× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dab65feef224689b013450fbc37515fcf456bd9ccf0631632db3bee60ce1c1f8
File name: ups_webtracking_1S63A0003659818362_0003947_de_2015_02_tracknum_09...
Detection ratio: 4 / 57
Analysis date: 2015-02-27 15:29:03 UTC ( 3 years, 7 months ago ) View latest
Antivirus Result Update
Kaspersky UDS:DangerousObject.Multi.Generic 20150227
McAfee Generic-FAVY!1558FB47EB72 20150227
McAfee-GW-Edition Artemis 20150227
Norman Heuristic_Anomaly.A 20150227
Ad-Aware 20150227
AegisLab 20150227
Yandex 20150226
AhnLab-V3 20150227
Alibaba 20150225
ALYac 20150227
Antiy-AVL 20150227
Avast 20150227
AVG 20150227
Avira (no cloud) 20150227
AVware 20150226
Baidu-International 20150227
BitDefender 20150227
Bkav 20150227
ByteHero 20150227
CAT-QuickHeal 20150227
ClamAV 20150227
CMC 20150227
Comodo 20150227
Cyren 20150227
DrWeb 20150227
Emsisoft 20150227
ESET-NOD32 20150227
F-Prot 20150227
F-Secure 20150227
Fortinet 20150227
GData 20150227
Ikarus 20150227
Jiangmin 20150226
K7AntiVirus 20150227
K7GW 20150227
Kingsoft 20150227
Malwarebytes 20150227
Microsoft 20150227
eScan 20150227
NANO-Antivirus 20150227
nProtect 20150227
Panda 20150227
Qihoo-360 20150227
Rising 20150227
Sophos AV 20150227
SUPERAntiSpyware 20150227
Symantec 20150227
Tencent 20150227
TheHacker 20150225
TotalDefense 20150227
TrendMicro 20150227
TrendMicro-HouseCall 20150227
VBA32 20150227
VIPRE 20150227
ViRobot 20150227
Zillya 20150226
Zoner 20150227
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 1996-2003

Product Half-Life Launcher
Original name hl.exe
Internal name Half-Life Launcher
File version 1, 1, 1, 1
Description Half-Life Launcher
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-02-27 14:13:00
Entry Point 0x00002BF9
Number of sections 4
PE sections
Overlays
MD5 21ab817c2bfd96646806559f62c715bd
File type data
Offset 221184
Size 61
Entropy 4.53
PE imports
CreateSolidBrush
CreatePen
Ellipse
Pie
HeapSize
CreateThread
MapViewOfFile
GetStringTypeA
GetModuleFileNameW
CreateFileW
GetDateFormatW
ExitProcess
CompareStringA
FindNextFileA
VirtualAlloc
GetModuleHandleW
GetStartupInfoW
Ord(3820)
Ord(2406)
Ord(6113)
Ord(4621)
Ord(6332)
Ord(1634)
Ord(354)
Ord(2980)
Ord(6371)
Ord(1971)
Ord(2438)
Ord(4868)
Ord(5237)
Ord(665)
Ord(4073)
Ord(6048)
Ord(5996)
Ord(5278)
Ord(5257)
Ord(3733)
Ord(5736)
Ord(5236)
Ord(4523)
Ord(5727)
Ord(3744)
Ord(4616)
Ord(3167)
Ord(5298)
Ord(2873)
Ord(3917)
Ord(4717)
Ord(4852)
Ord(1569)
Ord(4539)
Ord(6370)
Ord(554)
Ord(815)
Ord(4525)
Ord(3257)
Ord(2717)
Ord(641)
Ord(3345)
Ord(3449)
Ord(2388)
Ord(5256)
Ord(338)
Ord(4343)
Ord(2502)
Ord(3076)
Ord(4414)
Ord(4233)
Ord(1739)
Ord(4430)
Ord(3142)
Ord(3060)
Ord(3193)
Ord(5285)
Ord(4617)
Ord(5233)
Ord(1165)
Ord(2486)
Ord(617)
Ord(366)
Ord(4154)
Ord(4604)
Ord(5710)
Ord(5276)
Ord(4146)
Ord(4401)
Ord(2874)
Ord(4606)
Ord(4480)
Ord(4335)
Ord(4692)
Ord(2619)
Ord(1767)
Ord(2371)
Ord(3568)
Ord(3313)
Ord(4229)
Ord(823)
Ord(2047)
Ord(4537)
Ord(4958)
Ord(813)
Ord(2504)
Ord(5006)
Ord(4607)
Ord(5157)
Ord(4298)
Ord(6051)
Ord(5261)
Ord(3074)
Ord(2613)
Ord(3592)
Ord(4609)
Ord(4884)
Ord(4459)
Ord(4458)
Ord(4381)
Ord(3688)
Ord(2977)
Ord(2116)
Ord(4418)
Ord(5784)
Ord(2641)
Ord(1834)
Ord(4268)
Ord(3053)
Ord(796)
Ord(674)
Ord(2382)
Ord(4831)
Ord(5070)
Ord(2618)
Ord(1089)
Ord(4158)
Ord(5573)
Ord(975)
Ord(6076)
Ord(2715)
Ord(4426)
Ord(3398)
Ord(5783)
Ord(4992)
Ord(5297)
Ord(4608)
Ord(4461)
Ord(520)
Ord(4817)
Ord(3743)
Ord(986)
Ord(2377)
Ord(4893)
Ord(3825)
Ord(4419)
Ord(4074)
Ord(1719)
Ord(2640)
Ord(2109)
Ord(5180)
Ord(4421)
Ord(4269)
Ord(807)
Ord(4520)
Ord(3254)
Ord(2506)
Ord(4947)
Ord(3341)
Ord(4237)
Ord(4451)
Ord(5273)
Ord(2971)
Ord(2534)
Ord(1817)
Ord(4347)
Ord(5248)
Ord(1658)
Ord(324)
Ord(560)
Ord(2391)
Ord(1937)
Ord(2527)
Ord(1768)
Ord(4704)
Ord(3793)
Ord(4955)
Ord(3826)
Ord(5193)
Ord(4847)
Ord(5468)
Ord(1720)
Ord(4075)
Ord(652)
Ord(5094)
Ord(4420)
Ord(5097)
Ord(1131)
Ord(2546)
Ord(4435)
Ord(5303)
Ord(4518)
Ord(6171)
Ord(5208)
Ord(4583)
Ord(6617)
Ord(561)
Ord(3054)
Ord(3658)
Ord(5296)
Ord(6372)
Ord(3131)
Ord(825)
Ord(5059)
Ord(6211)
Ord(4072)
Ord(4103)
Ord(529)
Ord(4370)
Ord(296)
Ord(5649)
Ord(5239)
Ord(5286)
Ord(4690)
Ord(3621)
_except_handler3
__p__fmode
cos
_XcptFilter
__CxxFrameHandler
__wgetmainargs
_ftol
__p__commode
__setusermatherr
__dllonexit
_onexit
exit
_exit
_initterm
_controlfp
_wcmdln
sin
_adjust_fdiv
__set_app_type
SetTimer
UpdateWindow
EnableWindow
DefDlgProcA
BeginPaint
MessageBoxA
SetCaretPos
GetClientRect
CloseClipboard
InvalidateRect
Number of PE resources by type
RT_STRING 13
RT_DIALOG 1
RT_ICON 1
Struct(241) 1
GIF 1
RT_MENU 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
FRENCH SWISS 13
CHINESE SIMPLIFIED 5
NEUTRAL 3
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
7.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.1.1.1

