| SHA256: | ef63f2244646a3bbad2a769e952ba4b9915aac7db4fd2abf5c7eee0788868034 |
| Имя файла: | Mine-Play-Launcher.exe |
| Показатель выявления: | 1 / 56 |
| Дата анализа: | 2016-11-21 14:18:29 UTC (8 месяцев назад) Показать последний анализ |
| Антивирус | Результат | Дата обновления |
|---|---|---|
| McAfee-GW-Edition | BehavesLike.Win32.Downloader.rc | 20161121 |
| Ad-Aware | 20161121 | |
| AegisLab | 20161121 | |
| AhnLab-V3 | 20161121 | |
| Alibaba | 20161121 | |
| ALYac | 20161121 | |
| Antiy-AVL | 20161121 | |
| Arcabit | 20161121 | |
| Avast | 20161121 | |
| AVG | 20161121 | |
| Avira (no cloud) | 20161121 | |
| AVware | 20161121 | |
| Baidu | 20161121 | |
| BitDefender | 20161121 | |
| Bkav | 20161121 | |
| CAT-QuickHeal | 20161121 | |
| ClamAV | 20161121 | |
| CMC | 20161121 | |
| Comodo | 20161121 | |
| CrowdStrike Falcon (ML) | 20161024 | |
| Cyren | 20161121 | |
| DrWeb | 20161121 | |
| Emsisoft | 20161121 | |
| ESET-NOD32 | 20161121 | |
| F-Prot | 20161121 | |
| F-Secure | 20161121 | |
| Fortinet | 20161121 | |
| GData | 20161121 | |
| Ikarus | 20161121 | |
| Sophos ML | 20161018 | |
| Jiangmin | 20161121 | |
| K7AntiVirus | 20161121 | |
| K7GW | 20161121 | |
| Kaspersky | 20161121 | |
| Kingsoft | 20161121 | |
| Malwarebytes | 20161121 | |
| McAfee | 20161121 | |
| Microsoft | 20161121 | |
| eScan | 20161121 | |
| NANO-Antivirus | 20161121 | |
| nProtect | 20161121 | |
| Panda | 20161120 | |
| Qihoo-360 | 20161121 | |
| Rising | 20161121 | |
| Sophos AV | 20161121 | |
| SUPERAntiSpyware | 20161121 | |
| Symantec | 20161121 | |
| Tencent | 20161121 | |
| TheHacker | 20161117 | |
| TrendMicro | 20161121 | |
| TrendMicro-HouseCall | 20161121 | |
| Trustlook | 20161121 | |
| VBA32 | 20161121 | |
| VIPRE | 20161121 | |
| ViRobot | 20161121 | |
| Yandex | 20161121 | |
| Zillya | 20161118 | |
| Zoner | 20161121 |
The file being studied is a Portable Executable file!
More specifically, it is a Win32 EXE
file
for the Windows GUI subsystem.
Packers identified
F-PROT appended, ZIP, embedded
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-21 12:28:54
Entry Point 0x00001290
Number of sections 6
PE sections
Overlays
MD5 76822d6c4c44dcc0adcac2901209d51f
File type application/zip
Offset 64000
Size 4257840
Entropy 8.00
PE imports
Number of PE resources by type
RT_RCDATA 12
RT_ICON 4
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL DEFAULT 17
PE resources
ExifTool file metadata
MIMEType
application/octet-stream
Subsystem
Windows GUI
MachineType
Intel 386 or later, and compatibles
FileTypeExtension
exe
TimeStamp
2016:11:21 13:28:54+01:00
FileType
Win32 EXE
PEType
PE32
CodeSize
24064
LinkerVersion
2.56
EntryPoint
0x1290
InitializedDataSize
38912
SubsystemVersion
4.0
ImageVersion
1.0
OSVersion
4.0
UninitializedDataSize
36352
File identification
MD5 72daa5edc2e3df6418f4941a8cb72d25
SHA1 5b558c8333fe0e4897446ea706927e84ff5d3ef2
SHA256 ef63f2244646a3bbad2a769e952ba4b9915aac7db4fd2abf5c7eee0788868034
ssdeep
98304:xAuAkRZpDoXeoXXRMRrjvpi/wVyERHQ0bWZtOmGTKrNPZ:xF7pyKR3k/oXRHQ05ED
Размер файла
4.1 MБ ( 4321840 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit
| TrID |
Win32 Executable MS Visual C++ (generic) (41.0%) Win64 Executable (generic) (36.3%) Win32 Dynamic Link Library (generic) (8.6%) Win32 Executable (generic) (5.9%) Win16/32 Executable Delphi generic (2.7%) |
Tags
peexe
overlay
VirusTotal metadata
First submission
2016-11-21 14:00:45 UTC (8 месяцев назад)
Last submission
2016-11-21 14:18:29 UTC (8 месяцев назад)
| Имена файлов |
Mine-Play-Launcher.exe Launcher.exe |
Нет комментариев.
Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!
Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!
Нет голосов.
Ещё пока никто не проголосовал за результаты анализа. Станьте первым!
Condensed report! The following is a condensed report of the
behaviour of the file when executed in a controlled environment. The actions
and events described were either performed by the file itself or by any other
process launched by the executed file or subjected to code injection by the
executed file.
Opened files
Read files
Created processes
Shell commands
Created mutexes
Opened mutexes
Searched windows
Runtime DLLs
Additional details
The file uses the
IsDebuggerPresent Windows API function in order to see whether it is being debugged.