× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: 9d45daeea4f6f4818ea339776b6b5e306350cdddad00e0fd8eacbb1d827ace4e
Имя файла: WoT - The Tundra.exe
Показатель выявления: 0 / 52
Дата анализа: 2014-11-04 16:47:04 UTC (3 лет, 8 месяцев назад) Показать последний анализ
Антивирус Результат Дата обновления
Ad-Aware 20141104
AegisLab 20141104
Yandex 20141103
AhnLab-V3 20141104
Antiy-AVL 20141104
Avast 20141104
AVG 20141104
Avira (no cloud) 20141104
AVware 20141104
Baidu-International 20141103
BitDefender 20141104
Bkav 20141104
ByteHero 20141104
CAT-QuickHeal 20141104
ClamAV 20141104
CMC 20141104
Comodo 20141104
Cyren 20141104
DrWeb 20141104
Emsisoft 20141104
ESET-NOD32 20141104
F-Prot 20141104
F-Secure 20141104
Fortinet 20141104
GData 20141104
Ikarus 20141104
Jiangmin 20141103
K7AntiVirus 20141103
K7GW 20141104
Kaspersky 20141104
Kingsoft 20141104
Malwarebytes 20141104
McAfee 20141104
McAfee-GW-Edition 20141104
Microsoft 20141104
eScan 20141104
NANO-Antivirus 20141104
Norman 20141104
nProtect 20141104
Qihoo-360 20141104
Rising 20141103
Sophos AV 20141104
SUPERAntiSpyware 20141104
Symantec 20141104
Tencent 20141104
TheHacker 20141104
TotalDefense 20141104
TrendMicro-HouseCall 20141104
VBA32 20141104
ViRobot 20141104
Zillya 20141103
Zoner 20141104
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
DarkTeam© | 2012-2014

Product The Tundra 0.4
File version 0.4
Description World of Tanks Hack by DarkTeam.net
Comments Follow Us on DarkTeam.net
Packers identified
F-PROT UPX_LZMA
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-11-04 16:46:44
Entry Point 0x001ADDD0
Number of sections 3
PE sections
PE imports
ImageList_Remove
GetOpenFileNameW
LineTo
IcmpSendEcho
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
WNetUseConnectionW
VariantInit
GetProcessMemoryInfo
DragFinish
LoadUserProfileW
IsThemeActive
VerQueryValueW
FtpOpenFileW
timeGetTime
setsockopt
CoGetObject
Number of PE resources by type
RT_ICON 7
RT_STRING 7
RT_GROUP_ICON 2
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 18
NEUTRAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
929792

Comments
Follow Us on DarkTeam.net

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.4.0.0

LanguageCode
English (British)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
376832

MIMEType
application/octet-stream

LegalCopyright
DarkTeam | 2012-2014

FileVersion
0.4

TimeStamp
2014:11:04 17:46:44+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.1

FileAccessDate
2014:12:03 06:43:56+01:00

FileDescription
World of Tanks Hack by DarkTeam.net

OSVersion
5.1

FileCreateDate
2014:12:03 06:43:56+01:00

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
831488

ProductName
The Tundra 0.4

ProductVersionNumber
0.4.0.0

EntryPoint
0x1addd0

ObjectFileType
Unknown

File identification
MD5 01569314b78dd20c8a24b18a4348440a
SHA1 8cb08db8f8ec53529b94dbbc308e5efe3b2e782a
SHA256 9d45daeea4f6f4818ea339776b6b5e306350cdddad00e0fd8eacbb1d827ace4e
ssdeep
24576:fGBg5oyx2Tmi8XPPVAOF28SNrE464EvAanR3dOCz7:fagaI9i8faD8SdETvZRT

authentihash a114cdd39c57d8c0c4dc4cce85b91a19c7cbcacbc5e371b94670fe1e9f15f318
imphash 11ea841ebb83b186805cc0d8a1a3d4a1
Размер файла 1.1 MБ ( 1205248 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
Tags
peexe upx

VirusTotal metadata
First submission 2014-11-04 16:47:04 UTC (3 лет, 8 месяцев назад)
Last submission 2014-11-05 11:11:21 UTC (3 лет, 8 месяцев назад)
Имена файлов WoT - The Tundra.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.