× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b4957e09a708e8cf3dd78be5b50e502a2eea5a3e229caab9800dda1338483033
File name: tchr-efikantus.exe
Detection ratio: 12 / 42
Analysis date: 2012-05-01 14:03:27 UTC ( 4 years ago ) View latest
Antivirus Result Update
AVG Generic18.ASCJ 20120430
Comodo TrojWare.Win32.Buzus.hhtt 20120430
Emsisoft possible-Threat.GameHack!IK 20120430
Fortinet Riskware/Cheathappens 20120430
Ikarus possible-Threat.GameHack 20120430
Jiangmin Trojan/Buzus.nfe 20120430
K7AntiVirus Trojan 20120430
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Fake.K 20120430
NOD32 a variant of Win32/GameHack.F 20120430
TheHacker Trojan/Buzus.ette 20120428
VBA32 Trojan.Buzus.ette 20120430
VirusBuster Trojan.Buzus!jVx+POFl6Qc 20120430
AhnLab-V3 20120430
AntiVir 20120430
Antiy-AVL 20120430
Avast 20120430
BitDefender 20120430
ByteHero 20120430
CAT-QuickHeal 20120430
ClamAV 20120430
Commtouch 20120430
DrWeb 20120430
F-Prot 20120430
F-Secure 20120430
GData 20120430
Kaspersky 20120430
McAfee 20120430
Microsoft 20120430
Norman 20120430
PCTools 20120430
Panda 20120430
Rising 20120428
SUPERAntiSpyware 20120402
Sophos 20120430
Symantec 20120430
TrendMicro 20120430
TrendMicro-HouseCall 20120429
VIPRE 20120430
ViRobot 20120430
eSafe 20120430
eTrust-Vet 20120430
nProtect 20120430
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Torchlight Trainer
File version 1.0007
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-02-25 14:11:35
Entry Point 0x00001000
Number of sections 5
PE sections
Overlays
MD5 c9c9c24754d3fed36494d2c3ab1d9b03
File type data
Offset 1244672
Size 1058
Entropy 4.03
PE imports
GetCurrentHwProfileA
CreateStatusWindowA
InitCommonControlsEx
InitCommonControls
CreatePatternBrush
SetDIBits
DeleteDC
CreateDCA
GetObjectType
GetStockObject
CreateDIBSection
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetObjectA
HeapFree
GetStdHandle
EnterCriticalSection
WriteProcessMemory
ReadFile
VirtualAllocEx
GlobalFree
WaitForSingleObject
FreeLibrary
HeapDestroy
HeapAlloc
LoadLibraryA
GetModuleFileNameA
CreateRemoteThread
CreatePipe
GetCurrentProcess
VirtualFreeEx
GetCurrentProcessId
OpenProcess
DeleteFileA
ExitProcess
ReadProcessMemory
GetProcAddress
VirtualProtectEx
SetFilePointer
GetTempPathA
CreateThread
GetModuleHandleA
GetExitCodeThread
WriteFile
CloseHandle
DuplicateHandle
HeapReAlloc
CreateProcessA
InitializeCriticalSection
HeapCreate
GlobalAlloc
IsDebuggerPresent
Sleep
CreateFileA
GetTickCount
GetCurrentThreadId
GetFileSize
LeaveCriticalSection
strncmp
malloc
sscanf
memset
fclose
strcat
fprintf
_setjmp3
fopen
strlen
strncpy
fseek
ftell
_strdup
sprintf
exit
log10
fread
longjmp
free
getenv
memcpy
strcpy
_strnicmp
strcmp
_iob
RevokeDragDrop
CoInitialize
ShellExecuteExA
URLDownloadToFileA
MapWindowPoints
RedrawWindow
TranslateAcceleratorA
GetForegroundWindow
GetParent
UpdateWindow
SetPropA
PostMessageA
BeginPaint
DrawStateA
EnumWindows
SetFocus
MoveWindow
LoadImageA
DefWindowProcA
ShowWindow
SetClassLongA
FillRect
GetPropA
SetWindowPos
GetWindowThreadProcessId
GetSystemMetrics
GetWindowRect
DispatchMessageA
EndPaint
SetCapture
ReleaseCapture
EnumChildWindows
MessageBoxA
PeekMessageA
SetWindowLongA
TranslateMessage
IsWindowEnabled
GetWindow
SetActiveWindow
RegisterClassExA
GetAsyncKeyState
SystemParametersInfoA
RemovePropA
GetIconInfo
GetKeyState
DestroyIcon
UnregisterClassA
CreateAcceleratorTableA
IsWindowVisible
SendMessageA
DefFrameProcA
GetClientRect
SetCursorPos
SetCursor
ScreenToClient
InvalidateRect
GetWindowLongA
CreateWindowExA
LoadCursorA
LoadIconA
GetKeyboardState
GetMessageA
GetActiveWindow
RegisterClassA
AdjustWindowRect
DestroyAcceleratorTable
CreateIconFromResourceEx
CreateIconFromResource
CallWindowProcA
GetClassNameA
GetFocus
MsgWaitForMultipleObjects
EnableWindow
GetCursorPos
PtInRect
IsChild
DestroyWindow
InternetGetConnectedState
Number of PE resources by type
RT_ICON 7
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 9
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
1167872

ImageVersion
0.0

ProductName
Torchlight Trainer

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
2.5

FileTypeExtension
exe

MIMEType
application/octet-stream

FileVersion
1.0007

TimeStamp
2010:02:25 15:11:35+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
15888

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Unknown (0)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
CheatHappens

CodeSize
79360

FileSubtype
0

ProductVersionNumber
0.0.0.0

EntryPoint
0x1000

ObjectFileType
Unknown

File identification
MD5 ac20bd19fc6ecba0b29f3439c8eaf94c
SHA1 c10f6e15a47c6b0fc43096f16ed226f0c72202d0
SHA256 b4957e09a708e8cf3dd78be5b50e502a2eea5a3e229caab9800dda1338483033
ssdeep
24576:NOHPugc+d7yFO/qi/NXNfGCjSLmwsNPd3RgKiJBV1Ls2wBPUC:kuwRyFO/jNd+CjS7sNlKBJBV1Ls2wBV

authentihash 22187c488a3f7d2b75995a0bf66d6a3fd320339f4a5291e766b3ce4cf348df80
imphash c657ea2b6df10eecfade25314dfffad0
File size 1.2 MB ( 1245730 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.2%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-05-01 14:03:27 UTC ( 4 years ago )
Last submission 2016-01-14 10:02:50 UTC ( 4 months, 1 week ago )
File names b4957e09a708e8cf3dd78be5b50e502a2eea5a3e229caab9800dda1338483033.vir
tchr-efikantus.exe
file-3880299_exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
UDP communications