× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 95059579bed8c199bb4f197a94db58b578a2ae527486787475271f29c1f23b9b
File name: max-payne-2-512-jetelecharge.exe
Detection ratio: 0 / 67
Analysis date: 2018-09-26 14:29:59 UTC ( 8 months ago )
Antivirus Result Update
Ad-Aware 20180926
AegisLab 20180926
AhnLab-V3 20180926
Alibaba 20180921
ALYac 20180926
Antiy-AVL 20180926
Arcabit 20180926
Avast 20180926
Avast-Mobile 20180926
AVG 20180926
Avira (no cloud) 20180926
AVware 20180925
Babable 20180918
Baidu 20180926
BitDefender 20180926
Bkav 20180925
CAT-QuickHeal 20180923
ClamAV 20180926
CMC 20180926
Comodo 20180926
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20180926
Cyren 20180926
DrWeb 20180926
eGambit 20180926
Emsisoft 20180926
Endgame 20180730
ESET-NOD32 20180926
F-Prot 20180926
F-Secure 20180926
Fortinet 20180926
GData 20180926
Sophos ML 20180717
Jiangmin 20180926
K7AntiVirus 20180926
K7GW 20180926
Kaspersky 20180926
Kingsoft 20180926
Malwarebytes 20180926
MAX 20180926
McAfee 20180926
McAfee-GW-Edition 20180926
Microsoft 20180926
eScan 20180926
NANO-Antivirus 20180926
Palo Alto Networks (Known Signatures) 20180926
Panda 20180926
Qihoo-360 20180926
Rising 20180926
SentinelOne (Static ML) 20180926
Sophos AV 20180926
SUPERAntiSpyware 20180907
Symantec 20180925
Symantec Mobile Insight 20180924
TACHYON 20180926
Tencent 20180926
TheHacker 20180924
TotalDefense 20180925
TrendMicro 20180926
TrendMicro-HouseCall 20180926
Trustlook 20180926
VBA32 20180926
VIPRE 20180926
ViRobot 20180926
Webroot 20180926
Yandex 20180926
Zillya 20180926
ZoneAlarm by Check Point 20180925
Zoner 20180926
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 1990-2002 InstallShield Software Corporation

