× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9d8b50dcf36ee6bb1a456f2a5aa0f0f1e32a67dbf122507bb3a0feba3b591f68
File name: terminator-3721.exe
Detection ratio: 0 / 69
Analysis date: 2018-09-30 16:34:15 UTC ( 6 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware 20180930
AegisLab 20180930
AhnLab-V3 20180930
Alibaba 20180921
ALYac 20180930
Antiy-AVL 20180930
Arcabit 20180930
Avast 20180930
Avast-Mobile 20180928
AVG 20180930
Avira (no cloud) 20180930
AVware 20180925
Babable 20180918
Baidu 20180930
BitDefender 20180930
Bkav 20180928
CAT-QuickHeal 20180930
ClamAV 20180930
CMC 20180930
Comodo 20180930
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20180930
Cyren 20180930
DrWeb 20180930
eGambit 20180930
Emsisoft 20180930
Endgame 20180730
ESET-NOD32 20180930
F-Prot 20180930
F-Secure 20180930
Fortinet 20180930
GData 20180930
Ikarus 20180930
Sophos ML 20180717
Jiangmin 20180930
K7AntiVirus 20180930
K7GW 20180930
Kaspersky 20180930
Kingsoft 20180930
Malwarebytes 20180930
MAX 20180930
McAfee 20180930
McAfee-GW-Edition 20180930
Microsoft 20180930
eScan 20180930
NANO-Antivirus 20180930
Palo Alto Networks (Known Signatures) 20180930
Panda 20180930
Qihoo-360 20180930
Rising 20180930
SentinelOne (Static ML) 20180926
Sophos AV 20180930
SUPERAntiSpyware 20180907
Symantec 20180930
Symantec Mobile Insight 20180924
TACHYON 20180930
Tencent 20180930
TheHacker 20180927
TotalDefense 20180930
TrendMicro 20180930
TrendMicro-HouseCall 20180930
Trustlook 20180930
VBA32 20180928
VIPRE 20180930
ViRobot 20180930
Webroot 20180930
Yandex 20180927
Zillya 20180928
ZoneAlarm by Check Point 20180925
Zoner 20180927
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright

File version
Description Terminator Setup
Comments This installation was built with Inno Setup: http://www.innosetup.com
Packers identified
F-PROT INNO, appended, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x000097F0
Number of sections 8
PE sections
Overlays
MD5 f45293241690ab99d2a1e15b62b3adc1
File type data
Offset 52224
Size 927305
Entropy 8.00
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
CreateDirectoryA
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetLocaleInfoA
LocalAlloc
LockResource
IsDBCSLeadByte
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
CloseHandle
GetFullPathNameA
LocalFree
CreateProcessA
GetModuleFileNameA
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
FindResourceA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 4
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
DUTCH 4
ENGLISH US 3
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
This installation was built with Inno Setup: http://www.innosetup.com

LinkerVersion
2.25

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Terminator Setup

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Windows, Latin1

InitializedDataSize
16896

EntryPoint
0x97f0

MIMEType
application/octet-stream

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
1.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
GameFabrique

CodeSize
36864

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 98b5232bb4f2f4532c63c39f795ca045
SHA1 fda8aab234e858cfa870bf2b632106319b998268
SHA256 9d8b50dcf36ee6bb1a456f2a5aa0f0f1e32a67dbf122507bb3a0feba3b591f68
ssdeep
24576:7I39dYzGv6o1QyLuf8cSB06QPk0ujtaDfD6G5AhgebVKo0Ld8:76dgGS1sB1Qc0Yav5OVbv4e

authentihash 1d8e6e7a27838e9a9e170c1359f302dcd4ccb0f6bc77e43948e8852db0e93dd3
imphash 80417b621299e3e1de617305557a3c68
File size 956.6 KB ( 979529 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable PowerBASIC/Win 9.x (50.8%)
Inno Setup installer (37.6%)
Win32 Executable Delphi generic (4.8%)
Win32 Dynamic Link Library (generic) (2.2%)
Win32 Executable (generic) (1.5%)
Tags
peexe overlay

VirusTotal metadata
First submission 2009-08-30 15:07:52 UTC ( 9 years, 7 months ago )
Last submission 2018-09-30 16:34:15 UTC ( 6 months, 3 weeks ago )
File names terminator-3721-jetelecharge.exe
terminator-3721-jetelecharge.exe
terminator.exe
terminator-3721-jetelecharge.exe
terminator-3721.exe
terminator-3721-jetelecharge.exe
terminator.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications