home

_start.exe

Application _geolgps

Eversim

Publisher:
Eversim  (signed and verified)

Product:
Application _geolgps

Description:
Application _geolgps

Version:
4, 30, 0, 0

MD5:
82c96c246ea6b791e9f0e16315273671

SHA-1:
5811d660a9fddfe2d32041cb8ea487b3f5ced422

SHA-256:
f096243f562db2a6684599a53139ffcba7837202b644190a1c3e062d221ec0b5

Scanner detections:
5 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/16/2024 5:51:41 AM UTC  (today)

Scan engine
Detection
Engine version

McAfee
Artemis!82C96C246EA6
5600.6101

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48
23.00.65.17306

Total Defense
Win32/Unknown
37.0.11439

Trend Micro House Call
Suspicious_GEN.F47V0123
7.2.67

Trend Micro
Possible_Virus
10.465.08

File size:
4 MB (4,239,608 bytes)

Product version:
1, 0, 0, 1

Copyright:
Eversim Copyright (C) 2008

Original file name:
_geolgps.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\steam\steamapps\common\rulers of nations\_start.exe

Digital Signature
Signed by:
Eversim

Authority:
COMODO CA Limited

Valid from:
2/6/2013 4:00:00 AM

Valid to:
2/7/2015 3:59:59 AM

Subject:
CN=Eversim, O=Eversim, STREET=13 Place des Libertés Publiques, STREET=Immeuble le Mandinet II - Bat B, L=Lognes, S=Seine et Marne, PostalCode=77185, C=FR

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00EB979B2F13B48AE0530AEDCAA0A5B5C2

File PE Metadata
Compilation timestamp:
7/25/2014 1:15:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

Entry address:
0x2AC0E000

Entry point:
EB, 05, BC, 18, DA, 48, 11, 50, EB, 02, 6B, 9B, E8, 1B, 00, 00, 00, EB, 05, EF, C8, 14, 0A, F5, EB, 05, F0, 64, 99, 86, E3, 33, C0, EB, 04, 49, DD, B2, 2E, 71, 5C, EB, 01, 49, EB, 03, 79, 8F, 81, B8, 05, 48, E5, F6, EB, 01, B6, EB, 03, FB, 0A, F0, 05, FB, B7, 1A, 09, EB, 03, 64, 59, 42, 75, 3B, EB, 02, E9, 74, 64, FF, 30, EB, 01, D8, 64, 89, 20, EB, 04, 1E, 90, BC, A9, EB, 01, 28, 8B, 10, EB, 02, F6, 1E, 64, 8F, 00, EB, 03, EF, E7, 64, 83, C4, 04, EB, 02, AD, 41, 58, EB, 05, FE, 76, C1, 5B, 5C, C3, EB, 05...
 
[+]

Code size:
8.6 MB (9,056,256 bytes)

Windows Firewall Allowed Program
Name:
rulers of nations


Scan _start.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.