× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7defa0740020eeae80bf12eca176fc463299eaa74007b1e15dfba68723a8bdf6
File name: 7defa0740020eeae80bf12eca176fc463299eaa74007b1e15dfba68723a8bdf6
Detection ratio: 2 / 60
Analysis date: 2017-06-07 21:24:20 UTC ( 1 year, 8 months ago )
Antivirus Result Update
SentinelOne (Static ML) static engine - malicious 20170516
Webroot W32.Rogue.Gen 20170607
Ad-Aware 20170607
AegisLab 20170607
AhnLab-V3 20170607
Alibaba 20170607
ALYac 20170607
Arcabit 20170607
Avast 20170607
AVG 20170607
Avira (no cloud) 20170607
AVware 20170607
Baidu 20170601
BitDefender 20170607
Bkav 20170602
CAT-QuickHeal 20170607
ClamAV 20170607
CMC 20170607
Comodo 20170607
CrowdStrike Falcon (ML) 20170420
Cyren 20170607
DrWeb 20170607
Emsisoft 20170607
Endgame 20170515
ESET-NOD32 20170607
F-Prot 20170607
F-Secure 20170607
Fortinet 20170607
GData 20170607
Ikarus 20170607
Sophos ML 20170607
Jiangmin 20170607
K7AntiVirus 20170607
K7GW 20170607
Kaspersky 20170607
Kingsoft 20170607
Malwarebytes 20170607
McAfee 20170607
McAfee-GW-Edition 20170607
Microsoft 20170607
eScan 20170607
NANO-Antivirus 20170607
nProtect 20170607
Palo Alto Networks (Known Signatures) 20170607
Panda 20170607
Qihoo-360 20170607
Rising 20170605
Sophos AV 20170607
SUPERAntiSpyware 20170607
Symantec 20170607
Symantec Mobile Insight 20170606
Tencent 20170607
TheHacker 20170607
TotalDefense 20170607
TrendMicro 20170607
Trustlook 20170607
VBA32 20170606
VIPRE 20170607
ViRobot 20170607
WhiteArmor 20170601
Yandex 20170606
Zillya 20170607
ZoneAlarm by Check Point 20170607
Zoner 20170607
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
2015

Product Assassins Creed Rogue Türkçe Yama
File version 1.00
Description Assassins Creed Rogue TR v1.00
Comments Animus Projesi
Packers identified
F-PROT NSIS, docwrite, UPX, appended
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-12-05 22:50:46
Entry Point 0x000C44E0
Number of sections 3
PE sections
Overlays
MD5 6a12ea063f74b415efc51832fbbba1e7
File type data
Offset 585728
Size 1268704
Entropy 8.00
PE imports
RegEnumKeyA
SetBkMode
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
ShellExecuteA
VerQueryValueA
CoTaskMemFree
Number of PE resources by type
RT_ICON 9
RT_DIALOG 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 15
NEUTRAL 1
PE resources
ExifTool file metadata
LegalTrademarks
Assassins Creed Rogue Ubisoft

UninitializedDataSize
782336

Comments
Animus Projesi

LinkerVersion
6.0

ImageVersion
6.0

CompanyWebsite
http://www.animusprojesi.com

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x0000

CharacterSet
Windows, Latin1

InitializedDataSize
569344

EntryPoint
0xc44e0

MIMEType
application/octet-stream

LegalCopyright
2015

FileVersion
1.0

TimeStamp
2009:12:05 23:50:46+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

ProductVersion
1.0

FileDescription
Assassins Creed Rogue TR v1.00

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
www.animusprojesi.com

CodeSize
20480

ProductName
Assassins Creed Rogue T rk e Yama

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 ed4a3d149b45e86e9061f914c2dc701e
SHA1 e1b8932ea1259df08f3c5bf934cce245bda6386f
SHA256 7defa0740020eeae80bf12eca176fc463299eaa74007b1e15dfba68723a8bdf6
ssdeep
49152:hF88yQNbWvVBsAvf66meslFr+QbzqEB+SESPH9qfTUsvcauSG1:hF88yQNbWvVBsqf66mesnyQXTNdqfpcb

authentihash dcb5836ec2157cd4670e3419ec2b2220d35ca421ce30c6a44fdbfd8193c48f78
imphash 2134f794bcda54794e74b7208adb2204
File size 1.8 MB ( 1854432 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (39.3%)
Win32 EXE Yoda's Crypter (38.6%)
Win32 Dynamic Link Library (generic) (9.5%)
Win32 Executable (generic) (6.5%)
Generic Win/DOS Executable (2.9%)
Tags
nsis peexe upx overlay

VirusTotal metadata
First submission 2015-05-03 10:15:42 UTC ( 3 years, 9 months ago )
Last submission 2017-06-07 21:24:20 UTC ( 1 year, 8 months ago )
File names Assassins_Creed_Rogue_TR_Yama_v1.00.exe
assassins_creed_rogue_tr_yama_v1.00.exe
Setup.exe
Assassins_Creed_Rogue_TR_Yama_v1.00.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications