× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 80766ac6cc79f1faf5e830eeb9e1e5d6cbdcd7a58496e81751347f17c23f7f8d
File name: conquerors tr v3.exe
Detection ratio: 8 / 70
Analysis date: 2018-12-14 01:37:05 UTC ( 2 months, 1 week ago )
Antivirus Result Update
AVware Trojan.Win32.Generic!BT 20180925
CrowdStrike Falcon (ML) malicious_confidence_70% (W) 20181022
Sophos ML heuristic 20181128
McAfee-GW-Edition BehavesLike.Win32.Dropper.fc 20181213
Palo Alto Networks (Known Signatures) generic.ml 20181214
TheHacker Trojan/Generik.CEASDNT 20181213
VIPRE Trojan.Win32.Generic!BT 20181213
Webroot W32.Dropper.Gen 20181214
Ad-Aware 20181214
AegisLab 20181213
AhnLab-V3 20181213
Alibaba 20180921
ALYac 20181214
Antiy-AVL 20181213
Arcabit 20181213
Avast 20181213
Avast-Mobile 20181213
AVG 20181213
Avira (no cloud) 20181213
Babable 20180918
Baidu 20181207
BitDefender 20181213
Bkav 20181213
CAT-QuickHeal 20181213
ClamAV 20181213
CMC 20181213
Comodo 20181213
Cybereason 20180225
Cylance 20181214
Cyren 20181213
DrWeb 20181213
eGambit 20181214
Emsisoft 20181213
Endgame 20181108
ESET-NOD32 20181213
F-Prot 20181213
F-Secure 20181213
Fortinet 20181213
GData 20181213
Jiangmin 20181213
K7AntiVirus 20181213
K7GW 20181213
Kaspersky 20181213
Kingsoft 20181214
Malwarebytes 20181213
MAX 20181214
McAfee 20181213
Microsoft 20181213
eScan 20181213
NANO-Antivirus 20181213
Panda 20181213
Qihoo-360 20181214
Rising 20181213
SentinelOne (Static ML) 20181011
Sophos AV 20181213
SUPERAntiSpyware 20181212
Symantec 20181213
Symantec Mobile Insight 20181212
TACHYON 20181213
Tencent 20181214
TotalDefense 20181213
Trapmine 20181205
TrendMicro 20181213
TrendMicro-HouseCall 20181213
Trustlook 20181214
VBA32 20181213
ViRobot 20181213
Yandex 20181213
Zillya 20181213
ZoneAlarm by Check Point 20181213
Zoner 20181213
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT RAR
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-02-15 08:00:31
Entry Point 0x0001D7CB
Number of sections 4
PE sections
Overlays
MD5 42478f5a9b4d7e721f6dd7bac1e65dca
File type application/x-rar
Offset 210944
Size 160448
Entropy 8.00
PE imports
RegCreateKeyExW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
InitCommonControlsEx
GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError
GetDeviceCaps
DeleteDC
SelectObject
StretchBlt
GetObjectW
CreateDIBSection
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
WaitForSingleObject
GetFileAttributesW
SystemTimeToTzSpecificLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
GetExitCodeProcess
InitializeCriticalSection
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
SetLastError
GetSystemTime
DeviceIoControl
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
SetThreadPriority
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
GetFullPathNameW
CreateThread
SetEnvironmentVariableW
MoveFileExW
SetUnhandledExceptionFilter
TzSpecificLocalTimeToSystemTime
TerminateProcess
CreateSemaphoreW
WriteConsoleA
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
GetNumberFormatW
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatW
SetEvent
DeleteFileW
GetProcAddress
CreateFileMappingW
CompareStringW
WriteFile
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
CreateDirectoryW
ResetEvent
FindFirstFileW
GetProcessAffinityMask
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
HeapCreate
GetConsoleCP
LCMapStringA
GetTimeFormatW
GetEnvironmentStringsW
IsDBCSLeadByte
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
ReleaseSemaphore
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetLongPathNameW
IsValidCodePage
UnmapViewOfFile
FindResourceW
VirtualFree
Sleep
VirtualAlloc
CreateHardLinkW
VariantInit
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
SHGetMalloc
SHAutoComplete
MapWindowPoints
SetFocus
GetParent
UpdateWindow
EndDialog
LoadBitmapW
SetWindowTextW
DefWindowProcW
GetWindowTextW
GetMessageW
ShowWindow
SetWindowPos
wvsprintfW
GetSystemMetrics
SetWindowLongW
IsWindow
SendMessageW
GetWindowRect
EnableWindow
CharUpperW
DialogBoxParamW
SendDlgItemMessageW
GetDlgItemTextW
PostMessageW
GetSysColor
SetDlgItemTextW
GetDC
GetWindowLongW
ReleaseDC
DestroyIcon
TranslateMessage
IsWindowVisible
LoadStringW
GetClientRect
GetDlgItem
GetWindow
OemToCharBuffA
DispatchMessageW
MessageBoxW
PeekMessageW
GetClassNameW
CopyRect
WaitForInputIdle
LoadCursorW
LoadIconW
FindWindowExW
CreateWindowExW
RegisterClassExW
SetForegroundWindow
DestroyWindow
CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromString
OleInitialize
OleUninitialize
Number of PE resources by type
RT_STRING 9
RT_DIALOG 6
RT_ICON 4
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 22
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:02:15 09:00:31+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
165888

LinkerVersion
9.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x1d7cb

InitializedDataSize
175104

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 0256e60625fb0b3529acedcb8d479292
SHA1 4b01892ea3148678fab0a2571570318ea73ef18b
SHA256 80766ac6cc79f1faf5e830eeb9e1e5d6cbdcd7a58496e81751347f17c23f7f8d
ssdeep
6144:qsxanyfX5k7JlJDlABKUtfU/WQcb5w/emCCX9Vsbu2sNYmj2EdLk/M:L0nyfXuIBDtfu3kCtVn2sV2Uw0

authentihash 715eb1d7afb7352592daa4400ac9d133ec4fce54e3519ee37c97c32c9b65abb5
imphash 4cfda23baf1e2e983ddfeca47a5c755a
File size 362.7 KB ( 371392 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID WinRAR Self Extracting archive (4.x-5.x) (91.4%)
Win32 Executable MS Visual C++ (generic) (3.4%)
Win64 Executable (generic) (3.0%)
Win32 Dynamic Link Library (generic) (0.7%)
Win32 Executable (generic) (0.5%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-10-26 17:06:30 UTC ( 3 years, 3 months ago )
Last submission 2017-01-27 18:11:48 UTC ( 2 years ago )
File names conquerors tr v3 (1).exe
80766ac6cc79f1faf5e830eeb9e1e5d6cbdcd7a58496e81751347f17c23f7f8d.file
conquerors tr v3.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs