× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8c3ce96e77db7e0e4d32c4eedf1001642e8733c110937dc074621e900b0af334
File name: Online Games ...
Detection ratio: 55 / 55
Analysis date: 2016-10-04 04:58:59 UTC ( 2 years, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Generic.7686659 20161004
AegisLab W32.W.Mabezat.b!c 20161004
AhnLab-V3 Worm/Win32.Mabezat.N45765545 20161003
ALYac Trojan.Generic.7686659 20160930
Antiy-AVL Worm/Win32.Mabezat.b 20161004
Arcabit Trojan.Generic.D754A03 20161004
Avast Win32:Agent-AVCE [Trj] 20161004
AVG Generic_r.NV 20161004
Avira (no cloud) WORM/Mabezat.b 20161004
AVware Worm.Win32.Mabezat.b (v) 20161004
Baidu Win32.Worm.Mabezat.b 20161001
BitDefender Trojan.Generic.7686659 20161004
Bkav W32.Pharoh.Worm 20161003
CAT-QuickHeal W32.Mabezat.Dr 20161003
ClamAV Win.Trojan.Mabezat-1 20161004
CMC Generic.Win32.7b6d0cdadb!CMCRadar 20161003
Comodo Worm.Win32.Pronny.BL 20161004
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
Cyren W32/Mabezat.FRWO-1177 20161004
DrWeb Win32.HLLW.Tazebama 20161004
Emsisoft Trojan.Generic.7686659 (B) 20161004
ESET-NOD32 Win32/Mabezat.A 20161004
F-Prot W32/Mabezat.A 20161004
F-Secure Trojan.Generic.7686659 20161004
Fortinet W32/Mabezat.B!worm 20161004
GData Trojan.Generic.7686659 20161004
Ikarus Worm.Win32.Mabezat 20161003
Sophos ML virus.win32.mabezat.b 20160928
Jiangmin Trojan/Mabezat.g 20161004
K7AntiVirus Trojan ( 004be84f1 ) 20161003
K7GW Trojan ( 004be84f1 ) 20161004
Kaspersky Worm.Win32.Mabezat.b 20161004
Kingsoft Win32.Mabezat.b.1038191 20161004
Malwarebytes Trojan.Agent.ED 20161004
McAfee W32/Mabezat 20161004
McAfee-GW-Edition BehavesLike.Win32.Mabezat.ch 20161004
Microsoft Virus:Win32/Mabezat.B 20161004
eScan Trojan.Generic.7686659 20161004
NANO-Antivirus Virus.Win32.Mabezat.kfroy 20161003
nProtect Worm/W32.Mabezat 20161004
Panda W32/Mabezat.B.worm 20161002
Qihoo-360 VirusOrg.Win32.Mabezet.B 20161004
Rising Malware.Generic!eLAX2YbEb5Q@3 (thunder) 20161004
Sophos AV W32/Mabezat-B 20161004
Symantec W32.Mabezat.B 20161004
Tencent Worm.Win32.Autorun.gcy 20161004
TheHacker W32/Mabezat.gen 20161001
TrendMicro PE_MABEZAT.B-O 20161004
TrendMicro-HouseCall PE_MABEZAT.B-O 20161004
VBA32 Trojan.Win32.Mabezat.a 20161003
VIPRE Worm.Win32.Mabezat.b (v) 20161004
ViRobot Worm.Win32.Mabezat.154751[h] 20161004
Yandex Worm.Mabezat.A 20161003
Zillya Worm.MabezatGen.Win32.3 20161003
Zoner Win32.Mabezat.B 20161004
Alibaba 20161003
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-10-29 06:17:05
Entry Point 0x00001000
Number of sections 4
PE sections
Overlays
MD5 fabec8f2023b24e880d01597e11d9277
File type data
Offset 79360
Size 81585
Entropy 6.75
PE imports
GetStartupInfoA
HeapFree
GetModuleHandleA
ExitProcess
HeapAlloc
GetCommandLineA
GetTickCount
LoadLibraryA
HeapReAlloc
GetProcAddress
GetProcessHeap
rename
__CxxFrameHandler
memset
strstr
abs
rand
strlen
srand
strcat
memcpy
strcpy
memcmp
isdigit
_EH_prolog
isspace
strncpy
strcmp
MessageBoxA
wvsprintfA
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
CATALAN NEUTRAL 1
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2007:10:29 07:17:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
53760

LinkerVersion
6.0

EntryPoint
0x1000

InitializedDataSize
78336

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 7b6d0cdadbe01f7fcb2529a72f57e797
SHA1 5d88a7f150dc130dfddaf7874230a2746cc0e887
SHA256 8c3ce96e77db7e0e4d32c4eedf1001642e8733c110937dc074621e900b0af334
ssdeep
3072:MEHkpel+kzLhw0uSHNmPfTrDKIbiPcR4prKX8AT1wy:MMnfzafvD3bN4prKX86

authentihash f35c611600b9264dd943df75205d42bea5e16ec09d2822c613a357ea40417f43
imphash 6039c26165040db47e28057ca34786ef
File size 157.2 KB ( 160945 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2008-05-05 23:30:20 UTC ( 10 years, 11 months ago )
Last submission 2016-10-04 04:58:59 UTC ( 2 years, 6 months ago )
File names Affiches des Jeux PS2 .exe
Online Games .exe
S-1-0-01-7573641870-3722026407-731437747-1143 .exe
file-5542762_exe
A0002063.exe_7b6d0cdadbe01f7fcb2529a72f57e797
Behaviour characterization
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Shell commands
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.