× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e336b74dfb7ca0a8516b7c52394bed881c670958b606e036632dbebcafd8ef60
File name: Engine
Detection ratio: 22 / 55
Analysis date: 2016-08-01 22:02:12 UTC ( 2 years, 3 months ago )
Antivirus Result Update
AegisLab AdWare.W32.Agent.zab!c 20160801
Antiy-AVL Spyware[AdWare:not-a-virus]/Win32.Agent 20160801
AVware Adware.Agent 20160801
Bkav W32.HfsAdware.672A 20160801
Comodo UnclassifiedMalware 20160801
DrWeb Tool.InstallToolbar.204 20160801
ESET-NOD32 Win32/TicnoTab.AA potentially unwanted 20160801
Fortinet Adware/Agent 20160801
Ikarus not-a-virus:AdWare.Win32.Agent 20160801
Kaspersky not-a-virus:AdWare.Win32.Agent.zab 20160801
McAfee Artemis!C87464ED791C 20160801
McAfee-GW-Edition BehavesLike.Win32.PUP.dh 20160801
NANO-Antivirus Riskware.Win32.Agent.ctulmj 20160801
Sophos AV Generic PUA DL (PUA) 20160801
Symantec Trojan.Gen.2 20160801
Tencent Win32.Trojan.Falsesign.Szbg 20160801
TrendMicro TROJ_GEN.R047C0OCI16 20160801
VBA32 AdWare.Agent 20160801
VIPRE Adware.Agent 20160801
ViRobot Adware.Agent.965712[h] 20160801
Yandex PUA.Agent! 20160731
Zillya Adware.Agent.Win32.9216 20160731
Ad-Aware 20160801
AhnLab-V3 20160801
Alibaba 20160801
ALYac 20160801
Arcabit 20160801
Avast 20160801
AVG 20160801
Avira (no cloud) 20160801
Baidu 20160801
BitDefender 20160801
CAT-QuickHeal 20160801
ClamAV 20160801
CMC 20160801
Cyren 20160801
Emsisoft 20160801
F-Prot 20160801
F-Secure 20160801
GData 20160801
Jiangmin 20160801
K7AntiVirus 20160801
K7GW 20160801
Kingsoft 20160801
Malwarebytes 20160801
Microsoft 20160801
eScan 20160801
nProtect 20160729
Panda 20160801
Qihoo-360 20160801
SUPERAntiSpyware 20160801
TheHacker 20160729
TotalDefense 20160801
TrendMicro-HouseCall 20160801
Zoner 20160801
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2011

