× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d5ef5dcaec9b47a013fb80abf9b6aa46161e6d28414f2d89c7ab7fc760180344
File name: TwitchLeecher_1.5.3_x86.exe
Detection ratio: 1 / 65
Analysis date: 2018-10-15 02:38:58 UTC ( 3 months, 1 week ago ) View latest
Antivirus Result Update
Cylance Unsafe 20181015
Ad-Aware 20181015
AegisLab 20181015
AhnLab-V3 20181014
Alibaba 20180921
ALYac 20181015
Antiy-AVL 20181015
Arcabit 20181015
Avast 20181015
Avast-Mobile 20181014
AVG 20181015
Avira (no cloud) 20181014
Babable 20180918
Baidu 20181012
BitDefender 20181015
Bkav 20181014
CAT-QuickHeal 20181013
ClamAV 20181014
CMC 20181014
Comodo 20181014
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cyren 20181015
DrWeb 20181015
eGambit 20181015
Emsisoft 20181015
Endgame 20180730
ESET-NOD32 20181014
F-Prot 20181015
F-Secure 20181015
Fortinet 20181015
GData 20181015
Ikarus 20181014
Sophos ML 20180717
Jiangmin 20181015
K7AntiVirus 20181015
K7GW 20181013
Kaspersky 20181014
Kingsoft 20181015
Malwarebytes 20181014
MAX 20181015
McAfee 20181015
McAfee-GW-Edition 20181015
Microsoft 20181015
eScan 20181015
NANO-Antivirus 20181015
Palo Alto Networks (Known Signatures) 20181015
Panda 20181014
Qihoo-360 20181015
Rising 20181012
SentinelOne (Static ML) 20181011
Sophos AV 20181015
SUPERAntiSpyware 20181015
Symantec 20181015
Symantec Mobile Insight 20181001
TACHYON 20181015
Tencent 20181015
TheHacker 20181011
TrendMicro 20181010
TrendMicro-HouseCall 20181010
Trustlook 20181015
VBA32 20181012
ViRobot 20181014
Yandex 20181012
Zillya 20181012
ZoneAlarm by Check Point 20181015
Zoner 20181014
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) Franiac. All rights reserved.

Product Twitch Leecher 1.5.3
Original name TwitchLeecher_x86.exe
Internal name setup
File version 1.5.3.0
Description Twitch Leecher 1.5.3
Packers identified
F-PROT CAB, UTF-8
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-11-18 22:00:38
Entry Point 0x0002E2A6
Number of sections 6
PE sections
Overlays
MD5 db6426a7b8cde61aad096f5e96f77651
File type data
Offset 831488
Size 19454555
Entropy 8.00
PE imports
SetSecurityDescriptorOwner
RegCreateKeyExW
RegCloseKey
RegEnumValueW
OpenServiceW
AdjustTokenPrivileges
ControlService
InitializeAcl
LookupPrivilegeValueW
RegDeleteKeyW
CryptHashData
CheckTokenMembership
DecryptFileW
RegQueryValueExW
CryptCreateHash
SetSecurityDescriptorDacl
CloseServiceHandle
ConvertStringSecurityDescriptorToSecurityDescriptorW
CreateWellKnownSid
OpenProcessToken
QueryServiceStatus
CloseEventLog
RegOpenKeyExW
OpenEventLogW
QueryServiceConfigW
GetTokenInformation
CryptReleaseContext
GetUserNameW
RegQueryInfoKeyW
SetEntriesInAclW
RegEnumKeyExW
CryptAcquireContextW
CryptDestroyHash
InitializeSecurityDescriptor
RegDeleteValueW
RegSetValueExW
CryptGetHashParam
OpenSCManagerW
ReportEventW
AllocateAndInitializeSid
InitiateSystemShutdownExW
SetEntriesInAclA
ChangeServiceConfigW
SetSecurityDescriptorGroup
SetNamedSecurityInfoW
DeleteDC
SelectObject
GetObjectW
CreateCompatibleDC
DeleteObject
StretchBlt
GetVolumePathNameW
GetStdHandle
ReleaseMutex
WaitForSingleObject
SetFileTime
GetFileAttributesW
GetLocalTime
GetProcessId
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
InitializeSListHead
SetStdHandle
WideCharToMultiByte
InterlockedExchange
GetTempPathW
GetTimeZoneInformation
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
FormatMessageW
ConnectNamedPipe
GetExitCodeProcess
InitializeCriticalSection
FindClose
TlsGetValue
SetFileAttributesW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
InterlockedDecrement
CopyFileW
GetUserDefaultLangID
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
VerSetConditionMask
HeapSetInformation
LoadLibraryExA
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
VerifyVersionInfoW
SetFilePointerEx
GetModuleHandleA
GetFullPathNameW
CreateThread
MoveFileExW
GetSystemDirectoryW
GetExitCodeThread
SetNamedPipeHandleState
SetUnhandledExceptionFilter
CreateMutexW
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetModuleHandleExW
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
GetSystemWow64DirectoryW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetComputerNameW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
TlsAlloc
VirtualProtect
FlushFileBuffers
RtlUnwind
SystemTimeToFileTime
GetWindowsDirectoryW
OpenProcess
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetSystemInfo
GetProcessHeap
GetTempFileNameW
CreateFileMappingW
CompareStringW
GetFileSizeEx
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
ResetEvent
FindFirstFileW
DuplicateHandle
FindFirstFileExW
WaitForMultipleObjects
SetEvent
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
DosDateTimeToFileTime
LCMapStringW
CreateNamedPipeW
lstrlenA
GlobalFree
GetConsoleCP
GetThreadLocale
GetEnvironmentStringsW
VirtualQuery
lstrlenW
VirtualFree
GetCurrentDirectoryW
GetCurrentProcessId
ProcessIdToSessionId
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
CopyFileExW
InterlockedCompareExchange
GetSystemDefaultLangID
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
SetThreadExecutionState
IsValidCodePage
UnmapViewOfFile
WriteFile
CreateProcessW
Sleep
SystemTimeToTzSpecificLocalTime
VirtualAlloc
CompareStringA
SysFreeString
VariantClear
VariantInit
SysAllocString
UuidCreate
SHGetFolderPathW
ShellExecuteExW
CommandLineToArgvW
GetMonitorInfoW
LoadBitmapW
GetMessageW
DefWindowProcW
PostQuitMessage
SetWindowLongW
IsWindow
PeekMessageW
TranslateMessage
PostMessageW
DispatchMessageW
GetCursorPos
RegisterClassW
UnregisterClassW
MessageBoxW
PostThreadMessageW
MonitorFromPoint
WaitForInputIdle
IsDialogMessageW
LoadCursorW
CreateWindowExW
MsgWaitForMultipleObjects
GetWindowLongW
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
CoInitializeSecurity
CLSIDFromProgID
CoTaskMemFree
StringFromGUID2
Number of PE resources by type
RT_ICON 6
RT_GROUP_ICON 1
RT_MESSAGETABLE 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 10
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
14.11

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.5.3.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Twitch Leecher 1.5.3

ImageFileCharacteristics
Executable, 32-bit, Removable run from swap, Net run from swap

CharacterSet
Windows, Latin1

InitializedDataSize
528896

EntryPoint
0x2e2a6

OriginalFileName
TwitchLeecher_x86.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) Franiac. All rights reserved.

FileVersion
1.5.3.0

TimeStamp
2017:11:18 23:00:38+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
setup

ProductVersion
1.5.3.0

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Franiac

CodeSize
301568

ProductName
Twitch Leecher 1.5.3

ProductVersionNumber
1.5.3.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 2e4c6c729fb1f44743b478e814d06db0
SHA1 85b41b5d8978f356a938facfcc090a55c7e8325c
SHA256 d5ef5dcaec9b47a013fb80abf9b6aa46161e6d28414f2d89c7ab7fc760180344
ssdeep
393216:gmmA5z8/nIJyxLwtrcuTNJ+L4Jtx6Q9Qf5r+0GgEGlPEQ:g/AIitvu4JD63RrXGgEGlMQ

authentihash 2358a9fc58419882ffef476a8704a13e9564c5e42693c7fe32a1c3de8ca74a33
imphash d7e2fd259780271687ffca462b9e69b7
File size 19.3 MB ( 20286043 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-07-24 19:21:09 UTC ( 6 months ago )
Last submission 2019-01-03 01:34:25 UTC ( 2 weeks, 5 days ago )
File names TwitchLeecher_x86.exe
setup
TwitchLeecher_1.5.3_x86.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications