× Obsługa plików cookie w przeglądarce jest wyłączona! Ta strona wymaga włączonej obsługi plików cookie, aby działać poprawnie
SHA256: f908843cad5a99e3fddb7b818569423e6d5bdc7a98e174efd52b9d3bd6f7dbb8
Nazwa pliku: World of Tanks Hack.exe
Współczynnik wykrycia: 0 / 53
Data analizy: 2016-01-19 22:06:18 UTC ( 1 rok, 10 miesięcy temu ) Zobacz najnowsze
Antywirus Wynik Uaktualnij
Ad-Aware 20160119
AegisLab 20160119
Yandex 20160119
AhnLab-V3 20160119
Alibaba 20160119
ALYac 20160119
Antiy-AVL 20160119
Arcabit 20160119
Avast 20160119
AVG 20160119
Avira (no cloud) 20160119
Baidu-International 20160119
BitDefender 20160119
Bkav 20160119
ByteHero 20160119
CAT-QuickHeal 20160119
ClamAV 20160119
CMC 20160111
Comodo 20160119
Cyren 20160119
DrWeb 20160119
Emsisoft 20160119
ESET-NOD32 20160119
F-Prot 20160119
F-Secure 20160119
Fortinet 20160119
GData 20160119
Ikarus 20160119
Jiangmin 20160119
K7AntiVirus 20160119
K7GW 20160119
Kaspersky 20160119
Malwarebytes 20160119
McAfee 20160119
McAfee-GW-Edition 20160119
Microsoft 20160119
eScan 20160119
NANO-Antivirus 20160119
nProtect 20160119
Panda 20160119
Qihoo-360 20160119
Rising 20160119
Sophos AV 20160119
SUPERAntiSpyware 20160119
Symantec 20160119
TheHacker 20160119
TrendMicro 20160119
TrendMicro-HouseCall 20160119
VBA32 20160119
VIPRE 20160119
ViRobot 20160119
Zillya 20160119
Zoner 20160119
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 9:46 PM 1/7/2016
Signers
[+] Riot Games
Status Valid
Issuer DigiCert SHA2 Assured ID Code Signing CA
Valid from 1:00 AM 3/21/2014
Valid to 1:00 PM 4/12/2017
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 69C23DC5EAEED30F5B88F7384DF8DF4827CBA7AD
Serial number 08 F4 65 A6 2C 6D 68 B3 56 5C D4 30 92 8A 42 DE
[+] DigiCert SHA2 Assured ID Code Signing CA
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 PM 10/22/2013
Valid to 1:00 PM 10/22/2028
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 92C1588E85AF2201CE7915E8538B492F605B80C6
Serial number 04 09 18 1B 5F D5 BB 66 75 53 43 B5 6F 95 50 08
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
Counter signers
[+] DigiCert Timestamp Responder
Status Valid
Issuer DigiCert Assured ID CA-1
Valid from 1:00 AM 10/22/2014
Valid to 1:00 AM 10/22/2024
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 614D271D9102E30169822487FDE5DE00A352B01D
Serial number 03 01 9A 02 3A FF 58 B1 6B D6 D5 EA E6 17 F0 66
[+] DigiCert Assured ID CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2021
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing
Algorithm sha1RSA
Thumbrint 19A09B5A36F4DD99727DF783C17A51231A56C117
Serial number 06 FD F9 03 96 03 AD EA 00 0A EB 3F 27 BB BA 1B
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbrint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-01-07 20:42:19
Entry Point 0x000031CC
Number of sections 5
PE sections
Overlays
MD5 81ffa30ede7f10c1c1bb907abd2e4ccc
File type data
Offset 107008
Size 7672
Entropy 7.06
PE imports
AreFileApisANSI
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
GetSystemInfo
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
HeapSize
GetCurrentProcessId
WriteConsoleW
GetCPInfo
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetProcessHeap
SetStdHandle
RaiseException
WideCharToMultiByte
TlsFree
GetModuleHandleA
GetSystemTimeAsFileTime
ReadFile
SetEndOfFile
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
HeapAlloc
TerminateProcess
GetModuleHandleExW
IsValidCodePage
OutputDebugStringW
CreateFileW
GetStringTypeW
TlsGetValue
Sleep
GetFileType
ReadConsoleW
TlsSetValue
EncodePointer
GetCurrentThreadId
SetLastError
LeaveCriticalSection
Number of PE resources by type
RT_MANIFEST 2
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:01:07 21:42:19+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
70656

LinkerVersion
12.0

EntryPoint
0x31cc

InitializedDataSize
43520

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
File identification
MD5 c6cc53be1ee13fc6aa2c6f8d28b05af3
SHA1 3c761383dc6e12199c5226595f169b597abcee24
SHA256 f908843cad5a99e3fddb7b818569423e6d5bdc7a98e174efd52b9d3bd6f7dbb8
ssdeep
1536:1WI/Lufd5YXeIk+nYAbnZxpnLClQ6R3cBSiSxTsWjcdrs26bg05add:1t/w5YXeMYSZxpLC6nrs26bgND

authentihash 8ed3af004fba7f76e1ced47b077f36b4a3001ef9958bdf14cd38d745452f704f
imphash c169375f19d05189988d96277faa14d9
File size 112.0 KB ( 114680 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2016-01-08 03:45:43 UTC ( 1 rok, 10 miesięcy temu )
Last submission 2016-01-20 18:03:45 UTC ( 1 rok, 10 miesięcy temu )
Nazwy plików Forge of Empires Hack v2.0.exe
jpatch.exe
jpatch.exe
League of Legends Hack.exe
jpatch.exe
jpatch.exe
jpatch.exe
jpatch.exe
jpatch.exe
World of Tanks Hack.exe
League of Legends Hack v2.1.exe
jpatch.exe
jpatch.exe
Legend Online Hack v2.2.exe
Lets Fish Hack v3.1.exe
jpatch.exe
NosTale Hack v2.2.exe
Big Farm Hack v2.2.exe
jpatch.exe
jpatch.exe
jpatch.exe
jpatch.exe
jpatch.exe
jpatch.exe
NosTale Hack.exe
Brak komentarzy. Żaden z członków społeczności VirusTotal nie skomentował tego. Bądź pierwszy, by to zrobić!

Skomentuj

?
Dodaj komentarz

Nie jesteś zalogowany. Tylko zarejestrowani użytkownicy mogą dodawać komentarze, zalogować się i mieć swój głos!

Brak ocen. Nikt jeszcze nie oddał swojego głosu, bądź pierwszy!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
UDP communications