× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fd94a196c4d79e647f3ade86aad0b7b8b3b798cfe6e3899d35ca495ae2bebf23
File name: Prince of Persia The Two Thrones_TR_Yama_v2.0.exe
Detection ratio: 1 / 55
Analysis date: 2016-08-03 14:12:19 UTC ( 2 years ago )
Antivirus Result Update
McAfee-GW-Edition BehavesLike.Win32.Tool.tc 20160803
Ad-Aware 20160803
AegisLab 20160803
AhnLab-V3 20160803
Alibaba 20160803
ALYac 20160803
Antiy-AVL 20160803
Arcabit 20160803
Avast 20160803
AVG 20160803
Avira (no cloud) 20160803
AVware 20160803
Baidu 20160803
BitDefender 20160803
Bkav 20160803
CAT-QuickHeal 20160803
ClamAV 20160803
CMC 20160803
Comodo 20160803
Cyren 20160803
DrWeb 20160803
Emsisoft 20160803
ESET-NOD32 20160803
F-Prot 20160803
F-Secure 20160803
Fortinet 20160803
GData 20160803
Ikarus 20160803
Jiangmin 20160803
K7AntiVirus 20160803
K7GW 20160803
Kaspersky 20160803
Kingsoft 20160803
Malwarebytes 20160803
McAfee 20160803
Microsoft 20160803
eScan 20160803
NANO-Antivirus 20160803
nProtect 20160803
Panda 20160803
Qihoo-360 20160803
Sophos AV 20160803
SUPERAntiSpyware 20160803
Symantec 20160803
Tencent 20160803
TheHacker 20160803
TotalDefense 20160803
TrendMicro 20160803
TrendMicro-HouseCall 20160803
VBA32 20160802
VIPRE 20160803
ViRobot 20160803
Yandex 20160802
Zillya 20160803
Zoner 20160803
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
2012 - OyunCeviri.com

Product Prince of Persia The Two Thrones Türkçe Yama
File version 2.0
Description Prince of Persia The Two Thrones TR v2.0
Comments Oyunlar artýk Türkçe :)
Packers identified
F-PROT NSIS, appended, UTF-8, UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-12-05 22:50:46
Entry Point 0x00041400
Number of sections 3
PE sections
Overlays
MD5 5c31fac593cc3aa56ba6d1962f88ba54
File type data
Offset 49152
Size 9552668
Entropy 8.00
PE imports
RegEnumKeyA
SetBkMode
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
ShellExecuteA
VerQueryValueA
CoTaskMemFree
Number of PE resources by type
RT_ICON 6
RT_DIALOG 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 12
NEUTRAL 1
PE resources
ExifTool file metadata
LegalTrademarks
Prince of Persia The Two Thrones Ubisoft

SubsystemVersion
4.0

Comments
Oyunlar art k T rk e :)

LinkerVersion
6.0

ImageVersion
6.0

CompanyWebsite
http://www.oyunceviri.com

FileSubtype
0

FileVersionNumber
2.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x0000

FileDescription
Prince of Persia The Two Thrones TR v2.0

CharacterSet
Windows, Latin1

InitializedDataSize
32768

EntryPoint
0x41400

MIMEType
application/octet-stream

LegalCopyright
2012 - OyunCeviri.com

FileVersion
2.0

TimeStamp
2009:12:05 23:50:46+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
2.0

UninitializedDataSize
245760

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
OyunCeviri.com

CodeSize
20480

ProductName
Prince of Persia The Two Thrones T rk e Yama

ProductVersionNumber
2.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 9dac12608e7a660b0e910ca39ec1b5f3
SHA1 6c704cbfe7708ccc6ad0724df83bdc55716aa37e
SHA256 fd94a196c4d79e647f3ade86aad0b7b8b3b798cfe6e3899d35ca495ae2bebf23
ssdeep
196608:hM/40PAokNcen496ZOdQw3tgKVZZSrTYdYYyKalTdHNlvC:hMw0orbnZ4fdPia3yKalJNxC

authentihash 9a96460c52b66659e002249e5fa393100888258a86a09cbe2a5603a83dc8f715
imphash 2134f794bcda54794e74b7208adb2204
File size 9.2 MB ( 9601820 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
Tags
nsis peexe upx overlay

VirusTotal metadata
First submission 2012-11-02 08:18:42 UTC ( 5 years, 9 months ago )
Last submission 2015-01-12 13:45:44 UTC ( 3 years, 7 months ago )
File names Prince of Persia The Two Thrones_TR_Yama_v2.0.exe
prince of persia the two thrones_tr_yama_v2.0.exe
prince of persia the two thrones_tr_yama_v2.0.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
keylogger

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Set keys
Created mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications