× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7b26ccc1b2dca3388b9d380bb124a5a501bf93d87bc11b27877c932a652065d0
File name: 33b2cb18cf3ef9f30e18f862b04ffb51c0918f95
Detection ratio: 6 / 65
Analysis date: 2019-02-23 10:44:52 UTC ( 1 month, 3 weeks ago ) View latest
Antivirus Result Update
AhnLab-V3 Malware/Gen.Generic.C1904678 20190223
Avira (no cloud) GAME/Downloader.Gen8 20190223
F-Secure Game.GAME/Downloader.Gen8 20190223
Sophos ML heuristic 20181128
Kaspersky not-a-virus:HEUR:Downloader.Win32.GameManager.gen 20190223
ZoneAlarm by Check Point not-a-virus:HEUR:Downloader.Win32.GameManager.gen 20190223
Acronis 20190222
Ad-Aware 20190223
AegisLab 20190223
Alibaba 20180921
ALYac 20190223
Antiy-AVL 20190223
Arcabit 20190223
Avast 20190223
Avast-Mobile 20190223
AVG 20190223
Babable 20180918
Baidu 20190215
BitDefender 20190223
CAT-QuickHeal 20190222
ClamAV 20190222
CMC 20190223
Comodo 20190223
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cylance 20190223
Cyren 20190223
DrWeb 20190223
eGambit 20190223
Emsisoft 20190223
Endgame 20190215
ESET-NOD32 20190223
Fortinet 20190223
GData 20190223
Ikarus 20190223
Jiangmin 20190223
K7AntiVirus 20190223
K7GW 20190223
Kingsoft 20190223
Malwarebytes 20190223
MAX 20190223
McAfee 20190223
McAfee-GW-Edition 20190223
Microsoft 20190223
eScan 20190223
NANO-Antivirus 20190223
Palo Alto Networks (Known Signatures) 20190223
Panda 20190223
Qihoo-360 20190223
Rising 20190223
SentinelOne (Static ML) 20190203
Sophos AV 20190223
SUPERAntiSpyware 20190220
Symantec 20190222
Symantec Mobile Insight 20190220
TACHYON 20190223
Tencent 20190223
TheHacker 20190217
TotalDefense 20190223
Trapmine 20190123
Trustlook 20190223
VBA32 20190222
ViRobot 20190222
Webroot 20190223
Yandex 20190222
Zoner 20190223
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© iWin inc.

