× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f4ca21668dd576f0542f1bbe13321f66614cb15cd13e1d18cb9b59eff9afc9ed
File name: Mahjong_Forests_installer.exe
Detection ratio: 0 / 55
Analysis date: 2016-02-10 08:39:05 UTC ( 3 years ago ) View latest
Antivirus Result Update
Ad-Aware 20160210
AegisLab 20160210
Yandex 20160209
AhnLab-V3 20160209
Alibaba 20160204
ALYac 20160209
Antiy-AVL 20160210
Arcabit 20160210
Avast 20160210
AVG 20160210
Avira (no cloud) 20160210
Baidu-International 20160209
BitDefender 20160210
Bkav 20160204
ByteHero 20160210
CAT-QuickHeal 20160210
ClamAV 20160210
CMC 20160205
Comodo 20160210
Cyren 20160210
DrWeb 20160210
Emsisoft 20160210
ESET-NOD32 20160210
F-Prot 20160210
F-Secure 20160210
Fortinet 20160210
GData 20160210
Ikarus 20160210
Jiangmin 20160210
K7AntiVirus 20160210
K7GW 20160210
Kaspersky 20160210
Malwarebytes 20160210
McAfee 20160210
McAfee-GW-Edition 20160210
Microsoft 20160210
eScan 20160210
NANO-Antivirus 20160210
nProtect 20160205
Panda 20160208
Qihoo-360 20160210
Rising 20160210
Sophos AV 20160210
SUPERAntiSpyware 20160210
Symantec 20160209
Tencent 20160210
TheHacker 20160210
TotalDefense 20160210
TrendMicro 20160210
TrendMicro-HouseCall 20160210
VBA32 20160209
VIPRE 20160210
ViRobot 20160210
Zillya 20160209
Zoner 20160210
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-02-01 01:58:51
Entry Point 0x00003F3C
Number of sections 4
PE sections
Overlays
MD5 e5babc59df4aa23bfe6ad4bf2ae7b7de
File type data
Offset 122880
Size 26432340
Entropy 8.00
PE imports
GetLastError
LoadLibraryA
LoadLibraryW
GetVersionExA
GetFileAttributesW
GetModuleFileNameA
GetStartupInfoA
SizeofResource
LockResource
CreateDirectoryA
CreateDirectoryW
GetProcAddress
GetTempPathA
GetModuleFileNameW
GetModuleHandleA
WriteFile
CloseHandle
LoadResource
GetTempPathW
CreateFileW
SetFileAttributesW
CreateFileA
FindResourceA
_except_handler3
_acmdln
_controlfp
__p__fmode
??2@YAPAXI@Z
_ftol
_adjust_fdiv
__setusermatherr
??3@YAXPAX@Z
free
wcslen
wcscat
exit
sprintf
__getmainargs
calloc
_exit
__set_app_type
__p__commode
_initterm
_XcptFilter
wsprintfW
OleUninitialize
OleInitialize
Number of PE resources by type
RT_ICON 9
BINARY 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 11
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2008:02:01 02:58:51+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16384

LinkerVersion
7.1

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x3f3c

InitializedDataSize
81920

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
File identification
MD5 7d60bda9d2dab99e5413ab0a5758b08f
SHA1 4a0ca76aa5aafcfb1b33aec7a7c75e3e4ae74dac
SHA256 f4ca21668dd576f0542f1bbe13321f66614cb15cd13e1d18cb9b59eff9afc9ed
ssdeep
393216:Ki5r85tmr8S0Fod2yFH3wsC1rLQSoYkKdnP7ou59RT7uLZq3Sx94s48gTn7N7Q:Kiq5tK8S8Q2uH3wsC9oYkKdnTdR0OzW

authentihash 6943d98a42271e37fd4884bd9f439e6225d92e0030927e5362378706821a68ac
imphash 746c04dc90a219439dde8ef0679b4701
File size 25.3 MB ( 26555220 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe armadillo overlay

VirusTotal metadata
First submission 2012-05-05 01:09:02 UTC ( 6 years, 9 months ago )
Last submission 2013-09-20 02:35:39 UTC ( 5 years, 5 months ago )
File names mahjong_forests_installer.exe
F4CA21668DD576F0542F1BBE13321F66614CB15CD13E1D18CB9B59EFF9AFC9ED
Mahjong_Forests_installer.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!