× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f908843cad5a99e3fddb7b818569423e6d5bdc7a98e174efd52b9d3bd6f7dbb8
File name: NosTale Hack.exe
Detection ratio: 0 / 54
Analysis date: 2016-01-20 17:56:45 UTC ( 1 year, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware 20160120
AegisLab 20160120
Yandex 20160119
AhnLab-V3 20160120
Alibaba 20160120
ALYac 20160120
Antiy-AVL 20160120
Arcabit 20160120
Avast 20160120
AVG 20160120
Avira (no cloud) 20160120
Baidu-International 20160120
BitDefender 20160120
Bkav 20160120
ByteHero 20160120
CAT-QuickHeal 20160119
ClamAV 20160120
CMC 20160111
Comodo 20160120
Cyren 20160120
DrWeb 20160120
Emsisoft 20160120
ESET-NOD32 20160120
F-Prot 20160120
F-Secure 20160120
Fortinet 20160120
GData 20160120
Ikarus 20160120
Jiangmin 20160120
K7AntiVirus 20160120
K7GW 20160120
Kaspersky 20160120
Malwarebytes 20160120
McAfee 20160120
McAfee-GW-Edition 20160120
Microsoft 20160120
eScan 20160120
NANO-Antivirus 20160120
nProtect 20160120
Panda 20160120
Qihoo-360 20160120
Rising 20160120
Sophos AV 20160120
SUPERAntiSpyware 20160120
Symantec 20160120
Tencent 20160120
TheHacker 20160119
TrendMicro 20160120
TrendMicro-HouseCall 20160120
VBA32 20160120
VIPRE 20160120
ViRobot 20160120
Zillya 20160120
Zoner 20160120
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 9:46 PM 1/7/2016
Signers
[+] Riot Games
Status Valid
Issuer DigiCert SHA2 Assured ID Code Signing CA
Valid from 1:00 AM 3/21/2014
Valid to 1:00 PM 4/12/2017
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 69C23DC5EAEED30F5B88F7384DF8DF4827CBA7AD
Serial number 08 F4 65 A6 2C 6D 68 B3 56 5C D4 30 92 8A 42 DE
[+] DigiCert SHA2 Assured ID Code Signing CA
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 PM 10/22/2013
Valid to 1:00 PM 10/22/2028
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 92C1588E85AF2201CE7915E8538B492F605B80C6
Serial number 04 09 18 1B 5F D5 BB 66 75 53 43 B5 6F 95 50 08
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
Counter signers
[+] DigiCert Timestamp Responder
Status Valid
Issuer DigiCert Assured ID CA-1
Valid from 1:00 AM 10/22/2014
Valid to 1:00 AM 10/22/2024
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 614D271D9102E30169822487FDE5DE00A352B01D
Serial number 03 01 9A 02 3A FF 58 B1 6B D6 D5 EA E6 17 F0 66
[+] DigiCert Assured ID CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2021
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing
Algorithm sha1RSA
Thumbrint 19A09B5A36F4DD99727DF783C17A51231A56C117
Serial number 06 FD F9 03 96 03 AD EA 00 0A EB 3F 27 BB BA 1B
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbrint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-01-07 20:42:19
Entry Point 0x000031CC
Number of sections 5
PE sections
Overlays
MD5 81ffa30ede7f10c1c1bb907abd2e4ccc
File type data
Offset 107008
Size 7672
Entropy 7.06
PE imports
AreFileApisANSI
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
GetSystemInfo
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
HeapSize
GetCurrentProcessId
WriteConsoleW
GetCPInfo
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetProcessHeap
SetStdHandle
RaiseException
WideCharToMultiByte
TlsFree
GetModuleHandleA
GetSystemTimeAsFileTime
ReadFile
SetEndOfFile
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
HeapAlloc
TerminateProcess
GetModuleHandleExW
IsValidCodePage
OutputDebugStringW
CreateFileW
GetStringTypeW
TlsGetValue
Sleep
GetFileType
ReadConsoleW
TlsSetValue
EncodePointer
GetCurrentThreadId
SetLastError
LeaveCriticalSection
Number of PE resources by type
RT_MANIFEST 2
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:01:07 21:42:19+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
70656

LinkerVersion
12.0

EntryPoint
0x31cc

InitializedDataSize
43520

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
File identification
MD5 c6cc53be1ee13fc6aa2c6f8d28b05af3
SHA1 3c761383dc6e12199c5226595f169b597abcee24
SHA256 f908843cad5a99e3fddb7b818569423e6d5bdc7a98e174efd52b9d3bd6f7dbb8
ssdeep
1536:1WI/Lufd5YXeIk+nYAbnZxpnLClQ6R3cBSiSxTsWjcdrs26bg05add:1t/w5YXeMYSZxpLC6nrs26bgND

authentihash 8ed3af004fba7f76e1ced47b077f36b4a3001ef9958bdf14cd38d745452f704f
imphash c169375f19d05189988d96277faa14d9
File size 112.0 KB ( 114680 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2016-01-08 03:45:43 UTC ( 1 year, 10 months ago )
Last submission 2016-01-20 18:03:45 UTC ( 1 year, 10 months ago )
File names Forge of Empires Hack v2.0.exe
jpatch.exe
jpatch.exe
League of Legends Hack.exe
jpatch.exe
jpatch.exe
jpatch.exe
jpatch.exe
jpatch.exe
World of Tanks Hack.exe
League of Legends Hack v2.1.exe
jpatch.exe
jpatch.exe
Legend Online Hack v2.2.exe
Lets Fish Hack v3.1.exe
jpatch.exe
NosTale Hack v2.2.exe
Big Farm Hack v2.2.exe
jpatch.exe
jpatch.exe
jpatch.exe
jpatch.exe
jpatch.exe
jpatch.exe
NosTale Hack.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
UDP communications