× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f1265663021b2fc8e2574b2fdd15f9d913ee8173729e996abda41ddc547b71b0
File name: 46052
Detection ratio: 1 / 57
Analysis date: 2016-04-02 18:39:03 UTC ( 2 years, 11 months ago ) View latest
Antivirus Result Update
Kingsoft Win32.Malware.Heur_Generic.A.(kcloud) 20160402
Ad-Aware 20160402
AegisLab 20160402
AhnLab-V3 20160402
Alibaba 20160401
ALYac 20160402
Antiy-AVL 20160402
Arcabit 20160402
Avast 20160402
AVG 20160402
Avira (no cloud) 20160402
AVware 20160402
Baidu 20160402
Baidu-International 20160402
BitDefender 20160402
Bkav 20160402
CAT-QuickHeal 20160401
ClamAV 20160402
CMC 20160401
Comodo 20160402
Cyren 20160402
DrWeb 20160402
Emsisoft 20160402
ESET-NOD32 20160402
F-Prot 20160402
F-Secure 20160402
Fortinet 20160402
GData 20160402
Ikarus 20160402
Jiangmin 20160402
K7AntiVirus 20160402
K7GW 20160402
Kaspersky 20160402
Malwarebytes 20160402
McAfee 20160402
McAfee-GW-Edition 20160402
Microsoft 20160402
eScan 20160402
NANO-Antivirus 20160402
nProtect 20160401
Panda 20160402
Qihoo-360 20160402
Rising 20160402
Sophos AV 20160402
SUPERAntiSpyware 20160402
Symantec 20160331
Tencent 20160402
TheHacker 20160330
TotalDefense 20160402
TrendMicro 20160402
TrendMicro-HouseCall 20160402
VBA32 20160401
VIPRE 20160402
ViRobot 20160402
Yandex 20160316
Zillya 20160402
Zoner 20160402
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Ihsan

Product nTanglev2.4
Original name all-setup.exe
Internal name all-setup
File version 2.04
Description nTanglev2.4
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-12-13 16:21:14
Entry Point 0x0000135C
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
DllFunctionCall
EVENT_SINK_Release
__vbaGenerateBoundsError
__vbaVarDup
_CIsin
Ord(616)
_adj_fdivr_m64
_adj_fprem
__vbaVarCmpEq
Ord(709)
Ord(619)
_adj_fpatan
_adj_fdiv_m32i
EVENT_SINK_AddRef
__vbaVarForInit
EVENT_SINK_QueryInterface
__vbaStrCopy
Ord(647)
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
Ord(632)
__vbaStrCmp
__vbaFPException
__vbaAryVar
__vbaStrVarMove
_adj_fdivr_m16i
Ord(578)
__vbaUbound
__vbaVarAdd
__vbaExitProc
Ord(571)
__vbaFreeObj
__vbaVarOr
__vbaFreeVar
__vbaBoolVarNull
Ord(100)
__vbaVarTstGe
_adj_fdiv_r
_CItan
__vbaI4Var
__vbaFileOpen
_adj_fdiv_m64
__vbaUI1I4
__vbaVarForNext
__vbaHresultCheckObj
_CIsqrt
__vbaVarSub
Ord(711)
Ord(660)
__vbaVarTstGt
_allmul
__vbaStrVarVal
_CIcos
Ord(595)
__vbaVarTstEq
_adj_fptan
Ord(645)
Ord(581)
__vbaObjSet
__vbaLineInputStr
__vbaVarMove
_CIlog
_CIatan
__vbaAryCopy
Ord(617)
__vbaErrorOverflow
__vbaOnError
_adj_fdivr_m32i
__vbaFileCloseAll
_CIexp
__vbaStrMove
__vbaStrToAnsi
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
__vbaFreeStrList
__vbaI2I4
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
2.4

FileSubtype
0

FileVersionNumber
2.4.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
nTanglev2.4

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
8192

EntryPoint
0x135c

OriginalFileName
all-setup.exe

MIMEType
application/octet-stream

LegalCopyright
Ihsan

FileVersion
2.04

TimeStamp
2008:12:13 17:21:14+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
all-setup

ProductVersion
2.04

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Ihsan

CodeSize
12288

ProductName
nTanglev2.4

ProductVersionNumber
2.4.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 2c251d717a211486bdd847c5860f9bf3
SHA1 c6f3c635a09f90743155751941c1533125bd8af6
SHA256 f1265663021b2fc8e2574b2fdd15f9d913ee8173729e996abda41ddc547b71b0
ssdeep
192:8XcxMHP2c4ycA/3q9yVgp+SLhDpB4hj1EZ:GcxMvWA/NyDpB4hpEZ

authentihash aa766f3c6516addfb46ac91f9d109e3d55211bc4cb6520ac4b80098969f0138d
imphash 21aab6c89d037669ad63d4ec25f3081a
File size 24.0 KB ( 24576 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (82.7%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
OS/2 Executable (generic) (2.0%)
Generic Win/DOS Executable (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2009-09-03 01:57:49 UTC ( 9 years, 6 months ago )
Last submission 2018-06-16 02:24:59 UTC ( 9 months, 1 week ago )
File names mindgames-all-3.0-setup.exe
2c251d717a211486bdd847c5860f9bf3.c6f3c635a09f90743155751941c1533125bd8af6
46052
12149901
output.12149901.txt
1354704422-mindgames-all-3.0-setup.exe
f1265663021b2fc8e2574b2fdd15f9d913ee8173729e996abda41ddc547b71b0
allsetup.exe
all-setup
2c251d717a211486bdd847c5860f9bf3
32L8ew.docx
mindgames-all-3.0-setup.exe
all-setup.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!