× 쿠키가 비활성화 되어 있습니다! 이 사이트는 작업을 제대로 하려면 쿠키 활성화가 필요합니다.
SHA256: 3a870ee9820f39c6305168ee4242fbf760e3b5c54678908495ff9546d8a31bee
파일 이름: GameGrabber
탐지 비율: 2 / 57
분석 날짜: 2015-06-10 03:58:16 UTC ( 3년, 6개월 전 )
안티바이러스 결과 업데이트
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20150610
Tencent Trojan.Win32.YY.Gen.3 20150610
Ad-Aware 20150610
AegisLab 20150610
Yandex 20150609
AhnLab-V3 20150609
Alibaba 20150609
ALYac 20150610
Antiy-AVL 20150610
Arcabit 20150610
Avast 20150610
AVG 20150610
Avira (no cloud) 20150610
AVware 20150610
Baidu-International 20150609
BitDefender 20150610
Bkav 20150609
ByteHero 20150610
CAT-QuickHeal 20150610
ClamAV 20150610
CMC 20150604
Comodo 20150610
Cyren 20150610
DrWeb 20150610
Emsisoft 20150610
ESET-NOD32 20150610
F-Prot 20150609
F-Secure 20150610
Fortinet 20150610
GData 20150610
Ikarus 20150610
Jiangmin 20150609
K7AntiVirus 20150609
K7GW 20150610
Kaspersky 20150609
Kingsoft 20150610
Malwarebytes 20150609
McAfee 20150610
McAfee-GW-Edition 20150609
Microsoft 20150610
eScan 20150610
NANO-Antivirus 20150610
nProtect 20150609
Panda 20150609
Rising 20150609
Sophos AV 20150610
SUPERAntiSpyware 20150610
Symantec 20150610
TheHacker 20150609
TotalDefense 20150609
TrendMicro 20150610
TrendMicro-HouseCall 20150610
VBA32 20150609
VIPRE 20150610
ViRobot 20150610
Zillya 20150610
Zoner 20150609
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Dongwoo Shin(http://www.byCPP.com)

Publisher Dongwoo Shin
Product GameGrabber
Original name GameGrabber.exe
Internal name GameGrabber
File version 0.0.0.0
Description GameGrabber -DirectX Capture
Comments GameGrabber
Signature verification Signed file, verified signature
Signing date 4:45 AM 5/13/2015
Signers
[+] Dongwoo Shin
Status Valid
Issuer None
Valid from 4:41 PM 5/9/2015
Valid to 9:52 PM 5/9/2017
Valid usage Code Signing, Lifetime Signing
Algorithm 1.2.840.113549.1.1.11
Thumbprint DF58AB56417621283CA2099C5009E80A0FF5AB0F
Serial number 11 85 0E 4B 32 C0 32
[+] StartCom Class 2 Primary Intermediate Object CA
Status Valid
Issuer None
Valid from 11:01 PM 10/24/2007
Valid to 11:01 PM 10/24/2017
Valid usage All
Algorithm SHA1
Thumbprint D893C4F678F891F2823CD078AA5E1C48FD1DA225
Serial number 24
[+] StartCom Certification Authority
Status Valid
Issuer None
Valid from 8:46 PM 9/17/2006
Valid to 8:46 PM 9/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm SHA1
Thumbprint 3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F
Serial number 01
Counter signers
[+] StartCom Time-Stamping Authority
Status Valid
Issuer None
Valid from 1:00 AM 1/31/2011
Valid to 12:59 AM 2/1/2021
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 962FDDD76C6145ADAFA5E9AD98E3020D0821DD81
Serial number 40
[+] StartCom Certification Authority
Status Valid
Issuer None
Valid from 8:46 PM 9/17/2006
Valid to 8:46 PM 9/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm SHA1
Thumbrint 3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F
Serial number 01
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-10-26 15:45:04
Entry Point 0x0000132E
Number of sections 5
PE sections
Overlays
MD5 0a738052c8779db60ac5db84162dff10
File type data
Offset 74240
Size 6384
Entropy 7.31
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
HeapAlloc
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetFileType
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
GetCPInfo
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetProcessHeap
SetStdHandle
CreateMutexA
RaiseException
WideCharToMultiByte
TlsFree
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
LoadLibraryExA
FreeLibrary
TerminateProcess
GetModuleHandleExW
IsValidCodePage
OutputDebugStringW
CreateFileW
TlsGetValue
Sleep
WriteConsoleW
TlsSetValue
ExitProcess
GetCurrentThreadId
SetLastError
LeaveCriticalSection
LoadAcceleratorsA
GetMessageA
CreateWindowExA
LoadCursorA
LoadIconA
FindWindowA
LoadStringA
DispatchMessageA
EndPaint
BeginPaint
TranslateMessage
SetForegroundWindow
TranslateAcceleratorA
PostQuitMessage
DefWindowProcA
ShowWindow
RegisterClassExA
DestroyWindow
Number of PE resources by type
RT_ICON 1
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
KOREAN 4
ENGLISH US 1
PE resources
ExifTool file metadata
FileDescription
GameGrabber -DirectX Capture

Comments
GameGrabber

InitializedDataSize
38400

ImageVersion
0.0

ProductName
GameGrabber

FileVersionNumber
0.0.0.0

LanguageCode
Korean

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
12.0

FileTypeExtension
exe

OriginalFileName
GameGrabber.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
0.0.0.0

TimeStamp
2013:10:26 16:45:04+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
GameGrabber

SubsystemVersion
5.1

ProductVersion
0.0.0.0

UninitializedDataSize
0

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
Dongwoo Shin(http://www.byCPP.com)

MachineType
Intel 386 or later, and compatibles

CompanyName
www.bycpp.com

CodeSize
42496

FileSubtype
0

ProductVersionNumber
0.0.0.0

EntryPoint
0x132e

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 09966433279eabb33b0ce9fd254f5b0d
SHA1 eaad24bd0065c27a9d5d761e575c878aee4101c9
SHA256 3a870ee9820f39c6305168ee4242fbf760e3b5c54678908495ff9546d8a31bee
ssdeep
1536:imRUBTriChIKylV46//c8WsWjcdwdeGsO:lRUBvG/vZwdRn

authentihash 24c8f39d593d73a51f8889af54fabe1b28f5f7f75a3780ebd215d72185040de3
imphash 5d9fcc06e91155920effb2fea7799555
File size 78.7 KB ( 80624 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2015-05-13 03:51:53 UTC ( 3년, 7개월 전 )
Last submission 2015-05-13 03:51:53 UTC ( 3년, 7개월 전 )
파일 이름 GameGrabber
GameGrabber.exe
GameGrabber.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
댓글이 없습니다.. 이 항목에 대해 댓글을 작성한 바이러스토탈 커뮤니티 회원이 아직 없습니다. 첫 번째로 댓글을 작성해 보십시오!

댓글 남기기...

?
댓글 달기

로그인 안됨. 등록된 사용자만 댓글을 남길 수 있습니다. 로그인하여 댓글을 남겨보십시오!

투표가 없습니다.. 아직 이 항목에 투표한 사람이 없습니다. 첫 번째로 투표해 보십시오!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.