× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ec359dbed366c30554706a2bc35d7b03ccd0fb93abff16b922b815facd4392c8
File name: 470c380528ba51827bf0ab04633480f2
Detection ratio: 29 / 57
Analysis date: 2015-09-03 18:09:39 UTC ( 3 years, 6 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.55904 20150903
Yandex Trojan.PWS.Tepfer!nA/SrjHItFU 20150901
ALYac Gen:Variant.Symmi.55904 20150903
Antiy-AVL Trojan[PSW]/Win32.Tepfer 20150903
Arcabit Trojan.Symmi.DDA60 20150903
Avast Win32:Malware-gen 20150903
AVG Zbot.AGHX 20150903
Avira (no cloud) TR/Crypt.ZPACK.14663 20150903
AVware Trojan.Win32.Generic!BT 20150901
BitDefender Gen:Variant.Symmi.55904 20150903
Bkav HW32.Packed.6203 20150903
DrWeb Trojan.PWS.Siggen1.40988 20150903
Emsisoft Gen:Variant.Symmi.55904 (B) 20150903
ESET-NOD32 Win32/Spy.Zbot.ABW 20150903
F-Secure Gen:Variant.Symmi.55904 20150903
Fortinet W32/Zbot.ABW!tr.spy 20150903
GData Gen:Variant.Symmi.55904 20150903
K7GW Spyware ( 004cd59d1 ) 20150903
Kaspersky Trojan-PSW.Win32.Tepfer.pswwif 20150903
McAfee Artemis!470C380528BA 20150903
McAfee-GW-Edition Artemis 20150903
Microsoft Trojan:Win32/Skeeyah.A!bit 20150903
eScan Gen:Variant.Symmi.55904 20150903
NANO-Antivirus Trojan.Win32.Tepfer.dvuovr 20150903
Panda Generic Suspicious 20150903
Sophos AV Mal/Generic-S 20150903
Symantec Trojan.Gen.2 20150902
TrendMicro TROJ_GEN.R00JC0EI115 20150903
VIPRE Trojan.Win32.Generic!BT 20150903
AegisLab 20150903
AhnLab-V3 20150903
Alibaba 20150902
Baidu-International 20150903
ByteHero 20150903
CAT-QuickHeal 20150903
ClamAV 20150903
CMC 20150902
Comodo 20150903
Cyren 20150903
F-Prot 20150903
Ikarus 20150903
Jiangmin 20150902
K7AntiVirus 20150903
Kingsoft 20150903
Malwarebytes 20150903
nProtect 20150903
Qihoo-360 20150903
Rising 20150902
SUPERAntiSpyware 20150903
Tencent 20150903
TheHacker 20150903
TotalDefense 20150903
TrendMicro-HouseCall 20150903
VBA32 20150903
ViRobot 20150903
Zillya 20150903
Zoner 20150903
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-03-13 21:18:31
Entry Point 0x000598C0
Number of sections 4
PE sections
PE imports
RegReplaceKeyA
GetStartupInfoA
GetModuleHandleA
LoadLibraryExW
_except_handler3
__p__fmode
_acmdln
_exit
__p__commode
_controlfp
exit
_XcptFilter
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__set_app_type
PathIsDirectoryA
PathIsRootA
PathIsRelativeW
PathMakePrettyW
SHRegGetBoolUSValueW
StrCSpnA
SHDeleteValueA
PathMakePrettyA
StrCSpnW
SHRegGetBoolUSValueA
SHEnumKeyExA
StrToIntA
SHRegGetUSValueW
StrIsIntlEqualW
PathSetDlgItemPathW
SHEnumKeyExW
SHRegOpenUSKeyW
PathFindFileNameW
PathQuoteSpacesA
PathRemoveBlanksA
PathQuoteSpacesW
SHRegOpenUSKeyA
SHDeleteEmptyKeyA
PathRemoveArgsA
PathIsContentTypeW
PathFindExtensionA
StrPBrkA
PathIsUNCA
SHRegEnumUSKeyW
PathIsUNCW
PathFindExtensionW
PathRemoveArgsW
SHRegDeleteUSValueA
SHGetValueW
StrCSpnIW
StrToIntExW
SHRegGetUSValueA
SHEnumValueW
PathRelativePathToA
PathAddBackslashW
StrToIntExA
PathBuildRootW
PathRelativePathToW
SHDeleteKeyW
PathIsUNCServerShareA
PathIsFileSpecW
PathIsUNCServerW
PathIsFileSpecA
PathIsUNCServerShareW
SHRegEnumUSValueW
PathRemoveFileSpecA
StrCmpW
PathAddExtensionA
PathGetArgsA
PathAddExtensionW
PathIsPrefixA
StrSpnW
SHSetValueW
PathGetDriveNumberA
PathCombineA
PathCompactPathA
PathStripToRootW
PathMakeSystemFolderW
PathCombineW
PathStripPathW
SHRegSetUSValueA
SHRegDeleteEmptyUSKeyA
SHRegSetUSValueW
PathCommonPrefixA
SHRegQueryUSValueW
PathStripPathA
SHRegCloseUSKey
PathUnquoteSpacesW
PathIsURLA
SHRegWriteUSValueA
PathUnquoteSpacesA
PathIsURLW
PathMatchSpecA
SHSetValueA
SHRegWriteUSValueW
StrFormatByteSizeA
StrNCatW
StrNCatA
StrFormatByteSizeW
StrTrimW
PathFindOnPathW
PathFindOnPathA
SHOpenRegStreamA
StrTrimA
SHRegCreateUSKeyW
PathRenameExtensionW
ChrCmpIW
SHRegCreateUSKeyA
PathRenameExtensionA
StrFromTimeIntervalW
ChrCmpIA
PathIsRootW
SHQueryValueExW
PathSkipRootW
InternetSetCookieA
HttpOpenRequestA
InternetCrackUrlW
InternetUnlockRequestFile
CreateUrlCacheEntryA
InternetOpenA
FtpFindFirstFileW
InternetErrorDlg
RetrieveUrlCacheEntryFileW
InternetQueryDataAvailable
InternetOpenUrlW
HttpEndRequestA
HttpOpenRequestW
InternetSetOptionExW
GetUrlCacheEntryInfoA
InternetGetCookieW
UnlockUrlCacheEntryFile
FtpRenameFileA
InternetGetLastResponseInfoA
FtpDeleteFileW
InternetReadFileExW
GopherOpenFileW
GetUrlCacheEntryInfoW
RetrieveUrlCacheEntryStreamW
InternetDial
InternetGetLastResponseInfoW
FtpRenameFileW
HttpQueryInfoW
GopherCreateLocatorW
InternetFindNextFileW
InternetLockRequestFile
InternetTimeToSystemTime
FtpGetFileW
CommitUrlCacheEntryW
GopherGetLocatorTypeW
CommitUrlCacheEntryA
FindCloseUrlCache
FtpCreateDirectoryW
FtpGetCurrentDirectoryA
FtpPutFileA
FindFirstUrlCacheEntryA
FtpOpenFileA
FtpGetCurrentDirectoryW
InternetSetOptionW
HttpSendRequestW
RetrieveUrlCacheEntryStreamA
Number of PE resources by type
RT_ICON 4
RT_GROUP_ICON 4
RT_VERSION 1
Number of PE resources by language
GALICIAN DEFAULT 4
MACEDONIAN DEFAULT 3
ENGLISH JAMAICA 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
2560000

