ff
SHA256 71d961f314257e856f8b41e270bdfc886799ffa6416a0add0d74dd308bc7ac0e
ssdeep
24576:64GHnhIzOaAya9eWrQfjJqKK5SXJRYP7+VM:1shdaAV9emQ0ho58yq

authentihash aa20fe67a98ab7f2c6174854956bf366b1e173ff2e2348ba4d6a35a01fb7e587
imphash fc6683d30d9f25244a50fd5357825e79
File size 1.2 MB ( 1262592 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (28.6%)
UPX compressed Win32 Executable (28.0%)
Win32 EXE Yoda's Crypter (27.5%)
Win32 Dynamic Link Library (generic) (6.8%)
Win32 Executable (generic) (4.6%)
Tags
peexe upx

VirusTotal metadata
First submission 2017-02-20 03:55:04 UTC ( 1 year, 4 months ago )
Last submission 2017-02-20 03:55:04 UTC ( 1 year, 4 months ago )
File names PotPlayer_icon_replacer_v1.0.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Opened mutexes
Searched windows
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.