× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6e62e219e38c90562a59851b72f2929000b599a6ddd0f2482c7b1acda0a8ce9d
File name: bead2d46d08ff080ac4a6d0908922230
Detection ratio: 16 / 41
Analysis date: 2009-12-13 20:47:36 UTC ( 8 years, 6 months ago ) View latest
Antivirus Result Update
a-squared AdWare.Hoba!IK 20091213
AntiVir ADSPY/Hoba.A 20091211
Authentium W32/HotBar.F.gen!Eldorado 20091202
Comodo UnclassifiedMalware 20091213
eSafe Win32.ADSPYHoba.A 20091213
F-Prot W32/HotBar.F.gen!Eldorado 20091213
Fortinet Adware/PlatriumSA 20091213
Ikarus AdWare.Hoba 20091213
McAfee potentially unwanted program Adware-WinAd 20091213
McAfee+Artemis potentially unwanted program Artemis!BEAD2D46D08F 20091213
McAfee-GW-Edition Ad-Spyware.Hoba.A 20091213
NOD32 Win32/Adware.180Solutions 20091213
Panda Trj/CI.A 20091213
Prevx Low Risk Adware 20091213
Sophos AV Mal/Generic-A 20091213
VirusBuster Adware.Hoba.H 20091213
AhnLab-V3 20091212
Antiy-AVL 20091211
Avast 20091213
AVG 20091213
BitDefender 20091213
CAT-QuickHeal 20091212
ClamAV 20091213
DrWeb 20091213
eTrust-Vet 20091211
F-Secure 20091213
GData 20091213
Jiangmin 20091213
K7AntiVirus 20091211
Kaspersky 20091213
Microsoft 20091213
Norman 20091212
nProtect 20091213
PCTools 20091213
Rising 20091213
Sunbelt 20091213
Symantec 20091213
TheHacker 20091212
TrendMicro 20091213
VBA32 20091213
ViRobot 20091212
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (c) 2006 - 2009. Pinball Corporation. All rights reserved.

Publisher Pinball Corporation
Product Setup
Original name Setup.exe
Internal name Setup.exe
File version 64.0.42.0
Description Hotbar Installer
Signing date 9:47 PM 12/2/2009
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-12-02 20:37:36
Entry Point 0x000932E0
Number of sections 3
PE sections
PE imports
RegCloseKey
PatBlt
VirtualProtect
LoadLibraryA
ExitProcess
GetProcAddress
ShellExecuteA
PathCombineA
VerQueryValueA
CoCreateGuid
Number of PE resources by type
JPEG 10
RT_ICON 4
BINARY 2
RT_DIALOG 1
TYPELIB 1
RT_MANIFEST 1
RT_STRING 1
REGISTRY 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 15
ENGLISH CAN 8
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
64.0.42.0

UninitializedDataSize
286720

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
12288

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
Copyright 2006 - 2009. Pinball Corporation. All rights reserved.

FileVersion
64.0.42.0

TimeStamp
2009:12:02 21:37:36+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Setup.exe

ProductVersion
64.0.42.0

FileDescription
Hotbar Installer

OSVersion
5.0

OriginalFilename
Setup.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Pinball Corporation

CodeSize
315392

ProductName
Setup

ProductVersionNumber
64.0.42.0

EntryPoint
0x932e0

ObjectFileType
Executable application

File identification
MD5 bead2d46d08ff080ac4a6d0908922230
SHA1 0697fe4257419efc39921c9da71c8339cde3f463
SHA256 6e62e219e38c90562a59851b72f2929000b599a6ddd0f2482c7b1acda0a8ce9d
ssdeep
6144:fGZymBJoe8/BND1WMTPP8wfkbWwhIh5I7bUR0UF1dgyHBLU27xV3FpKLYFOx:f6ymIftPPVfShI/cb9kgydU0xV3FpKMs

File size 321.3 KB ( 328984 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit, UPX compressed

TrID UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
Tags
peexe signed upx

VirusTotal metadata
First submission 2009-12-05 21:38:01 UTC ( 8 years, 6 months ago )
Last submission 2011-07-15 09:47:28 UTC ( 6 years, 11 months ago )
File names 492DC5B3188E58BD053105BCCBEA17009EB7597C.exe
aa
SZweD3Q0s.gz
efUdHo9.chm
ZFwWoVg_rt.xlt
A0040757.exe
BEAD2D46D08FF080AC4A6D0908922230
Setup.exe
vlcsetup.exe
vlcsetup.exe.7
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!