× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: 1a6eb5a366ae543f9605d82f108c2af41c7a20e193df891b1e7815c271f24d67
Имя файла: UEDreamLair_2.1.1.exe
Показатель выявления: 2 / 48
Дата анализа: 2014-01-05 00:38:01 UTC (4 лет, 11 месяцев назад) Показать последний анализ
Антивирус Результат Дата обновления
ESET-NOD32 Win32/Packed.Autoit.H 20140104
VBA32 Trojan.Autoit.F 20140104
Ad-Aware 20140105
Yandex 20140104
AhnLab-V3 20140104
AntiVir 20140104
Antiy-AVL 20140104
Avast 20140105
AVG 20140105
Baidu-International 20131213
BitDefender 20140105
Bkav 20140105
ByteHero 20131226
CAT-QuickHeal 20140104
ClamAV 20140102
Commtouch 20140104
Comodo 20140105
DrWeb 20140105
Emsisoft 20140105
F-Prot 20140104
F-Secure 20140104
Fortinet 20140105
GData 20140105
Ikarus 20140104
Jiangmin 20140104
K7AntiVirus 20140103
K7GW 20140103
Kaspersky 20140104
Kingsoft 20130829
Malwarebytes 20140105
McAfee 20140105
McAfee-GW-Edition 20140105
Microsoft 20140105
eScan 20140105
NANO-Antivirus 20140104
Norman 20140104
nProtect 20140103
Panda 20140104
Rising 20140104
Sophos AV 20140105
SUPERAntiSpyware 20140105
Symantec 20140104
TheHacker 20140102
TotalDefense 20140104
TrendMicro 20140105
TrendMicro-HouseCall 20140105
VIPRE 20140105
ViRobot 20140104
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2008-2014 DreamLair.net

Product DreamLair
Original name DreamLair
Internal name Button for TC
File version 2014 [Lair]
Description Winter is Coming
Comments With dreams in heart
Signature verification A certificate chain could not be built to a trusted root authority.
Signing date 12:12 PM 7/6/2017
Packers identified
F-PROT appended, 7Z
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-12-31 00:38:38
Entry Point 0x0001638F
Number of sections 4
PE sections
Overlays
MD5 59c7109198edec387967e47471d50804
File type data
Offset 127488
Size 6136136
Entropy 8.00
PE imports
FreeSid
AllocateAndInitializeSid
CheckTokenMembership
GetDeviceCaps
GetCurrentObject
DeleteDC
CreateFontIndirectW
SelectObject
CreateCompatibleBitmap
GetObjectW
SetStretchBltMode
CreateCompatibleDC
DeleteObject
StretchBlt
SetThreadLocale
GetStdHandle
GetDriveTypeW
WaitForSingleObject
LockResource
CreateJobObjectW
GetFileAttributesW
SetInformationJobObject
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetSystemDirectoryW
lstrcatW
GetLocaleInfoW
FindResourceExA
WideCharToMultiByte
GetTempPathW
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
GetExitCodeProcess
LocalFree
FormatMessageW
ResumeThread
InitializeCriticalSection
LoadResource
FindClose
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetModuleFileNameW
ExitProcess
lstrcmpiW
SetProcessWorkingSetSize
GetSystemDefaultLCID
MultiByteToWideChar
SetFilePointer
CreateThread
SetEnvironmentVariableW
GetSystemDefaultUILanguage
GetExitCodeThread
MulDiv
SetCurrentDirectoryW
GlobalAlloc
GetDiskFreeSpaceExW
SetEndOfFile
GetCurrentThreadId
EnterCriticalSection
TerminateThread
lstrcmpiA
GetVersionExW
SetEvent
LoadLibraryA
GetStartupInfoA
GetFileSize
GetStartupInfoW
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
AssignProcessToJobObject
lstrcpyW
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
ResetEvent
FindFirstFileW
lstrcmpW
GetProcAddress
CreateEventW
CreateFileW
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
lstrlenA
GlobalFree
lstrlenW
VirtualFree
GetQueuedCompletionStatus
SizeofResource
CompareFileTime
CreateIoCompletionPort
SetFileTime
GetCommandLineW
SuspendThread
GetModuleHandleA
ReadFile
CloseHandle
GetModuleHandleW
WriteFile
CreateProcessW
Sleep
IsBadReadPtr
VirtualAlloc
strncmp
__p__fmode
malloc
??1type_info@@UAE@XZ
memset
_wcsnicmp
__dllonexit
_except_handler3
??2@YAPAXI@Z
_onexit
_wtol
exit
_XcptFilter
memcmp
__setusermatherr
__p__commode
_acmdln
_CxxThrowException
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
_adjust_fdiv
??3@YAXPAX@Z
free
wcsncmp
__getmainargs
_purecall
_controlfp
memmove
memcpy
_beginthreadex
_initterm
_exit
_EH_prolog
__set_app_type
SysFreeString
OleLoadPicture
VariantClear
SysAllocString
SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW
SHGetSpecialFolderPathW
SHGetMalloc
SetFocus
GetParent
EndDialog
DrawTextW
DefWindowProcW
KillTimer
GetMessageW
ShowWindow
MessageBeep
SetWindowPos
wvsprintfW
GetSystemMetrics
SetWindowLongW
IsWindow
SendMessageW
GetWindowRect
ClientToScreen
UnhookWindowsHookEx
CharUpperW
MessageBoxA
LoadIconW
GetWindowDC
CopyImage
GetWindow
GetSysColor
DispatchMessageW
GetKeyState
ReleaseDC
GetMenu
GetWindowLongW
DrawIconEx
SetWindowTextW
CreateWindowExA
GetDlgItem
SystemParametersInfoW
LoadImageW
GetDC
ScreenToClient
CallNextHookEx
wsprintfA
SetTimer
CallWindowProcW
GetSystemMenu
DialogBoxIndirectParamW
EnableWindow
GetClientRect
GetWindowTextW
EnableMenuItem
SetWindowsHookExW
GetClassNameA
GetWindowTextLengthW
CreateWindowExW
wsprintfW
PtInRect
DestroyWindow
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
Number of PE resources by type
RT_ICON 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 5
ENGLISH US 2
PE resources
ExifTool file metadata
SpecialBuild
Only for DreamLair.net