Product MSN Games
File version 1.0.3.0
Description MSN Games Downloader
Signature verification Signed file, verified signature
Signing date 7:14 AM 2/20/2019
Signers
[+] iWin, Inc
Status Valid
Issuer Thawte Code Signing CA - G2
Valid from 12:00 AM 12/12/2018
Valid to 11:59 PM 01/31/2020
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 223701CAE4002436A511F2152651839727B86133
Serial number 1E 3D 75 A4 11 BF 4C D2 39 93 35 28 A2 81 50 68
[+] Thawte Code Signing CA - G2
Status Valid
Issuer thawte Primary Root CA
Valid from 12:00 AM 02/08/2010
Valid to 11:59 PM 02/07/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 808D62642B7D1C4A9A83FD667F7A2A9D243FB1C7
Serial number 47 97 4D 78 73 A5 BC AB 0D 2F B3 70 19 2F CE 5E
[+] thawte
Status Valid
Issuer thawte Primary Root CA
Valid from 12:00 AM 11/17/2006
Valid to 10:59 PM 07/16/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 91C6D6EE3E8AC86384E548C299295C756C817B81
Serial number 34 4E D5 57 20 D5 ED EC 49 F4 2F CE 37 DB 2B 6D
Counter signers
[+] GlobalSign TSA for MS Authenticode - G2
Status Valid
Issuer GlobalSign Timestamping CA - G2
Valid from 11:00 PM 05/23/2016
Valid to 11:00 PM 06/23/2027
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 63B82FAB61F583909695050B00249C502933EC79
Serial number 11 21 D6 99 A7 64 97 3E F1 F8 42 7E E9 19 CC 53 41 14
[+] GlobalSign Timestamping CA - G2
Status Valid
Issuer GlobalSign Root CA
Valid from 09:00 AM 04/13/2011
Valid to 12:00 PM 01/28/2028
Valid usage All
Algorithm sha1RSA
Thumbrint C0E49D2D7D90A5CD427F02D9125694D5D6EC5B71
Serial number 04 00 00 00 00 01 2F 4E E1 52 D7
[+] GlobalSign Root CA - R1
Status Valid
Issuer GlobalSign Root CA
Valid from 11:00 AM 09/01/1998
Valid to 12:00 PM 01/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbrint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
Packers identified
F-PROT NSIS, appended
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-12-05 22:50:41
Entry Point 0x000030CB
Number of sections 5
PE sections
Overlays
MD5 168ba323e539dec49e6dd337647c6fd1
File type font/x-snf
Offset 47616
Size 61400
Entropy 6.02
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
RegDeleteValueA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SetBkMode
CreateBrushIndirect
CreateFontIndirectA
SelectObject
SetBkColor
DeleteObject
SetTextColor
GetLastError
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
ExitProcess
SetFileTime
GlobalUnlock
LoadLibraryA
GetModuleFileNameA
GetShortPathNameA
GetCurrentProcess
LoadLibraryExA
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GlobalLock
SetFileAttributesA
SetFilePointer
GetTempPathA
CreateThread
lstrcmpiA
GetModuleHandleA
lstrcmpA
ReadFile
WriteFile
FindFirstFileA
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
RemoveDirectoryA
GetSystemDirectoryA
GetDiskFreeSpaceA
ExpandEnvironmentStringsA
GetFullPathNameA
FreeLibrary
MoveFileA
CreateProcessA
GlobalAlloc
SearchPathA
FindClose
Sleep
CreateFileA
GetTickCount
GetVersion
GetProcAddress
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
SHFileOperationA
EmptyClipboard
GetMessagePos
EndPaint
CharPrevA
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
SetWindowTextA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
ScreenToClient
SetDlgItemTextA
MessageBoxIndirectA
LoadImageA
GetDlgItemTextA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
FindWindowExA
SystemParametersInfoA
CreatePopupMenu
wsprintfA
DialogBoxParamA
SetClipboardData
IsWindowVisible
GetClassInfoA
SetForegroundWindow
GetClientRect
CreateWindowExA
GetDlgItem
CreateDialogParamA
DrawTextA
EnableMenuItem
RegisterClassA
InvalidateRect
GetWindowLongA
SendMessageTimeoutA
SetTimer
LoadCursorA
TrackPopupMenu
SendMessageA
FillRect
ShowWindow
OpenClipboard
CharNextA
CallWindowProcA
GetSystemMenu
EnableWindow
CloseClipboard
DestroyWindow
ExitWindowsEx
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_ICON 3
RT_DIALOG 3
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 9
PE resources
ExifTool file metadata
UninitializedDataSize
1024

LinkerVersion
6.0

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
1.0.3.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
MSN Games Downloader

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
ASCII

InitializedDataSize
119808

EntryPoint
0x30cb

MIMEType
application/octet-stream

LegalCopyright
iWin inc.

FileVersion
1.0.3.0

TimeStamp
2009:12:05 23:50:41+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0.3.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
iWin inc.

CodeSize
23040

ProductName
MSN Games

ProductVersionNumber
1.0.3.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 2cc9f4c1a7dcc6d689d252f3c0a286d6
SHA1 33b2cb18cf3ef9f30e18f862b04ffb51c0918f95
SHA256 7b26ccc1b2dca3388b9d380bb124a5a501bf93d87bc11b27877c932a652065d0
ssdeep
1536:RLXB65939tY6HBg4sXJl4TAoBtOLnV64EOcVf2MG0r:RLk395hYXJM9GnF2G0r

authentihash 74787af9569cb93d63fd3894b232bdca847df3c825e198e4f5f00319dba55b21
imphash 7fa974366048f9c551ef45714595665e
File size 106.5 KB ( 109016 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID NSIS - Nullsoft Scriptable Install System (94.6%)
Win32 Executable MS Visual C++ (generic) (3.4%)
Win32 Dynamic Link Library (generic) (0.7%)
Win32 Executable (generic) (0.5%)
OS/2 Executable (generic) (0.2%)
Tags
nsis peexe signed overlay

VirusTotal metadata
First submission 2019-02-23 10:44:52 UTC ( 1 month, 3 weeks ago )
Last submission 2019-02-23 10:44:52 UTC ( 1 month, 3 weeks ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created mutexes
Runtime DLLs