× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: 1c990b4c84a037dccebe24d39bf17947745f43662a9483b8a5b0339022c43796
Nom du fichier : myst3v122patch.exe
Ratio de détection : 10 / 54
Date d'analyse : 2016-01-29 14:08:24 UTC (il y a 2 ans, 8 mois) Voir les derniers
Antivirus Résultat Mise à jour
AegisLab Troj.Gen!c 20160129
Avast Win32:Malware-gen 20160129
CMC Server-Proxy.Win32.MarketScore!O 20160129
Cyren W32/Risk.ZKRS-4477 20160129
F-Prot W32/MalwareF.NFIW 20160129
McAfee Artemis!B1C65318F662 20160129
McAfee-GW-Edition Artemis 20160129
NANO-Antivirus Trojan.Win32.Skintrim.ntetb 20160129
Symantec Trojan.Gen.2 20160128
VIPRE Trojan.Win32.Generic!BT 20160129
Ad-Aware 20160129
Yandex 20160128
AhnLab-V3 20160129
Alibaba 20160129
ALYac 20160129
Antiy-AVL 20160129
Arcabit 20160129
AVG 20160129
Avira (no cloud) 20160129
Baidu-International 20160129
BitDefender 20160129
Bkav 20160129
ByteHero 20160129
CAT-QuickHeal 20160129
ClamAV 20160129
Comodo 20160129
DrWeb 20160129
Emsisoft 20160129
ESET-NOD32 20160129
F-Secure 20160129
Fortinet 20160129
GData 20160129
Ikarus 20160129
Jiangmin 20160129
K7AntiVirus 20160129
K7GW 20160129
Kaspersky 20160129
Malwarebytes 20160129
Microsoft 20160129
eScan 20160129
nProtect 20160129
Panda 20160128
Qihoo-360 20160129
Rising 20160129
Sophos AV 20160129
SUPERAntiSpyware 20160129
Tencent 20160129
TheHacker 20160124
TrendMicro 20160129
TrendMicro-HouseCall 20160129
VBA32 20160128
ViRobot 20160129
Zillya 20160128
Zoner 20160129
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version
Description Myst III: Exile (1.22 Patch) Setup
Comments This installation was built with Inno Setup: http://www.innosetup.com
Packers identified
Command INNO
F-PROT INNO
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0000C650
Number of sections 8
PE sections
Overlays
MD5 a2999cfe0bbb31b850c6dbba285cabd7
File type data
Offset 69120
Size 6405988
Entropy 8.00
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
GetModuleFileNameA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCPInfo
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
WriteFile
CloseHandle
GetFullPathNameA
LocalFree
CreateProcessA
InitializeCriticalSection
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
GetSystemMetrics
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
CharNextA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 4
RT_VERSION 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 6
DUTCH 4
ENGLISH US 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
This installation was built with Inno Setup: http://www.innosetup.com

LinkerVersion
2.25

ImageVersion
0.0

FileVersionNumber
0.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
22016

EntryPoint
0xc650

MIMEType
application/octet-stream

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
Myst III: Exile (1.22 Patch) Setup

OSVersion
1.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Focus Multimedia Ltd

CodeSize
48640

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 b1c65318f66230db61275f90d349fad3
SHA1 ca4a6289412b64ce982ffe525e9e391a0e9b4f52
SHA256 1c990b4c84a037dccebe24d39bf17947745f43662a9483b8a5b0339022c43796
ssdeep
196608:vxgK4+b7RWQAcOBwkwJ6Gd6nGtHp0WZmeWDvl:5gKZnAqk8aKiqkTl

authentihash eb361d85f6e6a980de718e792166c9e85f0d5d674a8f3991795ccc2d1a97ca33
imphash 03a57449e5cad93724ec1ab534741a15
File size 6.2 MB ( 6475108 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (82.8%)
Win32 Executable Delphi generic (10.7%)
Win32 Executable (generic) (3.4%)
Generic Win/DOS Executable (1.5%)
DOS Executable Generic (1.5%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-12-16 20:27:21 UTC (il y a 5 ans, 10 mois)
Last submission 2017-05-31 01:43:35 UTC (il y a 1 an, 4 mois)
Noms du fichier 1c990b4c84a037dccebe24d39bf17947745f43662a9483b8a5b0339022c43796
myst3v122patch.exe
1c990b4c84a037dccebe24d39bf17947745f43662a9483b8a5b0339022c43796.bin
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Created processes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications