» _start.exe
Overview
Analysis
File Details
Behaviors (1)

_start.exe

_geolib

Eversim

File name:

_start.exe

Publisher:

Eversim (signed and verified)

Product:

_geolib

Description:

_geolib

Version:

1, 0, 0, 1

MD5:

9e0c5a32577309d51bf28ce1c6ce6ed8

SHA-1:

11d63d4f13482a230fee0ce6cd11a10bab033e49

SHA-256:

313120688e6c0d615eb0138a01b44a6d63ec83907d945154dd2fa018da05883b

Scanner detections:

3 / 68

Status:

Clean (3 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

11/16/2024 7:33:32 AM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Win32.Trojan.WisdomEyes.16070401.9500

4.0.3.17215

Rising Antivirus

Malware.Generic!iaatJxU0atO@1 (thunder)

23.00.65.17213

Total Defense

Win32/Unknown

37.1.62.1

File size:

6.4 MB (6,694,312 bytes)

Product version:

6, 30, 0, 0

Original file name:

_geolib.rc

File type:

Executable application (Win32 EXE)

Language:

French (France)

Common path:

C:\Program Files\steam\steamapps\common\power & revolution\_start.exe

Digital Signature

Signed by:

Eversim

Authority:

COMODO CA Limited

Valid from:

2/3/2017 12:00:00 AM

Valid to:

2/3/2020 11:59:59 PM

Subject:

CN=Eversim, O=Eversim, STREET=13 Place des Libertés Publiques, STREET=Immeuble Le Mandinet II - Bat B, L=Lognes, S=Ile de France, PostalCode=77185, C=FR

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00F60BFE5F024303FD69D033FD5651E9F9

File PE Metadata

Compilation timestamp:

2/14/2017 12:17:27 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

Entry address:

0x4D27A000

Entry point:

EB, 04, E8, BF, 31, 16, 50, EB, 05, 81, D9, E9, 9A, 82, E8, 14, 00, 00, 00, EB, 03, 0D, 92, E6, EB, 03, C5, 99, 16, 33, C0, 7B, 8F, 71, 59, EB, 02, D3, 81, EB, 05, 22, 0D, 67, C5, 8A, B8, 07, 48, 17, F7, EB, 02, C8, 64, EB, 01, A8, 05, F9, B7, E8, 08, EB, 05, 10, 9D, D7, 5F, 85, 75, 34, EB, 01, BD, 64, FF, 30, EB, 02, 6B, F7, 64, 89, 20, EB, 05, 18, A2, 06, 38, 98, EB, 02, 86, 81, 8B, 10, EB, 01, E3, 64, 8F, 00, EB, 02, 84, A2, 83, C4, 04, EB, 01, DC, 58, EB, 02, C8, DB, C3, EB, 02, 0F, 20, EB, 03, 23, 88... 
[+]

Entropy:

7.9999 (probably packed)

Code size:

13.2 MB (13,820,416 bytes)

Windows Firewall Allowed Program

Name:

power & revolution

Scan _start.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.