× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 95045f5515624f3540c136e9728bc546fbd1e55552ed2a2d2cfb83b617e61fe9
File name: mafia2_v1.02_trn+10.exe
Detection ratio: 1 / 43
Analysis date: 2010-12-03 20:13:53 UTC ( 3 years, 7 months ago ) View latest
Antivirus Result Update
TrendMicro PAK_Generic.001 20101203
AVG 20101203
AhnLab-V3 20101203
AntiVir 20101203
Antiy-AVL 20101203
Avast 20101203
Avast5 20101203
BitDefender 20101203
CAT-QuickHeal 20101203
ClamAV 20101203
Command 20101203
Comodo 20101203
DrWeb 20101203
Emsisoft 20101203
F-Prot 20101203
F-Secure 20101203
Fortinet 20101203
GData 20101203
Ikarus 20101203
Jiangmin 20101203
K7AntiVirus 20101202
Kaspersky 20101203
McAfee 20101203
McAfee-GW-Edition 20101203
Microsoft 20101203
NOD32 20101203
Norman 20101203
PCTools 20101203
Panda 20101203
Prevx 20101203
Rising 20101203
SUPERAntiSpyware 20101203
Sophos 20101203
Symantec 20101203
TheHacker 20101201
TrendMicro-HouseCall 20101203
VBA32 20101203
VIPRE 20101203
ViRobot 20101203
VirusBuster 20101203
eSafe 20101202
eTrust-Vet 20101203
nProtect 20101203
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-12-06 08:27:47
Link date 9:27 AM 12/6/2010
Entry Point 0x00073470
Number of sections 3
PE sections
PE imports
LoadLibraryA
ExitProcess
GetProcAddress
InitCommonControls
SetBkMode
ShellExecuteA
PtInRect
PlaySoundA
Number of PE resources by type
RT_BITMAP 5
WAVE 4
RT_DIALOG 1
RT_GROUP_CURSOR 1
RT_ICON 1
RT_CURSOR 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 14
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2010:12:06 09:27:47+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
155648

LinkerVersion
5.12

FileAccessDate
2014:02:28 14:24:58+01:00

EntryPoint
0x73470

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:02:28 14:24:58+01:00

UninitializedDataSize
315392

Compressed bundles
File identification
MD5 002173bc5945e72bd7ed96f64f450a73
SHA1 598c60e09097731e90f9f68d3b751a113ab13014
SHA256 95045f5515624f3540c136e9728bc546fbd1e55552ed2a2d2cfb83b617e61fe9
ssdeep
3072:NjvDwQLjK3msnHGrsSfw4B7j5VzwTYD2NAmQKCqjdvIbQ+uNWi0gT:ZvMQLO3dnmrxVB7dKTYKNSWjCc+u7J

imphash 1372c114e6d83423bfe37e75e610bfdd
File size 154.0 KB ( 157696 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
Tags
peexe upx

VirusTotal metadata
First submission 2010-12-03 20:13:53 UTC ( 3 years, 7 months ago )
Last submission 2014-02-28 13:24:32 UTC ( 4 months, 1 week ago )
File names mafia2_v1.02_trn+10.exe
mafia2_v1.02_trn 10.exe
smona131488426077850169147
smona131247752857896318857
mafia2_v1.02_trn+10.exe
002173BC5945E72BD7ED96F64F450A73
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!