Product Engine Application
Original name Engine.exe
Internal name Engine
File version 2, 0, 7, 16191
Description Engine Application
Signature verification Certificate out of its validity period
Signers
[+] Media Labs Ltd.
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer COMODO Code Signing CA 2
Valid from 1:00 AM 6/13/2012
Valid to 12:59 AM 6/14/2013
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint AE3E1E66A097D405041E14011B4FD7F7BF90BC13
Serial number 79 A1 68 B4 61 27 5E FD FE 54 CF D7 B1 7B 0B AF
[+] COMODO Code Signing CA 2
Status Valid
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 8/24/2011
Valid to 11:48 AM 5/30/2020
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint B64771392538D1EB7A9281998791C14AFD0C5035
Serial number 10 70 9D 4F F5 54 08 D7 30 60 01 D8 EA 91 75 BB
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbprint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-06-19 12:28:08
Entry Point 0x00074EDA
Number of sections 4
PE sections
Overlays
MD5 e79df2ad1a217da298456d5db5397078
File type data
Offset 963584
Size 2128
Entropy 7.23
PE imports
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExA
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyW
RegOpenKeyW
RegOpenKeyExA
RegQueryValueExW
CreateFontA
CreateRectRgn
DeleteDC
SelectObject
OffsetRgn
GetRgnBox
CreateSolidBrush
CombineRgn
SetBkColor
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetTextColor
GetStdHandle
GetConsoleOutputCP
GetFileAttributesA
SetEvent
GetFileAttributesW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
ExitProcess
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
WaitForSingleObject
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
GetEnvironmentVariableA
OutputDebugStringW
GetStringTypeExW
FindClose
InterlockedDecrement
FormatMessageA
OutputDebugStringA
SetLastError
GetSystemTime
InitializeCriticalSection
CopyFileW
GetModuleFileNameW
Beep
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
EnumSystemLocalesA
SetThreadPriority
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetPrivateProfileStringW
GetModuleHandleA
CreateThread
SetNamedPipeHandleState
SetUnhandledExceptionFilter
TerminateProcess
CreateSemaphoreW
WriteConsoleA
SetEndOfFile
GetVersion
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
WaitNamedPipeW
FindFirstFileA
ResetEvent
FindFirstFileW
IsValidLocale
WaitForMultipleObjects
GetProcAddress
CreateFileW
GetFileType
TlsSetValue
CreateFileA
GetCurrentThreadId
InterlockedIncrement
GetLastError
LCMapStringW
GetShortPathNameW
GetConsoleCP
LCMapStringA
FindNextFileW
GetEnvironmentStringsW
lstrlenW
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
TransactNamedPipe
InterlockedCompareExchange
WritePrivateProfileStringW
lstrcpynW
RaiseException
ReleaseSemaphore
TlsFree
SetFilePointer
ReadFile
RtlCaptureContext
CloseHandle
lstrcpynA
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
SHGetFolderPathW
SHFileOperationW
ShellExecuteW
SHGetFolderPathA
SHGetSpecialFolderPathW
ShellExecuteA
SetFocus
EndDeferWindowPos
SetWindowRgn
GetWindowRgn
EndDialog
PostQuitMessage
EnumWindows
DefWindowProcW
FindWindowW
keybd_event
KillTimer
TrackMouseEvent
GetMessageW
ShowWindow
SetWindowPos
GetParent
GetSystemMetrics
SetWindowLongW
MessageBoxW
PeekMessageW
GetWindowRect
EndPaint
UnhookWindowsHookEx
UpdateWindow
SetCapture
ReleaseCapture
DialogBoxParamW
WindowFromPoint
CharLowerW
TranslateMessage
CreateWindowExW
VkKeyScanW
CallNextHookEx
SetActiveWindow
DispatchMessageW
GetKeyState
GetCursorPos
ReleaseDC
UpdateLayeredWindow
BeginPaint
SendInput
RegisterClassExW
SendMessageW
GetWindowLongW
BeginDeferWindowPos
IsWindowVisible
UnregisterClassW
SetWindowTextW
CreateWindowExA
GetDlgItem
GetWindowPlacement
ScreenToClient
SetKeyboardState
InvalidateRect
SetTimer
CallWindowProcW
GetClassNameW
GetKeyboardState
LoadStringW
DialogBoxIndirectParamW
GetWindowTextW
DeferWindowPos
SetWindowsHookExW
LoadCursorW
LoadIconW
MapVirtualKeyW
GetDC
LoadAcceleratorsW
wsprintfW
SetForegroundWindow
DestroyWindow
TranslateAcceleratorW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
HttpQueryInfoW
InternetQueryDataAvailable
InternetConnectW
InternetReadFile
InternetCrackUrlW
InternetSetOptionW
HttpSendRequestW
InternetCloseHandle
InternetOpenW
HttpOpenRequestW
HttpAddRequestHeadersW
GdipDrawImageRectRect
GdipCreateBitmapFromFile
GdipGetGenericFontFamilySansSerif
GdipDrawImageRectI
GdipGetImageHeight
GdipCreateSolidFill
GdipDeleteFontFamily
GdipImageGetFrameDimensionsCount
GdipDisposeImage
GdipImageSelectActiveFrame
GdiplusStartup
GdipDeleteGraphics
GdipDeleteFont
GdipCreateFromHDC
GdipSetInterpolationMode
GdipSetStringFormatAlign
GdipImageGetFrameCount
GdipGetImageWidth
GdipGetPropertyItem
GdipAlloc
GdipCreateBitmapFromFileICM
GdipGetPropertyItemSize
GdipStringFormatGetGenericTypographic
GdipCreateFont
GdipCloneBrush
GdipCloneStringFormat
GdipFree
GdipDrawString
GdipCreateFontFamilyFromName
GdipDeleteBrush
GdipDeleteStringFormat
GdipCloneImage
GdipImageGetFrameDimensionsList
GdipSetStringFormatLineAlign
GdipSetTextRenderingHint
CoInitializeEx
CoInitialize
sqlite3_column_text16
sqlite3_finalize
sqlite3_bind_int
sqlite3_prepare16_v2
sqlite3_close
sqlite3_column_int
sqlite3_open
sqlite3_step
sqlite3_bind_parameter_index
PE exports
Number of PE resources by type
RT_ICON 14
RT_GROUP_ICON 2
RT_DIALOG 1
RT_MANIFEST 1
RT_STRING 1
RT_MENU 1
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 21
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.0.7.16191

UninitializedDataSize
0

LanguageCode
Russian

FileFlagsMask
0x0017

CharacterSet
Unicode

InitializedDataSize
222720

EntryPoint
0x74eda

OriginalFileName
Engine.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2011

FileVersion
2, 0, 7, 16191

TimeStamp
2012:06:19 13:28:08+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Engine

ProductVersion
2, 0, 7, 16191

FileDescription
Engine Application

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
739840

ProductName
Engine Application

ProductVersionNumber
2.0.7.16191

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 c87464ed791c434b2f2d4369af458207
SHA1 3b1c8c7eb4593953c49d1df0d0469d11b009b70c
SHA256 e336b74dfb7ca0a8516b7c52394bed881c670958b606e036632dbebcafd8ef60
ssdeep
12288:s1qIpkSKCv2L8ZoLBLEhzBiJH0zdP4PZsVJ63kzVUELU8fxzDxkPXzyoZthQh2hx:1JMODik5aUoxS/zyoOqZX

authentihash d9f448c063f009d5d5307029fe1c65ec886259f5c3ed41203cfe481c1e70ef36
imphash 9eae3fab1c4220c5d77a2712e81edf56
File size 943.1 KB ( 965712 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2012-06-19 23:14:20 UTC ( 6 years, 4 months ago )
Last submission 2016-03-18 03:04:35 UTC ( 2 years, 8 months ago )
File names Engine
ticno tabs.exe
Ticno Tabs.exe
1A6E2B4350BB13A2BC4B0E69476CF900BCD8390F.exe
Engine.exe
file-4241811_exe
Ticno Tabs.exe
ticno tabs.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R047C0OCI16.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!