× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e4b7d16bae33395becd6ac0f665055ca22ee4c44f11627677d9f45b4fcf32b63
File name: xonotic-sdl.exe
Detection ratio: 0 / 55
Analysis date: 2014-08-24 08:35:36 UTC ( 4 years, 3 months ago )
Antivirus Result Update
Ad-Aware 20140824
AegisLab 20140824
Yandex 20140823
AhnLab-V3 20140823
AntiVir 20140823
Antiy-AVL 20140824
Avast 20140824
AVG 20140824
AVware 20140824
Baidu-International 20140824
BitDefender 20140824
Bkav 20140821
ByteHero 20140824
CAT-QuickHeal 20140823
ClamAV 20140824
CMC 20140822
Commtouch 20140824
Comodo 20140824
DrWeb 20140824
Emsisoft 20140824
ESET-NOD32 20140824
F-Prot 20140823
F-Secure 20140824
Fortinet 20140824
GData 20140824
Ikarus 20140824
Jiangmin 20140823
K7AntiVirus 20140822
K7GW 20140822
Kaspersky 20140824
Kingsoft 20140824
Malwarebytes 20140824
McAfee 20140824
McAfee-GW-Edition 20140823
Microsoft 20140824
eScan 20140824
NANO-Antivirus 20140824
Norman 20140824
nProtect 20140824
Panda 20140823
Qihoo-360 20140824
Rising 20140823
Sophos AV 20140824
SUPERAntiSpyware 20140823
Symantec 20140824
Tencent 20140824
TheHacker 20140822
TotalDefense 20140823
TrendMicro 20140824
TrendMicro-HouseCall 20140824
VBA32 20140822
VIPRE 20140824
ViRobot 20140824
Zillya 20140824
Zoner 20140822
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
id Software, Forest Hale, and contributors

Publisher Forest Hale Digital Services
Product DarkPlaces
Original name darkplaces.exe
Internal name darkplaces.exe
File version 1.0
Description DarkPlaces Game Engine
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-06-05 01:08:16
Entry Point 0x00001110
Number of sections 17
PE sections
PE imports
GetFileAttributesA
FreeLibrary
QueryPerformanceCounter
ExitProcess
GlobalUnlock
LoadLibraryA
GetModuleFileNameA
GlobalSize
GetStartupInfoA
GetCommandLineA
GlobalLock
QueryPerformanceFrequency
InterlockedExchangeAdd
GetModuleHandleA
FindFirstFileA
SetUnhandledExceptionFilter
SetDllDirectoryA
FindNextFileA
GetSystemDirectoryA
GetProcAddress
GlobalMemoryStatus
FindClose
InterlockedDecrement
Sleep
SDL_JoystickGetAxis
SDL_QuitSubSystem
SDL_DestroyCond
SDL_EnableKeyRepeat
SDL_GetRelativeMouseState
SDL_JoystickNumButtons
SDL_JoystickClose
SDL_CondBroadcast
SDL_SetModuleHandle
SDL_CondSignal
SDL_LockAudio
SDL_JoystickNumBalls
SDL_JoystickNumAxes
SDL_SetVideoMode
SDL_GetMouseState
SDL_strlcat
SDL_GL_SetAttribute
SDL_strlcpy
SDL_GL_GetProcAddress
SDL_GL_LoadLibrary
SDL_PollEvent
SDL_GetVideoInfo
SDL_SetGammaRamp
SDL_Flip
SDL_UpperBlit
SDL_WarpMouse
SDL_GetAppState
SDL_InitSubSystem
SDL_getenv
SDL_SetAlpha
SDL_GetWMInfo
SDL_GetError
SDL_GetGammaRamp
SDL_UnlockAudio
SDL_ListModes
SDL_WasInit
SDL_NumJoysticks
SDL_Linked_Version
SDL_CreateThread
SDL_CondWait
SDL_Delay
SDL_OpenAudio
SDL_CreateCond
SDL_WM_SetCaption
SDL_GetTicks
SDL_mutexV
SDL_GL_SwapBuffers
SDL_mutexP
SDL_ShowCursor
SDL_JoystickGetButton
SDL_CreateMutex
SDL_CreateRGBSurface
SDL_PauseAudio
SDL_CloseAudio
SDL_JoystickName
SDL_Init
SDL_Quit
SDL_DestroyMutex
SDL_FreeSurface
SDL_JoystickOpen
SDL_WaitThread
SDL_EnableUNICODE
SDL_WM_GrabInput
CloseClipboard
SetClassLongA
LoadIconA
GetClipboardData
OpenClipboard
timeGetTime
timeBeginPeriod
htonl
ioctlsocket
WSAStartup
getsockname
htons
WSASetLastError
select
inet_addr
getservbyport
ntohs
WSAGetLastError
gethostbyaddr
WSACleanup
gethostbyname
inet_ntoa
closesocket
setsockopt
socket
bind
recvfrom
sendto
getservbyname
__p__fmode
__p__environ
fclose
strtoul
fflush
strtol
fwrite
pow
_setjmp
_close
ceil
strrchr
_write
memcpy
_putch
strstr
memmove
signal
remove
freopen
strcmp
memchr
strncmp
_kbhit
fgetc
memset
_stricmp
atexit
_setmode
strchr
asin
exit
sprintf
_unlink
_mkdir
strcspn
gmtime
free
__getmainargs
_lseeki64
cos
_vsnprintf
_read
strcpy
__mb_cur_max
acos
strftime
_iob
_sopen
rand
realloc
toupper
fopen
strncpy
_cexit
log
qsort
_dup
_onexit
memcmp
_isctype
_pctype
getenv
atoi
atof
strspn
_strnicmp
localtime
malloc
sscanf
srand
fprintf
tan
strlen
floor
sin
longjmp
tolower
atan
calloc
setbuf
_getch
wcstombs
atan2
exp
time
setvbuf
__set_app_type
Number of PE resources by type
RT_ICON 9
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 11
PE resources
ExifTool file metadata
UninitializedDataSize
23539200

InitializedDataSize
4603352

ImageVersion
1.0

ProductName
DarkPlaces

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
DarkPlaces Game Engine

CharacterSet
Windows, Latin1

LinkerVersion
2.56

OriginalFilename
darkplaces.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0

TimeStamp
2013:06:05 02:08:16+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
darkplaces.exe

FileAccessDate
2014:07:13 16:45:03+01:00

ProductVersion
1.0

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2014:07:13 16:45:03+01:00

FileOS
Unknown (0x6e0069)

LegalCopyright
id Software, Forest Hale, and contributors

MachineType
Intel 386 or later, and compatibles

CompanyName
Forest Hale Digital Services

CodeSize
2605568

FileSubtype
3014758

ProductVersionNumber
1.0.0.0

EntryPoint
0x1110

ObjectFileType
Executable application

File identification
MD5 f3ddfa571d400df7864a446542cc908f
SHA1 da16473a256db4ae6436e371518fa76239478dee
SHA256 e4b7d16bae33395becd6ac0f665055ca22ee4c44f11627677d9f45b4fcf32b63
ssdeep
98304:3yjgezpKiwztDKLbfvO//C5VWqYpUqScEvb3JjhmEkg:AgaOXCejmxhhkg

imphash 0f408cec31b359cd77361a80030144b4
File size 5.0 MB ( 5235200 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-15 15:34:15 UTC ( 4 years, 6 months ago )
Last submission 2014-08-24 08:35:36 UTC ( 4 years, 3 months ago )
File names darkplaces.exe
xonotic-sdl.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!