× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 740f1ac882d9440bb3bad24e076aff9a519b425286bbc3fe7b1f69c78f75399c
File name: BioShock 2 Türkçe Yama.exe
Detection ratio: 3 / 68
Analysis date: 2018-09-30 17:10:57 UTC ( 4 months, 2 weeks ago )
Antivirus Result Update
Cylance Unsafe 20180930
Jiangmin TrojanSpy.MSIL.net 20180930
TheHacker Trojan/Generik.ILJJFJ 20180927
Ad-Aware 20180930
AegisLab 20180930
AhnLab-V3 20180930
Alibaba 20180921
ALYac 20180930
Antiy-AVL 20180930
Arcabit 20180930
Avast 20180930
Avast-Mobile 20180928
AVG 20180930
Avira (no cloud) 20180930
AVware 20180925
Babable 20180918
Baidu 20180930
BitDefender 20180930
Bkav 20180928
CAT-QuickHeal 20180930
ClamAV 20180930
CMC 20180930
Comodo 20180930
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cyren 20180930
DrWeb 20180930
eGambit 20180930
Emsisoft 20180930
Endgame 20180730
ESET-NOD32 20180930
F-Prot 20180930
F-Secure 20180930
Fortinet 20180930
GData 20180930
Ikarus 20180930
Sophos ML 20180717
K7AntiVirus 20180930
K7GW 20180930
Kaspersky 20180930
Kingsoft 20180930
Malwarebytes 20180930
MAX 20180930
McAfee 20180930
McAfee-GW-Edition 20180930
Microsoft 20180930
eScan 20180930
NANO-Antivirus 20180930
Palo Alto Networks (Known Signatures) 20180930
Panda 20180930
Qihoo-360 20180930
Rising 20180930
SentinelOne (Static ML) 20180926
Sophos AV 20180930
SUPERAntiSpyware 20180907
Symantec 20180930
Symantec Mobile Insight 20180924
TACHYON 20180930
Tencent 20180930
TrendMicro 20180930
TrendMicro-HouseCall 20180930
Trustlook 20180930
VBA32 20180928
VIPRE 20180930
ViRobot 20180930
Webroot 20180930
Yandex 20180927
Zillya 20180928
ZoneAlarm by Check Point 20180925
Zoner 20180927
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT CAB, UTF-8
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-09-03 22:28:04
Entry Point 0x00001000
Number of sections 5
PE sections
Overlays
MD5 64daa03589c859278c5a2608962bca9d
File type data
Offset 456704
Size 46875896
Entropy 7.99
PE imports
RegCreateKeyExW
RegCloseKey
OpenProcessToken
GetUserNameW
RegConnectRegistryW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
RegSetValueExW
InitCommonControlsEx
ImageList_Destroy
ImageList_AddMasked
ImageList_SetBkColor
ImageList_GetIconSize
ImageList_Create
ImageList_Remove
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_Add
SetDIBits
SetStretchBltMode
GetObjectType
GetDeviceCaps
ExcludeClipRect
DeleteDC
SetBkMode
CreateFontW
SetPixel
GetObjectW
BitBlt
CreateDIBSection
SetTextColor
CreatePatternBrush
GetObjectA
CreateBitmap
CreateDCW
GetStockObject
GetDIBits
CreateCompatibleDC
StretchBlt
SetBrushOrgEx
SelectObject
CreateSolidBrush
SetBkColor
DeleteObject
CreateCompatibleBitmap
MakeSureDirectoryPathExists
GetLastError
SetCurrentDirectoryW
HeapFree
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
ReleaseMutex
GetSystemInfo
LoadLibraryW
GlobalFree
WaitForSingleObject
GetVersionExW
FreeLibrary
MulDiv
HeapDestroy
HeapAlloc
TlsAlloc
GetVersionExA
GetFileAttributesW
GlobalAlloc
LoadLibraryA
GetLocalTime
CopyFileW
CreatePipe
GetCurrentProcess
SystemTimeToFileTime
FindNextFileW
GetFileSize
FindClose
SetFileTime
CreateThread
SetErrorMode
MultiByteToWideChar
HeapSize
SetEnvironmentVariableW
CreateDirectoryW
DeleteFileW
GetProcAddress
TerminateThread
RemoveDirectoryW
SetFileAttributesW
WideCharToMultiByte
GetModuleFileNameW
SetFilePointer
GetSystemDirectoryW
DeleteCriticalSection
ReadFile
WriteFile
CreateMutexW
CloseHandle
FindFirstFileW
DuplicateHandle
HeapReAlloc
GetModuleHandleW
GetDriveTypeW
InitializeCriticalSection
HeapCreate
GetTempPathW
CreateFileW
GetEnvironmentVariableW
CreateProcessW
LocalFileTimeToFileTime
GetDiskFreeSpaceExW
Sleep
SetEndOfFile
TlsSetValue
ExitProcess
GetCurrentThreadId
GetCurrentProcessId
SetLastError
LeaveCriticalSection
rand
malloc
srand
setlocale
memset
fclose
strcat
_stricmp
_wcsicmp
fprintf
_setjmp3
sscanf
fopen
strlen
_vsnwprintf
_wcsdup
fabs
mktime
fwrite
fseek
system
wcslen
wcscmp
ftell
exit
sprintf
memcmp
log10
ferror
__p__iob
localtime
fread
longjmp
_wcsnicmp
wcsncpy
gmtime
free
ceil
wcscat
atoi
wcsncmp
_wfopen
getenv
memcpy
memmove
floor
swscanf
wcscpy
_isnan
strcpy
time
CoUninitialize
CoInitialize
CoCreateGuid
CoCreateInstance
RevokeDragDrop
CoTaskMemFree
StringFromGUID2
SetupIterateCabinetW
ShellExecuteExW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHBrowseForFolderW
ExtractIconW
RedrawWindow
GetForegroundWindow
DrawStateW
SetWindowPos
IsWindow
EndPaint
SetActiveWindow
GetDC
GetCursorPos
ReleaseDC
GetDlgCtrlID
SendMessageW
SendMessageA
UnregisterClassW
GetClientRect
DrawTextW
LoadImageW
GetActiveWindow
ShowCursor
GetWindowTextW
GetWindowTextLengthW
MsgWaitForMultipleObjects
DestroyWindow
GetParent
UpdateWindow
GetPropW
SetClassLongW
EnumWindows
GetMessageW
ShowWindow
DrawFrameControl
SetPropW
CreateIconFromResourceEx
PeekMessageW
EnableWindow
CharUpperW
TranslateMessage
IsWindowEnabled
GetWindow
GetIconInfo
RegisterClassW
IsZoomed
IsIconic
GetWindowLongA
FillRect
CreateAcceleratorTableW
GetSysColorBrush
OemToCharW
CreateWindowExW
GetWindowLongW
IsChild
MapWindowPoints
BeginPaint
DefWindowProcW
ClipCursor
GetSystemMetrics
SetWindowLongW
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
EnumChildWindows
PostMessageW
DrawIconEx
SetWindowTextW
RemovePropW
ScreenToClient
DestroyAcceleratorTable
ValidateRect
CreateIconFromResource
LoadCursorW
LoadIconW
DispatchMessageW
ExitWindowsEx
SetFocus
GetWindowThreadProcessId
MessageBoxW
DefFrameProcW
RegisterClassExW
MoveWindow
GetWindowDC
AdjustWindowRectEx
GetSysColor
GetKeyState
DestroyIcon
IsWindowVisible
SetCursorPos
SystemParametersInfoW
InvalidateRect
CallWindowProcW
GetClassNameW
GetFocus
SetCursor
GetMenu
TranslateAcceleratorW
timeEndPeriod
timeBeginPeriod
Number of PE resources by type
RT_ICON 9
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 11
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:09:03 23:28:04+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
201728

LinkerVersion
2.5

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x1000

InitializedDataSize
259072

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 3369cca00b23533097172d5d5b44a7c3
SHA1 013c479aa5ef773f360de039a593e9085a5fe375
SHA256 740f1ac882d9440bb3bad24e076aff9a519b425286bbc3fe7b1f69c78f75399c
ssdeep
786432:S5u2Segtrv771cWJJYn2JS2Lir5oSnVZL7JxGowaSW7cApVm27zO8IbrXN:cu2Sec71BJo2JRLooSVVjgrW7cArzO8W

authentihash 5c599fcf5bf5c0ea4244100215ec65b9612216f1edbec8e3b4359c7061c97011
imphash 1033e7ad4ef699f506cce0c38fc5b07c
File size 45.1 MB ( 47332600 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (35.5%)
Win32 Executable MS Visual C++ (generic) (25.7%)
Win64 Executable (generic) (22.8%)
Win32 Dynamic Link Library (generic) (5.4%)
Win32 Executable (generic) (3.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-05-14 16:53:49 UTC ( 1 year, 9 months ago )
Last submission 2017-05-14 16:53:49 UTC ( 1 year, 9 months ago )
File names BioShock 2 Trke Yama.exe
BioShock 2 Türkçe Yama.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!