× Çerezler devre dışı bırakılmış! Bu sitenin düzgün bir şekilde çalışabilmesi için çerezlerin açık olması gerekir.
SHA256: ba5a7b0d4dde45b9da78c6f33b575390684b9ce052831405afda39e00acc4e87
Dosya adı: Metin2 TR Mod Hilesi.exe
Tespit edilme orani 0 / 42
Analiz tarihi: 2013-06-06 18:31:04 UTC ( 5 yıl, 11 ay önce) En sonuncusunu görüntüle
Antivirus Sonuç Güncelle
Yandex 20130606
AhnLab-V3 20130606
AntiVir 20130606
Antiy-AVL 20130606
Avast 20130606
AVG 20130606
BitDefender 20130606
ByteHero 20130606
CAT-QuickHeal 20130606
ClamAV 20130606
Commtouch 20130606
Comodo 20130606
DrWeb 20130606
Emsisoft 20130606
eSafe 20130606
ESET-NOD32 20130606
F-Prot 20130605
F-Secure 20130606
Fortinet 20130606
GData 20130606
Ikarus 20130606
Jiangmin 20130606
K7AntiVirus 20130606
K7GW 20130606
Kaspersky 20130606
Kingsoft 20130506
Malwarebytes 20130606
McAfee 20130606
McAfee-GW-Edition 20130606
Microsoft 20130606
eScan 20130606
NANO-Antivirus 20130606
Norman 20130606
nProtect 20130606
Panda 20130606
PCTools 20130521
Rising 20130606
Sophos AV 20130606
SUPERAntiSpyware 20130606
Symantec 20130606
TheHacker 20130605
TotalDefense 20130605
TrendMicro 20130606
TrendMicro-HouseCall 20130606
VBA32 20130606
VIPRE 20130606
ViRobot 20130606
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
FileVersionInfo properties
Product Metin2 TR Mod Hilesi Kurulum Sihirbazý
Version 2, 0, 0, 43
File version 2, 0, 0, 43
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-12-08 07:35:06
Entry Point 0x0001BCF2
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
LookupPrivilegeValueA
RegOpenKeyA
RegCloseKey
OpenProcessToken
RegSetValueExA
RegQueryValueA
RegQueryValueExA
AdjustTokenPrivileges
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegCreateKeyA
RegEnumKeyExA
AddFontResourceA
GetSystemPaletteEntries
CreateHalftonePalette
CreateFontIndirectA
SetStretchBltMode
GetDeviceCaps
DeleteDC
SetBkMode
CreateDIBPatternBrush
BitBlt
RealizePalette
SetTextColor
CreatePalette
GetStockObject
SelectPalette
ExtTextOutA
CreateCompatibleDC
StretchDIBits
SetBrushOrgEx
RemoveFontResourceA
SelectObject
CreateSolidBrush
SetBkColor
DeleteObject
CreateCompatibleBitmap
GetStdHandle
FileTimeToSystemTime
GetFileAttributesA
GetDriveTypeA
HeapDestroy
GetLocalTime
FreeEnvironmentStringsA
GetCurrentProcess
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
SetFileAttributesA
GetTempPathA
WideCharToMultiByte
GetStringTypeA
WriteFile
GetDiskFreeSpaceA
GetStringTypeW
GetFullPathNameA
GetOEMCP
MoveFileA
GetExitCodeProcess
GetEnvironmentVariableA
FindClose
FormatMessageA
CopyFileA
HeapAlloc
GetModuleFileNameA
LoadLibraryExA
GetPrivateProfileStringA
UnhandledExceptionFilter
MultiByteToWideChar
GetModuleHandleA
SetUnhandledExceptionFilter
GetSystemDirectoryA
MoveFileExA
SetEnvironmentVariableA
TerminateProcess
GlobalAlloc
GetVersion
SetCurrentDirectoryA
HeapFree
SetHandleCount
FreeLibrary
GetTickCount
IsBadWritePtr
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetCPInfo
GetProcAddress
CompareStringW
FindFirstFileA
CompareStringA
FindNextFileA
GlobalLock
