| SHA256: | 9d45daeea4f6f4818ea339776b6b5e306350cdddad00e0fd8eacbb1d827ace4e |
| Имя файла: | WoT - The Tundra.exe |
| Показатель выявления: | 0 / 52 |
| Дата анализа: | 2014-11-04 16:47:04 UTC (3 лет, 8 месяцев назад) Показать последний анализ |
| Антивирус | Результат | Дата обновления |
|---|---|---|
| Ad-Aware | 20141104 | |
| AegisLab | 20141104 | |
| Yandex | 20141103 | |
| AhnLab-V3 | 20141104 | |
| Antiy-AVL | 20141104 | |
| Avast | 20141104 | |
| AVG | 20141104 | |
| Avira (no cloud) | 20141104 | |
| AVware | 20141104 | |
| Baidu-International | 20141103 | |
| BitDefender | 20141104 | |
| Bkav | 20141104 | |
| ByteHero | 20141104 | |
| CAT-QuickHeal | 20141104 | |
| ClamAV | 20141104 | |
| CMC | 20141104 | |
| Comodo | 20141104 | |
| Cyren | 20141104 | |
| DrWeb | 20141104 | |
| Emsisoft | 20141104 | |
| ESET-NOD32 | 20141104 | |
| F-Prot | 20141104 | |
| F-Secure | 20141104 | |
| Fortinet | 20141104 | |
| GData | 20141104 | |
| Ikarus | 20141104 | |
| Jiangmin | 20141103 | |
| K7AntiVirus | 20141103 | |
| K7GW | 20141104 | |
| Kaspersky | 20141104 | |
| Kingsoft | 20141104 | |
| Malwarebytes | 20141104 | |
| McAfee | 20141104 | |
| McAfee-GW-Edition | 20141104 | |
| Microsoft | 20141104 | |
| eScan | 20141104 | |
| NANO-Antivirus | 20141104 | |
| Norman | 20141104 | |
| nProtect | 20141104 | |
| Qihoo-360 | 20141104 | |
| Rising | 20141103 | |
| Sophos AV | 20141104 | |
| SUPERAntiSpyware | 20141104 | |
| Symantec | 20141104 | |
| Tencent | 20141104 | |
| TheHacker | 20141104 | |
| TotalDefense | 20141104 | |
| TrendMicro-HouseCall | 20141104 | |
| VBA32 | 20141104 | |
| ViRobot | 20141104 | |
| Zillya | 20141103 | |
| Zoner | 20141104 |
The file being studied is a Portable Executable file!
More specifically, it is a Win32 EXE
file
for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
DarkTeam© | 2012-2014
Product The Tundra 0.4
File version 0.4
Description World of Tanks Hack by DarkTeam.net
Comments Follow Us on DarkTeam.net
Packers identified
F-PROT UPX_LZMA
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-11-04 16:46:44
Entry Point 0x001ADDD0
Number of sections 3
PE sections
PE imports
Number of PE resources by type
RT_ICON 7
RT_STRING 7
RT_GROUP_ICON 2
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 18
NEUTRAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
929792
Comments
Follow Us on DarkTeam.net
LinkerVersion
12.0
ImageVersion
0.0
FileSubtype
0
FileVersionNumber
0.4.0.0
LanguageCode
English (British)
FileFlagsMask
0x0000
CharacterSet
Unicode
InitializedDataSize
376832
MIMEType
application/octet-stream
LegalCopyright
DarkTeam | 2012-2014
FileVersion
0.4
TimeStamp
2014:11:04 17:46:44+01:00
FileType
Win32 EXE
PEType
PE32
SubsystemVersion
5.1
FileAccessDate
2014:12:03 06:43:56+01:00
FileDescription
World of Tanks Hack by DarkTeam.net
OSVersion
5.1
FileCreateDate
2014:12:03 06:43:56+01:00
FileOS
Win32
Subsystem
Windows GUI
MachineType
Intel 386 or later, and compatibles
CodeSize
831488
ProductName
The Tundra 0.4
ProductVersionNumber
0.4.0.0
EntryPoint
0x1addd0
ObjectFileType
Unknown
File identification
MD5 01569314b78dd20c8a24b18a4348440a
SHA1 8cb08db8f8ec53529b94dbbc308e5efe3b2e782a
SHA256 9d45daeea4f6f4818ea339776b6b5e306350cdddad00e0fd8eacbb1d827ace4e
ssdeep
24576:fGBg5oyx2Tmi8XPPVAOF28SNrE464EvAanR3dOCz7:fagaI9i8faD8SdETvZRT
Размер файла
1.1 MБ ( 1205248 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit
| TrID |
UPX compressed Win32 Executable (42.3%) Win32 EXE Yoda's Crypter (36.7%) Win32 Dynamic Link Library (generic) (9.1%) Win32 Executable (generic) (6.2%) Generic Win/DOS Executable (2.7%) |
Tags
peexe
upx
VirusTotal metadata
First submission
2014-11-04 16:47:04 UTC (3 лет, 8 месяцев назад)
Last submission
2014-11-05 11:11:21 UTC (3 лет, 8 месяцев назад)
| Имена файлов |
WoT - The Tundra.exe |
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the
scanned file presents certain characteristics which depending on the
user policies and environment may or may not represent a threat. For
full details see:
https://www.clamav.net/documents/potentially-unwanted-applications-pua
.
Symantec reputation
Suspicious.Insight
Нет комментариев.
Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!
Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!
Нет голосов.
Ещё пока никто не проголосовал за результаты анализа. Станьте первым!
Condensed report! The following is a condensed report of the
behaviour of the file when executed in a controlled environment. The actions
and events described were either performed by the file itself or by any other
process launched by the executed file or subjected to code injection by the
executed file.
Opened files
Read files
Runtime DLLs
Additional details
The file uses the
IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file sends control codes directly to certain device drivers making use of the
DeviceIoControl
Windows API function.