× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ff1982d8f002b891c25bf6907a272b2a962e6ca6df3bf0e096ed2b266c36001b
Detection ratio: 0 / 65
Analysis date: 2018-04-04 12:50:35 UTC ( 11 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware 20180404
AegisLab 20180404
AhnLab-V3 20180404
Alibaba 20180404
ALYac 20180404
Antiy-AVL 20180404
Arcabit 20180404
Avast 20180404
Avast-Mobile 20180404
AVG 20180404
Avira (no cloud) 20180404
AVware 20180404
Baidu 20180404
BitDefender 20180404
Bkav 20180404
CAT-QuickHeal 20180404
ClamAV 20180404
CMC 20180404
Comodo 20180404
CrowdStrike Falcon (ML) 20170201
Cybereason 20180225
Cylance 20180404
Cyren 20180404
DrWeb 20180404
eGambit 20180404
Emsisoft 20180404
Endgame 20180403
ESET-NOD32 20180404
F-Prot 20180404
F-Secure 20180404
Fortinet 20180404
GData 20180404
Ikarus 20180404
Sophos ML 20180121
Jiangmin 20180404
K7AntiVirus 20180404
K7GW 20180404
Kaspersky 20180404
Kingsoft 20180404
Malwarebytes 20180404
MAX 20180404
McAfee 20180404
McAfee-GW-Edition 20180404
Microsoft 20180404
eScan 20180404
NANO-Antivirus 20180404
nProtect 20180404
Palo Alto Networks (Known Signatures) 20180404
Panda 20180403
Qihoo-360 20180404
Rising 20180404
SentinelOne (Static ML) 20180225
Sophos AV 20180404
SUPERAntiSpyware 20180404
Symantec 20180404
Symantec Mobile Insight 20180401
Tencent 20180404
TheHacker 20180330
TrendMicro 20180404
TrendMicro-HouseCall 20180404
Trustlook 20180404
VBA32 20180404
VIPRE 20180404
ViRobot 20180404
WhiteArmor 20180403
Yandex 20180403
Zillya 20180403
ZoneAlarm by Check Point 20180404
Zoner 20180403
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2010-2016 Garena. All rights reserved.

