× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 78d30db066aa20f665111f5f7282ab1f7da16dcefbd2a87aea7101830a718246
File name: 7d4955d0d44b2519be12763d222b489ea468d8bc
Detection ratio: 18 / 69
Analysis date: 2019-01-31 23:24:54 UTC ( 1 month, 2 weeks ago )
Antivirus Result Update
AhnLab-V3 Malware/Win32.Generic.C2976151 20190131
Avast Win32:Trojan-gen 20190131
AVG Win32:Trojan-gen 20190131
Avira (no cloud) TR/AD.PredatorThief.ntnqe 20190131
CrowdStrike Falcon (ML) malicious_confidence_70% (D) 20181023
DrWeb Trojan.PWS.Stealer.25535 20190131
ESET-NOD32 a variant of Win32/Kryptik.GOTM 20190131
Fortinet W32/Agent.PPS!tr 20190131
Ikarus Virus.Win32.OnLineGames 20190131
Kaspersky not-a-virus:PSWTool.Win32.Lazagne.wg 20190131
NANO-Antivirus Trojan.Win32.Stealer.fmmaqh 20190131
Panda Trj/GdSda.A 20190131
Rising Spyware.Agent!8.C6 (TFE:dGZlOgVDw8TYCqhAYg) 20190131
SentinelOne (Static ML) static engine - malicious 20190124
Symantec ML.Attribute.HighConfidence 20190131
Trapmine malicious.moderate.ml.score 20190123
VBA32 BScope.Trojan.Agent 20190131
ZoneAlarm by Check Point not-a-virus:PSWTool.Win32.Lazagne.wg 20190131
Acronis 20190130
Ad-Aware 20190131
AegisLab 20190131
Alibaba 20180921
ALYac 20190131
Antiy-AVL 20190131
Arcabit 20190131
Avast-Mobile 20190130
Babable 20180917
Baidu 20190130
BitDefender 20190131
Bkav 20190130
CAT-QuickHeal 20190131
ClamAV 20190131
CMC 20190131
Comodo 20190131
Cybereason 20190109
Cyren 20190131
eGambit 20190131
Emsisoft 20190131
Endgame 20181108
F-Prot 20190131
F-Secure 20190131
GData 20190131
Sophos ML 20181128
Jiangmin 20190131
K7AntiVirus 20190131
K7GW 20190131
Kingsoft 20190131
Malwarebytes 20190131
MAX 20190131
McAfee 20190131
McAfee-GW-Edition 20190131
Microsoft 20190131
eScan 20190131
Palo Alto Networks (Known Signatures) 20190131
Qihoo-360 20190131
Sophos AV 20190131
SUPERAntiSpyware 20190130
TACHYON 20190131
Tencent 20190131
TheHacker 20190131
TotalDefense 20190131
TrendMicro 20190202
TrendMicro-HouseCall 20190131
Trustlook 20190131
ViRobot 20190131
Webroot 20190131
Yandex 20190128
Zillya 20190131
Zoner 20190131
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright

File version
Description Torin's Passage Setup
Comments Эта установка создана с помощью программы Inno Setup с переводом Dave Medissn.
Packers identified
PEiD ASPack v2.12
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-24 16:27:49
Entry Point 0x00102001
Number of sections 6
PE sections
PE imports
GdipAlloc
GetProcAddress
GetModuleHandleA
LoadLibraryA
Number of PE resources by type
RT_ICON 15
RT_STRING 5
RT_RCDATA 3
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 18
NEUTRAL 8
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

Comments
Inno Setup Dave Medissn.

LinkerVersion
14.16

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Torin's Passage Setup

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
594944

EntryPoint
0x102001

MIMEType
application/octet-stream

TimeStamp
2019:01:24 08:27:49-08:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
6.0

OSVersion
6.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Dospet-games, Inc.

CodeSize
454656

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 5deb9cff795755a8cfb8b9f73f6df468
SHA1 7d4955d0d44b2519be12763d222b489ea468d8bc
SHA256 78d30db066aa20f665111f5f7282ab1f7da16dcefbd2a87aea7101830a718246
ssdeep
12288:3mOnUXAjInU0hkq44qcKedBvNTJKKhDzYKtcN1kJNb4audjMu:3mOnUXAnskq4+FKKhNE159

authentihash 9c5f6d3378eb4e69310371b932d2552c7b4c79ae94d287df3a2787757d924470
imphash b7cc68b6e244256e76c747bc33c69b1a
File size 760.5 KB ( 778752 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe aspack

VirusTotal metadata
First submission 2019-01-31 23:24:54 UTC ( 1 month, 2 weeks ago )
Last submission 2019-01-31 23:24:54 UTC ( 1 month, 2 weeks ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!