GetTimeZoneInformation
GetFileType
CreateFileA
ExitProcess
GetLastError
LCMapStringW
lstrlenA
GlobalFree
LCMapStringA
HeapReAlloc
GetEnvironmentStringsW
GlobalUnlock
RemoveDirectoryA
GetShortPathNameA
HeapCompact
FileTimeToLocalFileTime
GetEnvironmentStrings
WritePrivateProfileStringA
SetFileTime
GetCurrentDirectoryA
WinExec
GetCommandLineA
SetFilePointer
OpenFile
ReadFile
CloseHandle
GetACP
CreateProcessA
HeapCreate
VirtualFree
Sleep
IsBadReadPtr
IsBadCodePtr
FindResourceA
VirtualAlloc
DragFinish
DragAcceptFiles
SHGetSpecialFolderLocation
SHBrowseForFolderA
DragQueryFileA
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
SetFocus
RedrawWindow
RegisterClassA
GetParent
UpdateWindow
EndDialog
BeginPaint
CheckRadioButton
KillTimer
PostQuitMessage
DefWindowProcA
FindWindowA
GetClipboardData
SendDlgItemMessageA
GetSystemMetrics
GetWindowRect
DispatchMessageA
EndPaint
SetDlgItemTextA
PostMessageA
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowPos
AdjustWindowRectEx
TranslateMessage
DialogBoxParamA
GetWindow
GetSysColor
CheckDlgButton
SetWindowLongA
DrawTextA
SetWindowTextA
wsprintfA
ShowWindow
GetLastActivePopup
IsWindowVisible
SendMessageA
IsWindowEnabled
GetClientRect
CreateWindowExA
GetDlgItem
CreateDialogParamA
BringWindowToTop
IsIconic
ScreenToClient
SendMessageTimeoutA
InvalidateRect
GetWindowLongA
IsClipboardFormatAvailable
SetTimer
LoadCursorA
LoadIconA
GetMessageA
FillRect
IsDlgButtonChecked
ValidateRect
CallWindowProcA
GetClassNameA
GetFocus
EnableWindow
CloseClipboard
DestroyWindow
ExitWindowsEx
IsDialogMessageA
OpenClipboard
GetFileVersionInfoSizeA
VerFindFileA
GetFileVersionInfoA
VerQueryValueA
GetOpenFileNameA
OleUninitialize
CoCreateInstance
CoGetMalloc
OleInitialize
Number of PE resources by type
RT_ICON 10
RT_DIALOG 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 17
PE resources
File identification
MD5 10a84b76a6714a7f9de0a7ac7f6bd36b
SHA1 28fa6ba40c7a0e7fc679e33978d16c9bb5386f77
SHA256 ba5a7b0d4dde45b9da78c6f33b575390684b9ce052831405afda39e00acc4e87
ssdeep
196608:Zt7oJtuRrHoP3kfXXY4LVnSeACGHRTr52mPTsu:ZNo8rIfkfnY41SeKxFPPgu

Dosya boyutu 6.9 MB ( 7222900 bytes )
Dosya türü Win32 EXE
Magic lafzı
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (48.1%)
Win32 Executable MS Visual C++ (generic) (34.9%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Generic Win/DOS Executable (2.2%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-06-06 18:23:18 UTC ( 5 yıl, 11 ay önce)
Last submission 2013-07-24 21:22:35 UTC ( 5 yıl, 10 ay önce)
Dosya isimleri file-5562819_exe
Metin2 TR Mod Hilesi.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Yorum yok.. Henüz hiçbir VirusTotal Topluluğu üyesi bu öğeye yorum yapmadı.Bunu yapan ilk sen ol!

Yorum ekleyin...

?
Yorumu gönder.

Üye girişi yapmadınız..Sadece kayıtlı kullanıcılar yorum yapabilir.Sesinizi duyurmak için giriş yapın.

Oy yok.. Bu öğeyi daha önce hiç kimse oylamadı.Bunu yapan ilk sen ol!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Set keys
Searched windows
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.