Product Garena
File version 2.0.1803.2016
Description Garena Installer
Signature verification Signed file, verified signature
Signing date 9:38 AM 3/20/2018
Signers
[+] Garena Online Pte Ltd
Status Valid
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 12/1/2017
Valid to 12:59 AM 1/16/2019
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint DADFFC734ECFCEC4C3235224A37B99180CB73BFD
Serial number 48 81 C6 60 94 09 00 F9 49 FE 4D 60 FA 7F 93 7E
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT NSIS
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-03-20 08:39:28
Entry Point 0x00005290
Number of sections 5
PE sections
Overlays
MD5 e1d7444a813a1647a98840a289c2b004
File type data
Offset 102400
Size 69250088
Entropy 8.00
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegEnumValueW
RegOpenKeyExW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueExW
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
CreateFontIndirectW
SetBkMode
CreateBrushIndirect
SelectObject
SetBkColor
DeleteObject
SetTextColor
GetLastError
GetProcAddress
HeapFree
CopyFileW
EnterCriticalSection
WriteFile
GetShortPathNameW
GetSystemInfo
lstrlenA
GetModuleFileNameW
GlobalFree
WaitForSingleObject
LoadLibraryA
GetExitCodeProcess
MulDiv
IsDebuggerPresent
HeapAlloc
GlobalUnlock
lstrcmpiW
RtlUnwind
GetFileAttributesW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
SetErrorMode
CompareFileTime
FindNextFileW
InitializeCriticalSection
GetFileSize
UnhandledExceptionFilter
SetFileTime
GetCommandLineW
GetWindowsDirectoryW
ExitProcess
LoadLibraryExW
MultiByteToWideChar
lstrlenW
SetFilePointerEx
CreateDirectoryW
SetFilePointer
GlobalLock
GetPrivateProfileStringW
GetProcessHeap
GetTempFileNameW
lstrcpynW
RemoveDirectoryW
GetModuleHandleA
lstrcpyW
SetFileAttributesW
lstrcmpiA
GetFileSizeEx
CreateThread
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetSystemDirectoryW
GetDiskFreeSpaceW
ReadFile
SetUnhandledExceptionFilter
GetTempPathW
CloseHandle
DeleteFileW
FindFirstFileW
lstrcmpW
HeapReAlloc
GetModuleHandleW
FreeLibrary
TerminateProcess
LoadLibraryW
SearchPathW
WideCharToMultiByte
SetCurrentDirectoryW
lstrcpyA
CreateFileW
GlobalAlloc
CreateProcessW
FindClose
lstrcatW
Sleep
MoveFileW
GetFullPathNameW
GetTickCount
GetVersion
WritePrivateProfileStringW
LeaveCriticalSection
SHBrowseForFolderW
SHFileOperationW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFileInfoW
EmptyClipboard
GetMessagePos
EndPaint
EndDialog
LoadBitmapW
SetClassLongW
DefWindowProcW
CharPrevW
PostQuitMessage
ShowWindow
FillRect
SetWindowPos
wvsprintfW
GetSystemMetrics
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
DestroyWindow
EnableWindow
GetDC
DialogBoxParamW
AppendMenuW
IsWindowEnabled
GetDlgItemTextW
MessageBoxIndirectW
GetSysColor
CheckDlgButton
DispatchMessageW
GetAsyncKeyState
BeginPaint
CreatePopupMenu
SendMessageW
SetWindowTextW
SetClipboardData
wsprintfW
IsWindowVisible
SetForegroundWindow
GetClassInfoW
SetTimer
GetDlgItem
SystemParametersInfoW
DrawTextW
LoadImageW
EnableMenuItem
ScreenToClient
InvalidateRect
CreateDialogParamW
wsprintfA
CharNextW
CallWindowProcW
TrackPopupMenu
RegisterClassW
FindWindowExW
IsDlgButtonChecked
CharNextA
SetDlgItemTextW
LoadCursorW
GetSystemMenu
SendMessageTimeoutW
CreateWindowExW
GetWindowLongW
CloseClipboard
GetClientRect
SetCursor
ExitWindowsEx
OpenClipboard
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_ICON 11
RT_DIALOG 3
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 17
PE resources
ExifTool file metadata
CodeSize
41472

SubsystemVersion
5.0

InitializedDataSize
21504

ImageVersion
6.0

ProductName
Garena

FileVersionNumber
2.0.1803.2016

UninitializedDataSize
2048

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.0.1803.2016

TimeStamp
2018:03:20 09:39:28+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
2.0.1803.2016

FileDescription
Garena Installer

OSVersion
5.0

FileOS
Win32

LegalCopyright
Copyright (C) 2010-2016 Garena. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Garena

LegalTrademarks
Garena

FileSubtype
0

ProductVersionNumber
2.0.1803.2016

EntryPoint
0x5290

ObjectFileType
Executable application

File identification
MD5 9ef746938b69222a45ded021d55209ea
SHA1 a1fd59f5987a6d905b8412fa4e2834ab4008b5ea
SHA256 ff1982d8f002b891c25bf6907a272b2a962e6ca6df3bf0e096ed2b266c36001b
ssdeep
1572864:gd+PmpTy+ViyANVSjvU8IubGqnYuiq0AR1Lw/MNgNgvzjF:NPmI+Fg+vULubT119q/OgGzjF

authentihash 4daedd5e540c3dbf3ba7f7d30940fa10c23550b5f1b5ea684826530029c9f285
imphash ccbecd4c2ab13ad31c2b854740940f9a
File size 66.1 MB ( 69352488 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
nsis peexe signed overlay

VirusTotal metadata
First submission 2018-03-21 06:08:50 UTC ( 12 months ago )
Last submission 2018-04-04 12:50:35 UTC ( 11 months, 2 weeks ago )
File names 0_118163424_Garena-v2.0.1803.2016.exe
0_118163424_Garena-v2.0.1803.2016.exe
Garena-v2.0.exe
0_118163424_Garena-v2.0.1803.2016.exe
Garena-v2.0.exe
Garena-v2.0.exe
Garena-v2.0.exe
Garena-v2.0-TW.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!