× ¡Las cookies están desactivadas! Esta página requiere que las cookies estén activadas para funcionar correctamente
SHA256: b1d40af9858aa8d6907685d7b5fefcbeb65e631ea764aa7441a587ecc9a851c5
Nombre: Sinonimos.exe
Detecciones: 3 / 54
Fecha de análisis: 2016-08-13 13:23:44 UTC ( hace 2 años, 1 mes ) Ver el más reciente
Antivirus Resultado Actualización
Avast Win32:Evo-gen [Susp] 20160813
Comodo Backdoor.Win32.DarkKomet.GH 20160813
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20160813
Ad-Aware 20160813
AegisLab 20160813
AhnLab-V3 20160813
Alibaba 20160812
ALYac 20160813
Antiy-AVL 20160813
Arcabit 20160813
AVG 20160813
Avira (no cloud) 20160813
AVware 20160813
Baidu 20160813
BitDefender 20160813
Bkav 20160813
CAT-QuickHeal 20160813
ClamAV 20160813
CMC 20160811
Cyren 20160813
DrWeb 20160813
Emsisoft 20160813
ESET-NOD32 20160813
F-Prot 20160813
F-Secure 20160813
Fortinet 20160813
GData 20160813
Ikarus 20160813
Jiangmin 20160813
K7AntiVirus 20160813
K7GW 20160813
Kaspersky 20160813
Kingsoft 20160813
Malwarebytes 20160813
McAfee 20160813
McAfee-GW-Edition 20160813
Microsoft 20160813
eScan 20160813
NANO-Antivirus 20160813
nProtect 20160812
Panda 20160813
Sophos AV 20160813
SUPERAntiSpyware 20160813
Symantec 20160813
Tencent 20160813
TheHacker 20160812
TrendMicro 20160813
TrendMicro-HouseCall 20160813
VBA32 20160812
VIPRE 20160813
ViRobot 20160813
Yandex 20160812
Zillya 20160812
Zoner 20160813
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
C. Sánchez - 2016 www.truskylandia.com

Product Sinónimos
Original name Sinonimos.exe
Internal name Sinonimos
File version 2.00
Description Juego infantil didáctico
Comments Juego infantil didáctico C. Sánchez - 2016 www.truskylandia.com
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-12 20:40:31
Entry Point 0x000049B7
Number of sections 6
PE sections
Overlays
MD5 4d1d59fb2e7e914d16032f9a96466241
File type data
Offset 30208
Size 4735975
Entropy 7.96
PE imports
GetLastError
HeapFree
GetModuleFileNameW
GetVersionExW
SetEvent
HeapAlloc
GetCurrentProcess
OpenFileMappingW
OpenProcess
GetCommandLineW
MapViewOfFile
GetProcAddress
GetProcessHeap
CreateFileMappingW
GetFileSizeEx
SetEnvironmentVariableW
GetModuleHandleA
CloseHandle
DuplicateHandle
GetModuleHandleW
IsWow64Process
LoadLibraryW
UnmapViewOfFile
CreateFileW
VirtualFree
GetTickCount
VirtualAlloc
Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
SPANISH MODERN 1
PE resources
ExifTool file metadata
PackagerVersion
16.0.475

LegalTrademarks
C. S nchez - 2016 www.truskylandia.com

SubsystemVersion
5.0

Comments
Juego infantil did ctico C. S nchez - 2016 www.truskylandia.com

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

VmVersion
11.8.723

LanguageCode
Spanish (Modern)

FileFlagsMask
0x0000

FileDescription
Juego infantil did ctico

FileVersionNumber
2.0.0.0

CharacterSet
Unicode

InitializedDataSize
20480

EntryPoint
0x49b7

Packager
Turbo Studio 16

OriginalFileName
Sinonimos.exe

MIMEType
application/octet-stream

LegalCopyright
C. S nchez - 2016 www.truskylandia.com

FileVersion
2.0

TimeStamp
2016:08:12 21:40:31+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Sinonimos

ProductVersion
2.0

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
C. S nchez - 2016 www.truskylandia.com

CodeSize
20480

ProductName
Sin nimos

ProductVersionNumber
2.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 e7b3ae398532602154a34375f468770b
SHA1 9ff50c760b33ef221193335f2479579190af3651
SHA256 b1d40af9858aa8d6907685d7b5fefcbeb65e631ea764aa7441a587ecc9a851c5
ssdeep
98304:7TMulL8Llg5pKKn9q5InnGQ25ekmaaNKJXgvyn7MUOstYzgkKjok:7TZlL8LEQwkm3KHnkO5ok

authentihash ec1e602b31f48a9d80d9211cff5e3dfae257d4542ba31d2891a8114d1fd88e41
imphash aaec64f2ad182e38096da2ef4bc28f41
Tamaño del fichero 4.5 MB ( 4766183 bytes )
Tipo Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-08-13 13:23:44 UTC ( hace 2 años, 1 mes )
Last submission 2016-08-13 13:23:44 UTC ( hace 2 años, 1 mes )
Nombres Sinonimos
Sinonimos.exe
No hay comentarios. Ningún usuario ha comentado aún. ¡Sea el primero en hacerlo!

Deje su comentario...

?
Enviar comentario

No ha iniciado sesión. Solo los usuarios registrados pueden escribir comentarios.

No hay votos. Nadie ha votado aún. ¡Sea el primero!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications