× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fa9ccfb1bb879e695d02108ead10daa9c77002eb5e1ba2de1de7ac2c8fe27461
File name: 7919117
Detection ratio: 8 / 62
Analysis date: 2018-05-11 15:30:07 UTC ( 9 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.82793 20180511
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20180418
Cylance Unsafe 20180511
Endgame malicious (high confidence) 20180507
F-Secure Gen:Variant.Symmi.82793 20180511
Sophos ML heuristic 20180504
eScan Gen:Variant.Symmi.82793 20180511
SentinelOne (Static ML) static engine - malicious 20180225
AegisLab 20180511
AhnLab-V3 20180511
Alibaba 20180511
Antiy-AVL 20180511
Arcabit 20180511
Avast 20180511
Avast-Mobile 20180511
AVG 20180511
Avira (no cloud) 20180511
AVware 20180428
Babable 20180406
Baidu 20180511
BitDefender 20180511
Bkav 20180511
CAT-QuickHeal 20180511
ClamAV 20180511
CMC 20180511
Comodo 20180511
Cybereason None
Cyren 20180511
eGambit 20180511
Emsisoft 20180511
ESET-NOD32 20180511
F-Prot 20180511
Fortinet 20180511
GData 20180511
Ikarus 20180511
Jiangmin 20180511
K7AntiVirus 20180511
K7GW 20180511
Kingsoft 20180511
Malwarebytes 20180511
MAX 20180511
McAfee 20180511
McAfee-GW-Edition 20180510
Microsoft 20180511
nProtect 20180511
Palo Alto Networks (Known Signatures) 20180511
Panda 20180511
Qihoo-360 20180511
Rising 20180511
Sophos AV 20180511
SUPERAntiSpyware 20180511
Symantec 20180511
Symantec Mobile Insight 20180511
Tencent 20180511
TheHacker 20180509
TotalDefense 20180511
TrendMicro-HouseCall 20180511
Trustlook 20180511
VBA32 20180511
VIPRE 20180511
ViRobot 20180511
Webroot 20180511
Yandex 20180511
Zillya 20180511
ZoneAlarm by Check Point 20180511
Zoner 20180511
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright

Product Dying Light
Original name patch_dying_light_1.14.0_(15640)_to_1.15.0_(17146).exe
Internal name patch_dying_light_1.14.0_(15640)_to_1.15.0_(17146)
File version 0.00
Description Dying Light Setup
Comments This installation was built with Inno Setup.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-05-11 13:22:09
Entry Point 0x000011D0
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
_CIcos
__vbaStrCmp
_allmul
__vbaR8Cy
_adj_fprem
Ord(678)
_adj_fpatan
EVENT_SINK_AddRef
Ord(676)
Ord(675)
_adj_fdiv_m32i
__vbaExceptHandler
__vbaFreeVarList
DllFunctionCall
__vbaFPException
_adj_fdivr_m16i
_adj_fdiv_r
Ord(100)
_adj_fdivr_m64
_adj_fdiv_m64
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
EVENT_SINK_Release
EVENT_SINK_QueryInterface
_adj_fptan
_CIatan
__vbaNew2
_adj_fdivr_m32i
__vbaFpCy
_CIexp
_adj_fprem1
_adj_fdivr_m32
_CItan
Ord(598)
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 7
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 8
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
This installation was built with Inno Setup.

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
110592

EntryPoint
0x11d0

OriginalFileName
patch_dying_light_1.14.0_(15640)_to_1.15.0_(17146).exe

MIMEType
application/octet-stream

FileVersion
0.0

TimeStamp
2018:05:11 14:22:09+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
patch_dying_light_1.14.0_(15640)_to_1.15.0_(17146)

SubsystemVersion
4.0

ProductVersion
0.0

FileDescription
Dying Light Setup

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
413696

ProductName
Dying Light

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 6188c8ac984023e61c34b707026779a5
SHA1 40d54a52952d930e1f642d7a9c51e9b6151a64b0
SHA256 fa9ccfb1bb879e695d02108ead10daa9c77002eb5e1ba2de1de7ac2c8fe27461
ssdeep
12288:MuyIklfs/96cosraJBIfysiqye8Mm5Ivt46NC:MuyIka/fosKa0ept1NC

authentihash 88cfae57b5bf28f84ccefed8b54e8bc7fed8ab29988346bb190dcdb8f0b4dc8b
imphash c1f2bce1a8fa3a879b1a62530e6378da
File size 484.0 KB ( 495616 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (82.7%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
OS/2 Executable (generic) (2.0%)
Generic Win/DOS Executable (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2018-05-11 15:30:07 UTC ( 9 months, 2 weeks ago )
Last submission 2018-05-15 00:56:04 UTC ( 9 months, 2 weeks ago )
File names 7919117
patch_dying_light_1.14.0_(15640)_to_1.15.0_(17146)
patch_dying_light_1.14.0_(15640)_to_1.15.0_(17146).exe
output.113293389.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Searched windows
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.