× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9b58511c93734ebea00b730b504fbff500354bcf5d76c75ce42d166e0fd49188
File name: befcbdec7acba0b0c3856e545dc2b624
Detection ratio: 55 / 68
Analysis date: 2018-04-09 16:30:04 UTC ( 5 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Adware.Hotbar.1 20180409
AhnLab-V3 Adware/Win32.ScreenSaver.R21674 20180409
ALYac Gen:Variant.Adware.Hotbar.1 20180409
Antiy-AVL RiskWare[WebToolbar]/Win32.Zango 20180409
Arcabit Trojan.Adware.Hotbar.1 20180409
Avast Win32:HotBar-CJ [PUP] 20180409
AVG Win32:HotBar-CJ [PUP] 20180409
Avira (no cloud) ADSPY/AdSpy.Gen2 20180409
AVware Pinball Corporation. (v) 20180409
Baidu Win32.Trojan.HotBar.a 20180409
BitDefender Gen:Variant.Adware.Hotbar.1 20180409
Bkav W32.HfsAdware.AAAA 20180407
CAT-QuickHeal PUA.Pinballcor.Gen 20180409
ClamAV Win.Adware.Adinstall-1 20180409
CMC Generic.Win32.befcbdec7a!CMCRadar 20180408
Comodo ApplicUnwnt.Win32.AdWare.HotBar.DE 20180409
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20170201
Cybereason malicious.c7acba 20180225
Cylance Unsafe 20180409
Cyren W32/HotBar.L.gen!Eldorado 20180409
DrWeb Adware.Hotbar.700 20180409
Emsisoft Gen:Variant.Adware.Hotbar.1 (B) 20180409
Endgame malicious (moderate confidence) 20180403
ESET-NOD32 a variant of Win32/Adware.HotBar.H 20180409
F-Prot W32/HotBar.L.gen!Eldorado 20180409
F-Secure Adware:W32/Hotbar 20180409
GData Gen:Variant.Adware.Hotbar.1 20180409
Ikarus Trojan.SuspectCRC 20180409
Sophos ML heuristic 20180121
Jiangmin Trojan/JmGeneric.it 20180409
K7AntiVirus Adware ( 004ae5101 ) 20180409
K7GW Adware ( 004ae5101 ) 20180409
Kaspersky not-a-virus:AdWare.Win32.ScreenSaver.i 20180409
MAX malware (ai score=100) 20180409
McAfee Adware-HotBar.f 20180409
McAfee-GW-Edition Adware-HotBar.f 20180408
Microsoft PUA:Win32/HotBarToolbar 20180409
eScan Gen:Variant.Adware.Hotbar.1 20180409
NANO-Antivirus Riskware.Win32.bqt.dvtokf 20180409
Qihoo-360 Malware.Radar01.Gen 20180409
Rising Adware.HotBar!1.6AAD (CLASSIC) 20180409
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Hotbar (PUA) 20180409
SUPERAntiSpyware Adware.Zango 20180409
Symantec Trojan.ADH.2 20180409
Tencent Win32.Risk.Adspy.Plku 20180409
TotalDefense Win32/Zango.Pinball[HOTBAR] 20180409
TrendMicro HeurSpy_Zango-3 20180409
TrendMicro-HouseCall HeurSpy_Zango-3 20180409
VBA32 SScope.Injector.xg 20180409
VIPRE Pinball Corporation. (v) 20180409
Webroot Pua.Hotbar.Gen 20180409
Yandex Adware.Rugo.Gen.5 20180408
Zillya Adware.180SolutionsCRT.Win32.300 20180409
ZoneAlarm by Check Point not-a-virus:AdWare.Win32.ScreenSaver.i 20180409
AegisLab 20180409
Alibaba 20180409
Avast-Mobile 20180409
eGambit 20180409
Fortinet 20180409
Kingsoft 20180409
Malwarebytes 20180409
nProtect 20180409
Palo Alto Networks (Known Signatures) 20180409
Panda 20180409
Symantec Mobile Insight 20180406
TheHacker 20180404
Trustlook 20180409
ViRobot 20180409
WhiteArmor 20180408
Zoner 20180409
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher Pinball Corporation.
File version 2.0.324.0
Description Installer
Signature verification Certificate out of its validity period
Signers
[+] Pinball Corporation.
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 4/1/2011
Valid to 12:59 AM 5/20/2013
Valid usage Code Signing
Algorithm SHA1
Thumbprint 420D56334AEFACA2729883BAC0EEDF33536539EF
Serial number 22 E4 9C 51 DC D7 1B 05 71 3A AF 78 65 82 D1 35
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer None
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer None
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm SHA1
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Packers identified
Command UPX
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-06-23 15:23:49
Entry Point 0x00073180
Number of sections 3
PE sections
Overlays
MD5 d4b39c98aea47284834d296e91d21c43
File type data
Offset 210432
Size 3768
Entropy 7.20
PE imports
RegCloseKey
PatBlt
GetAdaptersInfo
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
VariantClear
UrlEscapeA
VerQueryValueA
WSACleanup
CoCreateGuid
Number of PE resources by type
JPEG 5
RT_ICON 4
RT_DIALOG 1
NFLA 1
RT_MANIFEST 1
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 14
NEUTRAL 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
2.0.324.0

UninitializedDataSize
266240

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
8192

EntryPoint
0x73180

MIMEType
application/octet-stream

FileVersion
2.0.324.0

TimeStamp
2011:06:23 16:23:49+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
2.0.324.0

FileDescription
Installer

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
204800

FileSubtype
0

ProductVersionNumber
2.0.324.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 befcbdec7acba0b0c3856e545dc2b624
SHA1 dd696d2b93676f3cc88d1fd17f073ae2d8f2b017
SHA256 9b58511c93734ebea00b730b504fbff500354bcf5d76c75ce42d166e0fd49188
ssdeep
6144:/XmwBEoo2usAlSziTvLYlWIoFrGe7fl+wS092ZF:OwBM3lSzGv0EFGeMj0927

authentihash e300a5b2ff8167046feac6e913756d592f220854e2ed196f9e0d2139984ce48b
imphash 08ebbffbaa075d6b110925b21c2a2cfb
File size 209.2 KB ( 214200 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (38.2%)
Win32 EXE Yoda's Crypter (37.5%)
Win32 Dynamic Link Library (generic) (9.2%)
Win32 Executable (generic) (6.3%)
OS/2 Executable (generic) (2.8%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2011-07-05 14:11:05 UTC ( 7 years, 2 months ago )
Last submission 2014-06-05 01:28:31 UTC ( 4 years, 3 months ago )
File names file-2474736_swat
K
oC20HFO.gif
befcbdec7acba0b0c3856e545dc2b624
befcbdec7acba0b0c3856e545dc2b624.exe
VLCSetup.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!