The install.exe (Vintage Story 1.20.0.013 by OverF1X) File Analysis

Updated 8 months ago

Checked by Malware Check

install.exe

Technical Analysis

File Name	install.exe
File Type	Win32 EXE
Magic Bytes	`PE32 executable (GUI) Intel 80386, for MS Windows`
SSDEEP Hash	98304:LiSa+SG4KJCstnMNgaFDfSpzeli9J88EIJIy4qkYhj:L0+oKLG2WDKpzA+Ibe
Scanner Version	1.0.198.174
Database Version	2024-12-02 17:00:42 UTC

⚠

Suspicious File Detected

Detected by 11 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.

15%

Detection Rate

4,121,014

File Size (bytes)

11/72

Engines Detected

2024-12-02

Analysis Date

Scan Another File

File Identification

Hash Type	Value	Action
MD5	0f89ff4149671bb11b9fe8ce404de532
SHA1	49a4449f278a4ae2adabbbbe47cb8fb39156b00c
SHA256	882f8948a854e521d7db1930f7ce08338f3dd9b160e75e298d8a693484e76302
SHA512	bd6b2cf32774bc120ec706ca3e25990b6bdfa40dbed552b7b2a83587168ea1f5167372f00bf0346971d6f5819af2f3590bbac477cbfe5ef8e6fadd1eb47ca6d6
ImpHash	483f0c4259a9148c34961abbda6146c1

Security Engines with Detections (11 of 72)

AVG

Win32:Adware-gen [Adw] Malicious

McAfee

Artemis!0F89FF414967 Malicious

Sangfor

Trojan.Win32.Agent.Vrmw Malicious

Paloalto

generic.ml Malicious

Avast

Win32:Adware-gen [Adw] Malicious

Ikarus

PUA.INNO.RePack Malicious

Antiy-AVL

Trojan/Win32.Agent Malicious

Google

Detected Malicious

Rising

[email protected] (RDML:5U+W2/i/uXeQ1LM8FH2TBw) Malicious

Fortinet

PossibleThreat.DU Malicious

DeepInstinct

MALICIOUS Malicious

61 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

▼

Icon	Hash: e35e9313a893eaee5a0d28dddced38e9 Fuzzy: f2c180ae0efe6ec484881d29909d3adf dHash: e0d9ccd4b092a84d
Image Base	`0x00400000`
Entry Point	`0x00416478`
Compilation Time	2012-07-26 13:09:48
Checksum	0x00000000 (Actual: 0x003faaa5)
OS Version	5.0
PEiD Signatures	`PE32 executable (GUI) Intel 80386, for MS Windows`
Digital Signature	No valid SignedData structure was found.
Imports	5 libraries oleaut32, advapi32, user32, kernel32, comctl32
Exports	0 functions
Resources	16 Resources
Sections	8 Sections

Version Information

▼

Comments	This installation was built with Inno Setup.
CompanyName	OverF1X
FileDescription	Vintage Story 1.20.0.013 by OverF1X
FileVersion	4.5.2
LegalCopyright	© OverF1X
ProductName	Vintage Story
ProductVersion	1.20.0.013
Translation	0x0000 0x04b0

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`.text`	`0x00001000`	82,936 bytes	82,944 bytes	6.48 (Normal)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`345DB2B6911ADDC85B53F32245F969A0`
`.itext`	`0x00016000`	3,048 bytes	3,072 bytes	6.02 (Normal)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`2E74D968CAEDEB2D71B9505530D43907`
`.data`	`0x00017000`	3,484 bytes	3,584 bytes	2.67 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`D5B22EFF9E08EDAA95F493C1A71158C0`
`.bss`	`0x00018000`	22,352 bytes	0 bytes	0.00 (Normal)	`IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`D41D8CD98F00B204E9800998ECF8427E`
`.idata`	`0x0001e000`	3,998 bytes	4,096 bytes	4.97 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`B47EACA4C149EE829DE76A342B5560D5`
`.tls`	`0x0001f000`	8 bytes	0 bytes	0.00 (Normal)	`IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`D41D8CD98F00B204E9800998ECF8427E`
`.rdata`	`0x00020000`	24 bytes	512 bytes	0.19 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`3746F5876803F8F30DB5BB2DEB8772AE`
`.rsrc`	`0x00021000`	129,664 bytes	130,048 bytes	4.54 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`258363B5931DC90898452E7E0E2D253E`

Resource Analysis

▼

Total Resources: 16 (128,660 bytes)

Resource Type	Count	Total Size	Percentage
RT_ICON	3	88,824 bytes	69%
RT_STRING	6	3,200 bytes	2.5%
RT_RCDATA	4	34,004 bytes	26.4%
RT_GROUP_ICON	1	48 bytes	0%
RT_VERSION	1	1,208 bytes	0.9%
RT_MANIFEST	1	1,376 bytes	1.1%

Certificate Chain Analysis

▼

Certificate Information

Product	Vintage Story
Description	Vintage Story 1.20.0.013 by OverF1X
File Version	4.5.2
Copyright	© OverF1X

✓ This file has been digitally signed and the certificate chain has been verified

The signature ensures file integrity and authenticity from the publisher
Timestamping proves when the signature was applied

Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
Email Security: Be cautious with email attachments and links, even from known contacts.

Proactive Protection

11 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for

5 4 3 2 1