× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8b4dd69a3deaa2d7df44eee83e3c341e9aba094fec4d583ca65aebbbd2682965
File name: 446673
Detection ratio: 2 / 69
Analysis date: 2018-11-25 00:09:07 UTC ( 2 weeks, 2 days ago )
Antivirus Result Update
Cylance Unsafe 20181125
Trapmine malicious.moderate.ml.score 20180918
Ad-Aware 20181124
AegisLab 20181124
AhnLab-V3 20181124
Alibaba 20180921
ALYac 20181124
Antiy-AVL 20181124
Arcabit 20181124
Avast 20181124
Avast-Mobile 20181124
AVG 20181124
Avira (no cloud) 20181124
Babable 20180918
Baidu 20181123
BitDefender 20181124
Bkav 20181123
CAT-QuickHeal 20181124
ClamAV 20181125
CMC 20181124
Comodo 20181124
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cyren 20181124
DrWeb 20181125
eGambit 20181125
Emsisoft 20181124
Endgame 20181108
ESET-NOD32 20181124
F-Prot 20181124
F-Secure 20181124
Fortinet 20181125
GData 20181125
Ikarus 20181124
Sophos ML 20181108
Jiangmin 20181125
K7AntiVirus 20181124
K7GW 20181124
Kaspersky 20181124
Kingsoft 20181125
MAX 20181125
McAfee 20181124
McAfee-GW-Edition 20181124
Microsoft 20181124
eScan 20181124
NANO-Antivirus 20181124
Palo Alto Networks (Known Signatures) 20181125
Panda 20181124
Qihoo-360 20181125
Rising 20181124
SentinelOne (Static ML) 20181011
Sophos AV 20181125
SUPERAntiSpyware 20181121
Symantec 20181124
Symantec Mobile Insight 20181121
TACHYON 20181124
Tencent 20181125
TheHacker 20181118
TotalDefense 20181124
TrendMicro 20181124
TrendMicro-HouseCall 20181124
Trustlook 20181125
VBA32 20181123
VIPRE 20181123
ViRobot 20181124
Webroot 20181125
Yandex 20181123
Zillya 20181123
ZoneAlarm by Check Point 20181124
Zoner 20181125
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
2013 © Toncha Communication

Product Hearts_x86_en
Original name Hearts_x86_en.exe
Internal name Hearts_x86_en
File version 1.1.1
Description Gambling-House
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-09-19 21:35:52
Entry Point 0x00001280
Number of sections 9
PE sections
Overlays
MD5 3368156c65ec1c4d60e69933bba24bf5
File type data
Offset 6627840
Size 49436
Entropy 4.38
PE imports
RegCloseKey
RegOpenKeyExW
RegEnumKeyW
GetLastError
GetTempFileNameA
EnterCriticalSection
lstrlenA
WaitForSingleObject
ExitProcess
TlsAlloc
VirtualProtect
LoadLibraryA
DeleteCriticalSection
SizeofResource
LocalAlloc
ReleaseSemaphore
LockResource
DeleteFileA
TlsGetValue
GetProcAddress
GetTempPathA
CreateSemaphoreA
TlsFree
GetModuleHandleA
SetUnhandledExceptionFilter
WriteFile
InterlockedIncrement
CloseHandle
FreeConsole
GetCurrentThreadId
LocalFree
CreateProcessA
InitializeCriticalSection
LoadResource
VirtualQuery
InterlockedDecrement
Sleep
TlsSetValue
CreateFileA
GetVersion
FindResourceA
SetLastError
LeaveCriticalSection
ShellExecuteA
MessageBoxA
LoadStringA
__p__fmode
malloc
__p__environ
realloc
memset
atexit
abort
_setmode
_cexit
fputc
wcscmp
fwrite
_onexit
fputs
sprintf
memcmp
free
vfprintf
__getmainargs
calloc
_write
memcpy
signal
__set_app_type
strcmp
_iob
Number of PE resources by type
RT_ICON 6
RT_RCDATA 2
RT_MANIFEST 1
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 12
PE resources
ExifTool file metadata
UninitializedDataSize
2048

LinkerVersion
2.23

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.1.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Gambling-House

ImageFileCharacteristics
No relocs, Executable, No line numbers, 32-bit, No debug

CharacterSet
Windows, Latin1

InitializedDataSize
6626816

EntryPoint
0x1280

OriginalFileName
Hearts_x86_en.exe

MIMEType
application/octet-stream

LegalCopyright
2013 Toncha Communication

FileVersion
1.1.1

TimeStamp
2013:09:19 22:35:52+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Hearts_x86_en

ProductVersion
1.1.1

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Toncha Communication

CodeSize
82432

ProductName
Hearts_x86_en

ProductVersionNumber
1.1.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 a684a6152a7ccf29abe5f95938475fcb
SHA1 9c9577b559fbc93681f1dfa2f9920e80750f9b37
SHA256 8b4dd69a3deaa2d7df44eee83e3c341e9aba094fec4d583ca65aebbbd2682965
ssdeep
98304:W55nXuudhFeq3U3W0XtAKtJxC57GTCE6K612Z:INndneq3YXx/364Z

authentihash 525e733d0d7ed910006e92f7effcb0d3ec443bac6d7666236c228c0c1f37c465
imphash 0433e91df77f1062291cea6568a7b3e8
File size 6.4 MB ( 6677276 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID InstallShield setup (47.1%)
Win32 Executable MS Visual C++ (generic) (34.1%)
Win32 Dynamic Link Library (generic) (7.1%)
Win32 Executable (generic) (4.9%)
OS/2 Executable (generic) (2.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2013-09-20 13:52:22 UTC ( 5 years, 2 months ago )
Last submission 2016-03-22 00:50:36 UTC ( 2 years, 8 months ago )
File names Hearts_x86_en.exe
Hearts_x86_en
446673
Hearts_x86_en.exe
8B4DD69A3DEAA2D7DF44EEE83E3C341E9ABA094FEC4D583CA65AEBBBD2682965
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.