UninitializedDataSize
144

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
208896

EntryPoint
0x2bf9

OriginalFileName
hl.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 1996-2003

FileVersion
1, 1, 1, 1

TimeStamp
2015:02:27 15:13:00+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Half-Life Launcher

ProductVersion
1, 1, 1, 1

FileDescription
Half-Life Launcher

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Valve

CodeSize
8192

ProductName
Half-Life Launcher

ProductVersionNumber
1.1.1.1

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 1558fb47eb72819d9ac0258f914970a1
SHA1 d5a3577adc092fa278659c6aa463eae6814e5c87
SHA256 dab65feef224689b013450fbc37515fcf456bd9ccf0631632db3bee60ce1c1f8
ssdeep
3072:NaGqe1IE+JhddHyNi97U46vGlS8yZaVtIe6Vg8bZuo0EoFlxjH+5VHmdq5/dPl4l:sGSDjHtlUTvGE8ywVtIe628g04SFzP0/

authentihash 5329b6169e58056d154edbcc35beda4d10874d87d12c739bf323516ccfdfb9f7
imphash fe56a000b924846dbe15c8b6b0a6cda9
File size 216.1 KB ( 221245 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-02-27 14:32:56 UTC ( 3 years, 7 months ago )
Last submission 2017-05-10 07:39:21 UTC ( 1 year, 4 months ago )
File names hl.exe
994576.malware
ups_webtracking_1S63A0003659818362_0003947_de_2015_02_tracknum_09234728.exe_
dhl_paket_003404019826251348371_02_2015_039_0_3_3760034_92854_00_23_29.exe
Telekom_Rechnung_2015_02_de_04349_AIEO_POP_MAIL_W5_50000949_948309_30003093NMH.exe
dhl_paket_de_003407293054131348371_02_2015_HD_38300_J_3P_KDK_00004838_MAIL.exe
Half-Life Launcher
msdb5b77d39.exe
ups_webtracking_1S63A0003659818362_0003947_de_2015_02_tracknum_09234728.exe
Telekom_Rechnung_2015_02_de_04349_AIEO_POP_MAIL_W5_50000949_948309_30003093NMH
994576.malware
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.