× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d479594426e1bec7a2a628717e10dcc171d6a68bfbd8e323fcbe3a04a605ffdb
File name: 3d-pinball-6518-jetelecharge.exe
Detection ratio: 0 / 56
Analysis date: 2017-01-19 03:28:36 UTC ( 9 months ago ) View latest
Antivirus Result Update
Ad-Aware 20170119
AegisLab 20170119
AhnLab-V3 20170118
Alibaba 20170119
ALYac 20170119
Antiy-AVL 20170119
Arcabit 20170119
Avast 20170119
AVG 20170119
Avira (no cloud) 20170118
AVware 20170119
Baidu 20170118
BitDefender 20170119
CAT-QuickHeal 20170118
ClamAV 20170118
CMC 20170118
Comodo 20170118
CrowdStrike Falcon (ML) 20161024
Cyren 20170119
DrWeb 20170119
Emsisoft 20170119
ESET-NOD32 20170119
F-Prot 20170119
F-Secure 20170119
Fortinet 20170119
GData 20170119
Ikarus 20170118
Sophos ML 20170111
Jiangmin 20170119
K7AntiVirus 20170118
K7GW 20170119
Kaspersky 20170119
Kingsoft 20170119
Malwarebytes 20170118
McAfee 20170119
McAfee-GW-Edition 20170118
Microsoft 20170119
eScan 20170119
NANO-Antivirus 20170119
nProtect 20170119
Panda 20170118
Qihoo-360 20170119
Rising 20170119
Sophos AV 20170119
SUPERAntiSpyware 20170119
Symantec 20170118
Tencent 20170119
TheHacker 20170117
TotalDefense 20170118
TrendMicro 20170119
Trustlook 20170119
VBA32 20170118
VIPRE 20170119
ViRobot 20170119
WhiteArmor 20170117
Yandex 20170118
Zillya 20170117
Zoner 20170118
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT appended, ZIP
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-03-15 06:27:58
Entry Point 0x0000913F
Number of sections 5
PE sections
Overlays
MD5 1d154042ce02f09e967a95c7a963c370
File type application/zip
Offset 74240
Size 1325487
Entropy 8.00
PE imports
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
GetDeviceCaps
GetObjectA
DeleteDC
SelectObject
StretchBlt
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetLastError
HeapFree
GetStdHandle
DosDateTimeToFileTime
ReadFile
FileTimeToSystemTime
lstrlenA
GetModuleFileNameW
WaitForSingleObject
LoadLibraryA
FreeLibrary
FindFirstFileW
HeapAlloc
SystemTimeToFileTime
GetVersionExA
GetModuleFileNameA
IsDBCSLeadByte
GetCPInfo
GetDateFormatA
FileTimeToLocalFileTime
GetCurrentDirectoryA
CreateFileMappingA
GetLocaleInfoA
CreateDirectoryA
DeleteFileA
OpenFileMappingA
ExitProcess
MultiByteToWideChar
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
SetFileAttributesA
SetFilePointer
GetTempPathA
SetEndOfFile
lstrcmpiA
CloseHandle
WideCharToMultiByte
MapViewOfFile
GetModuleHandleA
FindNextFileW
GetFileAttributesA
WriteFile
FindFirstFileA
GetTimeFormatA
GetCommandLineA
FindNextFileA
HeapReAlloc
MoveFileExA
ExpandEnvironmentStringsA
SetEnvironmentVariableA
GetFullPathNameA
MoveFileA
GetFileAttributesW
GetNumberFormatA
UnmapViewOfFile
CreateFileW
GlobalAlloc
LocalFileTimeToFileTime
FindClose
Sleep
GetFileType
SetFileAttributesW
SetFileTime
CreateFileA
GetTickCount
FindResourceA
SetCurrentDirectoryA
SetLastError
CompareStringA
VariantInit
SHGetFileInfoA
ShellExecuteExA
SHChangeNotify
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHFileOperationA
SetFocus
MapWindowPoints
GetParent
UpdateWindow
EndDialog
CharUpperA
DefWindowProcA
ShowWindow
GetSystemMetrics
LoadBitmapA
SetWindowPos
SendDlgItemMessageA
CharLowerA
OemToCharBuffA
GetWindowRect
DispatchMessageA
EnableWindow
SetMenu
SetDlgItemTextA
PostMessageA
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
wvsprintfA
TranslateMessage
DialogBoxParamA
GetWindow
GetSysColor
GetDC
RegisterClassExA
ReleaseDC
SetWindowTextA
DestroyIcon
GetWindowLongA
IsWindowVisible
SendMessageA
GetWindowTextA
GetClientRect
GetDlgItem
IsWindow
LoadIconA
wsprintfA
FindWindowExA
CreateWindowExA
LoadCursorA
OemToCharA
CharToOemBuffA
LoadStringA
CopyRect
WaitForInputIdle
GetClassNameA
GetMessageA
DestroyWindow
CharToOemA
CreateStreamOnHGlobal
OleUninitialize
CoCreateInstance
OleInitialize
CLSIDFromString
Number of PE resources by type
RT_DIALOG 6
RT_STRING 5
RT_ICON 4
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 18
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2010:03:15 07:27:58+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
49152

LinkerVersion
9.0

EntryPoint
0x913f

InitializedDataSize
129536

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
Compressed bundles
File identification
MD5 2670a7ecdab26460f5217ffe43ba4279
SHA1 aba3dcef1088fbc5d19d91d01da5b034f1b0f08d
SHA256 d479594426e1bec7a2a628717e10dcc171d6a68bfbd8e323fcbe3a04a605ffdb
ssdeep
24576:qtz3DAsFGebJwXx8+FA5lOnf9DBVkjyQft1EsW3rnkZKIdIRBhEsc1IR9wsIFK8G:6D6Xy+FASf90jtt1EsW3j+VEBcbO3Qa

authentihash 693f8c1be2857353f0791c34c423619b7c6a60ce0b02c72a1837f1d39ffe15cd
imphash 4088dfe1893fc3f918b97c40d5535da7
File size 1.3 MB ( 1399727 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe software-collection overlay

VirusTotal metadata
First submission 2010-10-02 15:42:21 UTC ( 7 years ago )
Last submission 2017-10-15 20:38:06 UTC ( 4 days, 16 hours ago )
File names 3D_pinball--space-cadet.exe
vor5z3yqrd54lum5shib3jnqgty3b4en.exe
90179402.exe
aba3dcef1088fbc5d19d91d01da5b034f1b0f08d.exe
3d_pinball_for_windows_-_space_cadet-1.1.exe
Space cadet pinball.exe
file
file-2349127_swat
3d pinball space cadet.exe
303329098.exe
1165472.exe
3d_pinball_for_windows_-_space_cadet.exe
2670a7ecdab26460f5217ffe43ba4279.exe.bin
87160007.exe
3d_pinball_for_windows_space_cadet.exe
microsoft_3d_pinball.exe
3DP1NB4LL Hoax77.exe
unconfirmed 377237.crdownload
3d_pinball_for_windows_space_cadet.exe
3d_pinball_for_windows_space_cadet.exe
384150458.exe
225925515.exe
3d_pinball_for_windows_-_space_cadet.uuu
filename
3d_pinball_for_windows_-_space_cadet.pdf.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!