× Çerezler devre dışı bırakılmış! Bu sitenin düzgün bir şekilde çalışabilmesi için çerezlerin açık olması gerekir.
SHA256: 57264b8ccbd4fb28191082928384fafd7fc6e4d4109b92a8ab5f6c9e771a3814
Dosya adı: Metin2Mod+Dmg_v1.3.0.exe
Tespit edilme orani 0 / 57
Analiz tarihi: 2015-01-25 18:25:54 UTC ( 3 yıl, 9 ay önce) En sonuncusunu görüntüle
Antivirus Sonuç Güncelle
Ad-Aware 20150125
AegisLab 20150125
Yandex 20150125
AhnLab-V3 20150125
Alibaba 20150120
ALYac 20150202
Antiy-AVL 20150125
Avast 20150125
AVG 20150125
Avira (no cloud) 20150125
AVware 20150202
Baidu-International 20150125
BitDefender 20150125
Bkav 20150124
ByteHero 20150125
CAT-QuickHeal 20150125
ClamAV 20150125
CMC 20150124
Comodo 20150125
Cyren 20150125
DrWeb 20150202
Emsisoft 20150125
ESET-NOD32 20150125
F-Prot 20150125
F-Secure 20150125
Fortinet 20150125
GData 20150125
Ikarus 20150125
Jiangmin 20150124
K7AntiVirus 20150202
K7GW 20150125
Kaspersky 20150125
Kingsoft 20150125
Malwarebytes 20150125
McAfee 20150125
McAfee-GW-Edition 20150125
Microsoft 20150202
eScan 20150125
NANO-Antivirus 20150125
Norman 20150123
nProtect 20150123
Panda 20150125
Qihoo-360 20150125
Rising 20150125
Sophos AV 20150125
SUPERAntiSpyware 20150125
Symantec 20150125
Tencent 20150202
TheHacker 20150123
TotalDefense 20150125
TrendMicro 20150202
TrendMicro-HouseCall 20150202
VBA32 20150202
VIPRE 20150202
ViRobot 20150125
Zillya 20150125
Zoner 20150123
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT appended, RAR, Enigma
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-08-27 16:40:54
Entry Point 0x0001D62B
Number of sections 4
PE sections
Overlays
MD5 d6ad9d12aeba9bc5d9a68538b701bfc9
File type data
Offset 211456
Size 13922200
Entropy 8.00
PE imports
RegCreateKeyExW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
InitCommonControlsEx
GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError
GetDeviceCaps
DeleteDC
SelectObject
StretchBlt
GetObjectW
CreateDIBSection
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
WaitForSingleObject
GetFileAttributesW
SystemTimeToTzSpecificLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
InitializeCriticalSection
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
SetLastError
GetSystemTime
DeviceIoControl
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
SetThreadPriority
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
GetFullPathNameW
CreateThread
SetEnvironmentVariableW
MoveFileExW
SetUnhandledExceptionFilter
TzSpecificLocalTimeToSystemTime
TerminateProcess
CreateSemaphoreW
WriteConsoleA
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
GetNumberFormatW
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoA
GetDateFormatW
SetEvent
DeleteFileW
GetProcAddress
CreateFileMappingW
CompareStringW
WriteFile
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
CreateDirectoryW
ResetEvent
FindFirstFileW
GetProcessAffinityMask
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
HeapCreate
GetConsoleCP
LCMapStringA
GetTimeFormatW
GetEnvironmentStringsW
IsDBCSLeadByte
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
ReleaseSemaphore
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetLongPathNameW
IsValidCodePage
UnmapViewOfFile
FindResourceW
VirtualFree
Sleep
VirtualAlloc
CreateHardLinkW
VariantInit
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
SHGetMalloc
SHAutoComplete
MapWindowPoints
SetFocus
GetParent
UpdateWindow
EndDialog
LoadBitmapW
SetWindowTextW
DefWindowProcW
GetWindowTextW
GetMessageW
ShowWindow
SetWindowPos
wvsprintfW
GetSystemMetrics
SetWindowLongW
IsWindow
SendMessageW
GetWindowRect
EnableWindow
DialogBoxParamW
SendDlgItemMessageW
GetDlgItemTextW
PostMessageW
GetSysColor
SetDlgItemTextW
GetDC
GetWindowLongW
ReleaseDC
DestroyIcon
TranslateMessage
IsWindowVisible
LoadStringW
GetClientRect
GetDlgItem
GetWindow
MessageBoxW
DispatchMessageW
PeekMessageW
GetClassNameW
CopyRect
WaitForInputIdle
OemToCharBuffA
LoadCursorW
LoadIconW
FindWindowExW
CreateWindowExW
RegisterClassExW
SetForegroundWindow
DestroyWindow
CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromString
OleInitialize
OleUninitialize
Number of PE resources by type
RT_STRING 9
RT_DIALOG 6
RT_ICON 4
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 22
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:08:27 17:40:54+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
165888

LinkerVersion
9.0

EntryPoint
0x1d62b

InitializedDataSize
176640

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 a91df240366fbfbc3a69d857c0b4cfcd
SHA1 87dfab73522176176de6ab7c2d25281ea3384c2b
SHA256 57264b8ccbd4fb28191082928384fafd7fc6e4d4109b92a8ab5f6c9e771a3814
ssdeep
196608:EbIvXngChPyo9OdrkSTrU+wS2J9dW86cjHpoTCCo/eiW+UEc+vaXX/+PeThnT:qIfn+oZSv36BHpjCo/DrUEc+4v5T5

authentihash 081d964a9c47d55b98c3de2a53aad70306fa1c7de61f69c74631c4953d1d9771
imphash ffca4b8182ebb8822b4187a5e1e23e14
Dosya boyutu 13.5 MB ( 14133656 bytes )
Dosya türü Win32 EXE
Magic lafzı
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-01-25 18:25:54 UTC ( 3 yıl, 9 ay önce)
Last submission 2015-02-22 08:38:57 UTC ( 3 yıl, 9 ay önce)
Dosya isimleri iBFj5DFsAn-wg4crQzKjJFGbmiN75i_IFEQSHPmHHUWHlad8YFvUaqU75fr2D-Vg8YGkjnyx4FoJbsKxnSsVXQ==
Metin2Mod Dmg_v1.3.0 (2).exe
Metin2Mod Dmg_v1.3.0.exe
Metin2Mod+Dmg_v1.3.0.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Yorum yok.. Henüz hiçbir VirusTotal Topluluğu üyesi bu öğeye yorum yapmadı.Bunu yapan ilk sen ol!

Yorum ekleyin...

?
Yorumu gönder.

Üye girişi yapmadınız..Sadece kayıtlı kullanıcılar yorum yapabilir.Sesinizi duyurmak için giriş yapın.

Oy yok.. Bu öğeyi daha önce hiç kimse oylamadı.Bunu yapan ilk sen ol!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.