× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b4957e09a708e8cf3dd78be5b50e502a2eea5a3e229caab9800dda1338483033
File name: tchr-efikantus.exe
Detection ratio: 12 / 42
Analysis date: 2012-05-01 14:03:27 UTC ( 1 year, 11 months ago ) View latest
Antivirus Result Update
AVG Generic18.ASCJ 20120430
Comodo TrojWare.Win32.Buzus.hhtt 20120430
Emsisoft possible-Threat.GameHack!IK 20120430
Fortinet Riskware/Cheathappens 20120430
Ikarus possible-Threat.GameHack 20120430
Jiangmin Trojan/Buzus.nfe 20120430
K7AntiVirus Trojan 20120430
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Fake.K 20120430
NOD32 a variant of Win32/GameHack.F 20120430
TheHacker Trojan/Buzus.ette 20120428
VBA32 Trojan.Buzus.ette 20120430
VirusBuster Trojan.Buzus!jVx+POFl6Qc 20120430
AhnLab-V3 20120430
AntiVir 20120430
Antiy-AVL 20120430
Avast 20120430
BitDefender 20120430
ByteHero 20120430
CAT-QuickHeal 20120430
ClamAV 20120430
Commtouch 20120430
DrWeb 20120430
F-Prot 20120430
F-Secure 20120430
GData 20120430
Kaspersky 20120430
McAfee 20120430
Microsoft 20120430
Norman 20120430
PCTools 20120430
Panda 20120430
Rising 20120428
SUPERAntiSpyware 20120402
Sophos 20120430
Symantec 20120430
TrendMicro 20120430
TrendMicro-HouseCall 20120429
VIPRE 20120430
ViRobot 20120430
eSafe 20120430
eTrust-Vet 20120430
nProtect 20120430
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Publisher CheatHappens
Product Torchlight Trainer
File version 1.0007
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-02-25 14:11:35
Entry Point 0x00001000
Number of sections 5
PE sections
PE imports
GetCurrentHwProfileA
InitCommonControls, CreateStatusWindowA, InitCommonControlsEx
CreatePatternBrush, GetStockObject, GetObjectType, DeleteObject, CreateCompatibleDC, SetDIBits, DeleteDC, GetObjectA, CreateDCA, CreateCompatibleBitmap, CreateDIBSection
GetModuleHandleA, HeapCreate, IsDebuggerPresent, OpenProcess, GetTickCount, ReadProcessMemory, WriteProcessMemory, VirtualAllocEx, CreateRemoteThread, WaitForSingleObject, GetExitCodeThread, VirtualFreeEx, CloseHandle, VirtualProtectEx, HeapDestroy, ExitProcess, GetModuleFileNameA, HeapFree, HeapAlloc, LoadLibraryA, GetProcAddress, FreeLibrary, Sleep, CreateThread, GetCurrentThreadId, GetCurrentProcessId, InitializeCriticalSection, GetCurrentProcess, DuplicateHandle, CreatePipe, GetStdHandle, CreateProcessA, EnterCriticalSection, LeaveCriticalSection, GlobalAlloc, GlobalFree, GetTempPathA, DeleteFileA, WriteFile, CreateFileA, GetFileSize, ReadFile, SetFilePointer, HeapReAlloc
memset, sprintf, _strnicmp, strncmp, strncpy, _strdup, free, strlen, strcpy, log10, memcpy, fopen, fseek, fclose, strcat, longjmp, _setjmp3, ftell, malloc, fread, strcmp, exit, _iob, fprintf, getenv, sscanf
CoInitialize, RevokeDragDrop
ShellExecuteExA
URLDownloadToFileA
GetForegroundWindow, GetWindowThreadProcessId, GetKeyboardState, GetAsyncKeyState, GetWindowRect, GetCursorPos, PtInRect, SetClassLongA, RedrawWindow, GetPropA, GetParent, GetClientRect, SendMessageA, InvalidateRect, CallWindowProcA, SetPropA, SetWindowLongA, DestroyWindow, BeginPaint, EndPaint, DefWindowProcA, LoadIconA, RegisterClassExA, CreateWindowExA, MessageBoxA, IsWindowVisible, IsWindowEnabled, EnableWindow, EnumWindows, DestroyIcon, CreateIconFromResourceEx, CreateIconFromResource, GetIconInfo, ShowWindow, GetWindowLongA, ScreenToClient, SetWindowPos, UpdateWindow, ReleaseCapture, DrawStateA, SetCapture, GetSystemMetrics, RemovePropA, PostMessageA, GetWindow, SetActiveWindow, UnregisterClassA, DestroyAcceleratorTable, LoadCursorA, RegisterClassA, AdjustWindowRect, GetActiveWindow, CreateAcceleratorTableA, SetCursorPos, LoadImageA, SetCursor, MapWindowPoints, MoveWindow, SystemParametersInfoA, GetKeyState, PeekMessageA, MsgWaitForMultipleObjects, GetMessageA, TranslateAcceleratorA, TranslateMessage, DispatchMessageA, FillRect, EnumChildWindows, DefFrameProcA, SetFocus, GetFocus, IsChild, GetClassNameA
InternetGetConnectedState
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
2.5

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
1167872

MIMEType
application/octet-stream

FileVersion
1.0007

TimeStamp
2010:02:25 06:11:35-08:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
15888

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Unknown (0)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
CheatHappens

CodeSize
79360

ProductName
Torchlight Trainer

ProductVersionNumber
0.0.0.0

EntryPoint
0x1000

ObjectFileType
Unknown

File identification
MD5 ac20bd19fc6ecba0b29f3439c8eaf94c
SHA1 c10f6e15a47c6b0fc43096f16ed226f0c72202d0
SHA256 b4957e09a708e8cf3dd78be5b50e502a2eea5a3e229caab9800dda1338483033
ssdeep
24576:NOHPugc+d7yFO/qi/NXNfGCjSLmwsNPd3RgKiJBV1Ls2wBPUC:kuwRyFO/jNd+CjS7sNlKBJBV1Ls2wBV

File size 1.2 MB ( 1245730 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Generic (38.3%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
VirusTotal metadata
First submission 2012-05-01 14:03:27 UTC ( 1 year, 11 months ago )
Last submission 2012-05-01 15:09:20 UTC ( 1 year, 11 months ago )
File names tchr-efikantus.exe
file-3880299_exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!