Product InstallShield (R)
Original name Setup.exe
Internal name ISPNickel
File version 7, 01, 100, 1248
Description InstallShield (R) Setup Launcher
Packers identified
PEiD InstallShield Custom
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-12-02 18:31:43
Entry Point 0x0000B1CC
Number of sections 4
PE sections
Overlays
MD5 c12c0ab83b9632933722684c75316743
File type data
Offset 111104
Size 257423332
Entropy 8.00
PE imports
GetTokenInformation
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
OpenProcessToken
RegQueryValueA
FreeSid
RegQueryValueExA
AllocateAndInitializeSid
OpenThreadToken
RegSetValueExA
EqualSid
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExA
GetObjectA
CreateFontIndirectA
GetTextExtentPoint32A
DeleteObject
LPtoDP
ReleaseMutex
GetFileAttributesA
WaitForSingleObject
HeapDestroy
DebugBreak
DeleteCriticalSection
GetCurrentProcess
lstrcatA
SetErrorMode
FindResourceExA
WideCharToMultiByte
WriteFile
HeapReAlloc
SetEvent
MoveFileA
InitializeCriticalSection
LoadResource
FindClose
InterlockedDecrement
SetLastError
ExitProcess
RemoveDirectoryA
GetPrivateProfileStringA
MultiByteToWideChar
CreateMutexA
GetModuleHandleA
CreateThread
VirtualQuery
SearchPathA
GetVersion
LeaveCriticalSection
HeapFree
EnterCriticalSection
lstrcmpiA
FreeLibrary
QueryPerformanceCounter
GetTickCount
VirtualProtect
GetVersionExA
LoadLibraryA
GetStartupInfoA
GetFileSize
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GlobalLock
CompareStringW
lstrcmpA
FindFirstFileA
lstrcpyA
CompareStringA
GetTempFileNameA
CreateFileMappingA
GetProcAddress
GetModuleFileNameA
CreateEventA
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
SystemTimeToFileTime
UnmapViewOfFile
GetSystemInfo
lstrlenA
GlobalFree
GlobalUnlock
GlobalAlloc
lstrlenW
GetShortPathNameA
SizeofResource
WritePrivateProfileStringA
LockResource
GetCommandLineA
GetCurrentThread
GetTempPathA
GetSystemDefaultLangID
QueryPerformanceFrequency
MapViewOfFile
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetCurrentThreadId
FindResourceA
CreateProcessA
HeapCreate
Sleep
IsBadReadPtr
OpenEventA
ResetEvent
LZCopy
LZClose
LZOpenFileA
LoadRegTypeLib
SysStringLen
SysAllocStringLen
RegisterTypeLib
VariantClear
SysAllocString
VariantCopy
LoadTypeLib
SysFreeString
GetMessageA
SetWindowRgn
ReleaseDC
EndDialog
CreateDialogIndirectParamA
KillTimer
ShowWindow
SetWindowPos
CharLowerA
IsDialogMessageA
GetWindowRect
DispatchMessageA
SetDlgItemTextA
MoveWindow
PeekMessageA
TranslateMessage
CharUpperA
SetActiveWindow
GetDC
SystemParametersInfoA
SetWindowTextA
LoadStringA
SendMessageA
GetDlgItem
CharLowerBuffA
ScreenToClient
wsprintfA
SetTimer
LoadIconA
CharNextA
GetDesktopWindow
PostThreadMessageA
MsgWaitForMultipleObjects
GetWindowTextA
DialogBoxIndirectParamA
DestroyWindow
VerInstallFileA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
CoGetInterfaceAndReleaseStream
CoInitialize
CoTaskMemAlloc
CoRevokeClassObject
GetRunningObjectTable
CoCreateInstance
CoMarshalInterThreadInterfaceInStream
StringFromCLSID
CoUninitialize
CoCreateGuid
CoReleaseMarshalData
CoTaskMemFree
CoRegisterClassObject
StringFromGUID2
Number of PE resources by type
RT_STRING 33
RT_ICON 6
RT_DIALOG 2
RT_MANIFEST 1
TYPELIB 1
PUBLICKEY 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
ENGLISH US 4
TURKISH DEFAULT 4
SWEDISH 1
HUNGARIAN DEFAULT 1
CZECH DEFAULT 1
FRENCH 1
CHINESE SIMPLIFIED 1
SLOVENIAN DEFAULT 1
INDONESIAN DEFAULT 1
DUTCH 1
ITALIAN 1
CATALAN DEFAULT 1
FINNISH DEFAULT 1
SERBIAN CYRILLIC 1
PORTUGUESE BRAZILIAN 1
SPANISH 1
FRENCH CANADIAN 1
KOREAN 1
BASQUE DEFAULT 1
PORTUGUESE 1
GERMAN 1
BULGARIAN DEFAULT 1
POLISH DEFAULT 1
JAPANESE DEFAULT 1
DANISH DEFAULT 1
SLOVAK DEFAULT 1
GREEK DEFAULT 1
NORWEGIAN BOKMAL 1
CHINESE TRADITIONAL 1
THAI DEFAULT 1
SERBIAN DEFAULT 1
ROMANIAN 1
RUSSIAN 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.1.100.1248

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
InstallShield (R) Setup Launcher

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
51200

EntryPoint
0xb1cc

OriginalFileName
Setup.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 1990-2002 InstallShield Software Corporation

FileVersion
7, 01, 100, 1248

TimeStamp
2002:12:02 19:31:43+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ISPNickel

ProductVersion
7, 01

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
InstallShield Software Corporation

CodeSize
58880

ProductName
InstallShield (R)

ProductVersionNumber
7.1.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 d5fafc408475539bf29685e957eb9e17
SHA1 591bc85fbecf2a6eed1ae6c4248de39923c07c1d
SHA256 95059579bed8c199bb4f197a94db58b578a2ae527486787475271f29c1f23b9b
ssdeep
6291456:7HG38wacZuurshPNicqkMZhHwqQDTh1fgT1XqpF:7HRcEj7qHhHwqQDoT1apF

authentihash 88af913988bc7e5e7dc95cbe980a1ac6f7482e15852d138adba4b69a439bf93f
imphash 052531e33b73e689b62443a5a3b4e9d1
File size 245.6 MB ( 257534436 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.0%)
Win64 Executable (generic) (31.0%)
Windows screen saver (14.7%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Tags
software-collection installshield peexe overlay

VirusTotal metadata
First submission 2016-04-16 02:04:04 UTC ( 3 years, 1 month ago )
Last submission 2018-09-26 14:29:59 UTC ( 8 months ago )
File names ISPNickel
max-payne-2-512-jetelecharge.exe
maxpayne2demo.exe
MaxPayne2DemoSetup.exe
MaxPayne2DemoSetup.exe
max-payne-2-the-fall-of-max-payne.exe
95059579BED8C199BB4F197A94DB58B578A2AE527486787475271F29C1F23B9B
maxpayne2_demo_install.exe
max-payne-2-512-jetelecharge.exe
maxpayne2_demo_install.exe
Setup.exe
maxpayne2demosetup.exe
max-payne-2-512-jetelecharge.exe
max-payne-2-512-jetelecharge.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!