ImageVersion
0.0

ProductName
Land Playtime

FileVersionNumber
0.81.22.86

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Iterations

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
Pickling.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
0.127.179.7

TimeStamp
2006:03:13 22:18:31+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Pianistic

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2069

MachineType
Intel 386 or later, and compatibles

CompanyName
Elphin Ltd

CodeSize
364544

FileSubtype
0

ProductVersionNumber
0.230.114.240

EntryPoint
0x598c0

ObjectFileType
Executable application

File identification
MD5 470c380528ba51827bf0ab04633480f2
SHA1 b5cd9e48a3b5e5371ddcbbaa29c0b5c21502a0ec
SHA256 ec359dbed366c30554706a2bc35d7b03ccd0fb93abff16b922b815facd4392c8
ssdeep
6144:TwFDZtas0khNv5A+8051Zeh6TXEbb5wegu5i5g3:TwBZtas0YFOOrjXEbtwegxA

authentihash 8a037e6727898ca91a0c43e7b3b4cde7415ae545fec1be62aaad37047c3d4d72
imphash 339fe9ea2e2921c7e601ed80ab1058bd
File size 388.0 KB ( 397312 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-09-03 18:09:39 UTC ( 3 years, 6 months ago )
Last submission 2015-09-03 18:09:39 UTC ( 3 years, 6 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Opened service managers
Runtime DLLs