× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 23d3d746109fc74ef6ce4d45a5e2dcff4833aff945bc3c1197a8e686534b8da9
Detection ratio: 1 / 38
Analysis date: 2008-02-12 23:46:39 UTC ( 6 years, 2 months ago ) View latest
Probably harmless! There are strong indicators suggesting that this file is safe to use.
Antivirus Result Update
eSafe Suspicious File -
AVG -
AhnLab-V3 -
AntiVir -
Authentium -
Avast -
BitDefender -
CAT-QuickHeal -
ClamAV -
DrWeb -
Ewido -
F-Prot -
F-Secure -
Fortinet -
GData -
Ikarus -
K7AntiVirus -
Kaspersky -
McAfee -
Microsoft -
NOD32 -
NOD32Beta -
Norman -
PCTools -
Panda -
PandaBeta -
Prevx1 -
Rising -
SecureWeb-Gateway -
Sophos -
Sunbelt -
Symantec -
TheHacker -
TrendMicro -
VBA32 -
ViRobot -
VirusBuster -
eTrust-Vet -
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT appended, RAR, UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Link date 11:22 PM 6/19/1992
Entry Point 0x00037BA0
Number of sections 3
PE sections
PE imports
LoadLibraryA
ExitProcess
GetProcAddress
RegCloseKey
InitCommonControls
BitBlt
CoInitialize
LoadTypeLib
ShellExecuteA
VerQueryValueA
Number of PE resources by type
RT_DIALOG 16
RT_STRING 7
RT_RCDATA 2
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 25
RUSSIAN 2
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
69632

LinkerVersion
2.25

FileAccessDate
2014:04:07 03:33:42+01:00

EntryPoint
0x37ba0

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
1.0

FileCreateDate
2014:04:07 03:33:42+01:00

UninitializedDataSize
155648

File identification
MD5 a22029933c841ccf2e1a948f1a41cfa9
SHA1 0a0addd15d967e41412dad106d83489e819a5b16
SHA256 23d3d746109fc74ef6ce4d45a5e2dcff4833aff945bc3c1197a8e686534b8da9
ssdeep
49152:wCrk8QvZpTTZsk7UQh6gnn7ZY0RMdzcODlHUI5FIdCATc7fLX/wWJhc5xo+OQ33Q:wsinTTOk5kCYfzcOxUIzIHGzXTljQ37E

imphash 47913b68f1b7d2f7585792df7a7249bc
File size 3.4 MB ( 3615229 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (41.1%)
Win32 EXE Yoda's Crypter (35.7%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Win16/32 Executable Delphi generic (2.7%)
Tags
peexe upx

VirusTotal metadata
First submission 2008-02-12 23:46:39 UTC ( 6 years, 2 months ago )
Last submission 2014-04-07 02:33:32 UTC ( 2 weeks, 2 days ago )
File names a22029933c841ccf2e1a948f1a41cfa9.0a0addd15d967e41412dad106d83489e819a5b16
bubblebobble.exe
output.10354451.txt
bubblebobble.exe
10354451
bubblebobble.exe
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!