LegalTrademarks
DreamLair.net

SubsystemVersion
4.0

Comments
With dreams in heart

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2014.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Winter is Coming

CharacterSet
Unicode

InitializedDataSize
37376

PrivateBuild
2014.01.05

EntryPoint
0x1638f

OriginalFileName
DreamLair

MIMEType
application/octet-stream

LegalCopyright
Copyright 2008-2014 DreamLair.net

FileVersion
2014 [Lair]

TimeStamp
2012:12:31 01:38:38+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Button for TC

ProductVersion
2014 [Lair]

UninitializedDataSize
0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
DreamLair.net

CodeSize
89600

ProductName
DreamLair

ProductVersionNumber
2014.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 7d2c2b00016bd7f6b08f69566ca35af7
SHA1 1f3418f9e40d5e6ec65b2b5f868c5e59fca17335
SHA256 1a6eb5a366ae543f9605d82f108c2af41c7a20e193df891b1e7815c271f24d67
ssdeep
98304:+t229nymdr20WVm6xZhgkjqv1JO3pDxGcpKG3zTRJAbALD1WMoMRds6zxz/TSNze:+t7r2016xZhVWm3phZjvAbALpSf6zRSo

authentihash d6d64e7e09dcc28122262322592e316a8a45bc0f32a175dc6c9b59b85bab901d
imphash f6baa5eaa8231d4fe8e922a2e6d240ea
Размер файла 6.0 MБ ( 6263624 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Generic Win/DOS Executable (50.0%)
DOS Executable Generic (49.9%)
Tags
peexe armadillo overlay

VirusTotal metadata
First submission 2014-01-05 00:38:01 UTC (4 лет, 11 месяцев назад)
Last submission 2017-07-06 11:12:48 UTC (1 год, 5 месяцев назад)
Имена файлов UEDreamLair_2.1.1.exe
DreamLair
file-6848577_exe
UEDreamLair_2.1.1.exe
uedreamlair_2.1.1.exe
Button for TC
UEDreamLair_2.1.1.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
screen-capture

Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Set keys
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.