× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: cf26b2c9452353b56130a1515ff656b33df7bc2ba6474dcaed4596ff07b89091
Имя файла: ForMetin2.exe
Показатель выявления: 0 / 50
Дата анализа: 2014-05-14 16:42:23 UTC (4 лет, 9 месяцев назад)
Антивирус Результат Дата обновления
Ad-Aware 20140514
AegisLab 20140514
Yandex 20140514
AhnLab-V3 20140514
AntiVir 20140514
Antiy-AVL 20140514
Avast 20140514
AVG 20140514
Baidu-International 20140514
BitDefender 20140514
Bkav 20140514
ByteHero 20140514
CAT-QuickHeal 20140514
ClamAV 20140514
CMC 20140512
Commtouch 20140514
Comodo 20140514
DrWeb 20140514
Emsisoft 20140514
ESET-NOD32 20140514
F-Prot 20140514
F-Secure 20140514
Fortinet 20140514
GData 20140514
Ikarus 20140514
Jiangmin 20140514
K7AntiVirus 20140513
K7GW 20140514
Kaspersky 20140514
Kingsoft 20140514
Malwarebytes 20140514
McAfee 20140514
McAfee-GW-Edition 20140514
Microsoft 20140514
eScan 20140514
NANO-Antivirus 20140514
Norman 20140514
nProtect 20140514
Panda 20140514
Qihoo-360 20140514
Rising 20140507
Sophos AV 20140514
SUPERAntiSpyware 20140514
Symantec 20140514
Tencent 20140513
TheHacker 20140513
TotalDefense 20140514
TrendMicro 20140514
TrendMicro-HouseCall 20140514
VBA32 20140514
VIPRE 20140514
ViRobot 20140514
Zillya 20140512
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
lalaker1 Development

Publisher ForMetin2
Product ForMetin2 Bot
Original name ForMetin2.exe
Internal name ForMetin2
File version 1.0.0.3
Description ForMetin2 Bot by lalaker1
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-14 16:25:59
Entry Point 0x003C6680
Number of sections 3
PE sections
PE imports
RegCloseKey
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
IsEqualGUID
VariantInit
ShellExecuteA
VerQueryValueW
InternetOpenA
Ord(203)
Number of PE resources by type
RT_STRING 25
RT_GROUP_CURSOR 8
RT_CURSOR 8
RT_ICON 4
RT_RCDATA 4
VCLSTYLE 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 28
ENGLISH US 26
PE resources
ExifTool file metadata
LegalTrademarks
lalaker1 Development

FileDescription
ForMetin2 Bot by lalaker1

InitializedDataSize
40960

ImageVersion
0.0

ProductName
ForMetin2 Bot

FileVersionNumber
1.0.0.3

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

LinkerVersion
5.0

OriginalFilename
ForMetin2.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.3

TimeStamp
2014:05:14 17:25:59+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ForMetin2

SubsystemVersion
5.0

FileAccessDate
2014:05:14 17:42:32+01:00

ProductVersion
1.0.0.3

UninitializedDataSize
2793472

OSVersion
4.0

FileCreateDate
2014:05:14 17:42:32+01:00

FileOS
Win32

LegalCopyright
lalaker1 Development

MachineType
Intel 386 or later, and compatibles

CompanyName
ForMetin2

CodeSize
1163264

FileSubtype
0

ProductVersionNumber
1.0.0.3

EntryPoint
0x3c6680

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 fc6fcaf0f479eb2bb7fefc77ef05c0ad
SHA1 a1d69d926f3bf2375f177716e66609dfada31a64
SHA256 cf26b2c9452353b56130a1515ff656b33df7bc2ba6474dcaed4596ff07b89091
ssdeep
24576:TJqPd1ZbP214AgFd+nJ0tBOWUvbviLuP4RnZnai8WCxcH:oVvbOsuoDUvbvjP4BB8WCs

imphash a5e6d51b761946e8287f1c78b0bc52bf
Размер файла 1.1 MБ ( 1200640 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.7%)
Generic Win/DOS Executable (23.4%)
DOS Executable Generic (23.3%)
VXD Driver (0.3%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe upx

VirusTotal metadata
First submission 2014-05-14 16:42:23 UTC (4 лет, 9 месяцев назад)
Last submission 2014-05-14 16:42:23 UTC (4 лет, 9 месяцев назад)
Имена файлов ForMetin2.exe
ForMetin2
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.