× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d479594426e1bec7a2a628717e10dcc171d6a68bfbd8e323fcbe3a04a605ffdb
File name: 3d-pinball-6518.exe
Detection ratio: 0 / 67
Analysis date: 2018-10-11 03:19:45 UTC ( 6 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware 20181011
AegisLab 20181011
AhnLab-V3 20181011
Alibaba 20180921
ALYac 20181011
Antiy-AVL 20181011
Arcabit 20181011
Avast 20181011
Avast-Mobile 20181010
AVG 20181011
Avira (no cloud) 20181010
Babable 20180918
Baidu 20181010
BitDefender 20181011
Bkav 20181009
CAT-QuickHeal 20181010
ClamAV 20181010
CMC 20181010
Comodo 20181011
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20181011
Cyren 20181011
DrWeb 20181010
eGambit 20181011
Emsisoft 20181011
Endgame 20180730
ESET-NOD32 20181011
F-Prot 20181011
F-Secure 20181011
Fortinet 20181011
GData 20181011
Ikarus 20181010
Sophos ML 20180717
Jiangmin 20181009
K7AntiVirus 20181010
K7GW 20181010
Kaspersky 20181011
Kingsoft 20181011
Malwarebytes 20181011
MAX 20181011
McAfee 20181011
McAfee-GW-Edition 20181011
Microsoft 20181011
eScan 20181011
NANO-Antivirus 20181011
Palo Alto Networks (Known Signatures) 20181011
Panda 20181010
Qihoo-360 20181011
Rising 20181011
SentinelOne (Static ML) 20180926
Sophos AV 20181010
SUPERAntiSpyware 20181006
Symantec 20181010
Symantec Mobile Insight 20181001
TACHYON 20181010
Tencent 20181011
TheHacker 20181008
TotalDefense 20181010
TrendMicro 20181010
TrendMicro-HouseCall 20181010
Trustlook 20181011
VBA32 20181010
VIPRE 20181011
ViRobot 20181010
Webroot 20181011
Yandex 20181010
Zillya 20181010
ZoneAlarm by Check Point 20181011
Zoner 20181010
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT appended, ZIP
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-03-15 06:27:58
Entry Point 0x0000913F
Number of sections 5
PE sections
Overlays
MD5 1d154042ce02f09e967a95c7a963c370
File type application/zip
Offset 74240
Size 1325487
Entropy 8.00
PE imports
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
GetDeviceCaps
GetObjectA
DeleteDC
SelectObject
StretchBlt
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetLastError
HeapFree
GetStdHandle
DosDateTimeToFileTime
ReadFile
FileTimeToSystemTime
lstrlenA
GetModuleFileNameW
WaitForSingleObject
LoadLibraryA
FreeLibrary
FindFirstFileW
HeapAlloc
SystemTimeToFileTime
GetVersionExA
GetModuleFileNameA
IsDBCSLeadByte
GetCPInfo
GetDateFormatA
FileTimeToLocalFileTime
GetCurrentDirectoryA
CreateFileMappingA
GetLocaleInfoA
CreateDirectoryA
DeleteFileA
OpenFileMappingA
ExitProcess
MultiByteToWideChar
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
SetFileAttributesA
SetFilePointer
GetTempPathA
SetEndOfFile
lstrcmpiA
CloseHandle
WideCharToMultiByte
MapViewOfFile
GetModuleHandleA
FindNextFileW
GetFileAttributesA
WriteFile
FindFirstFileA
GetTimeFormatA
GetCommandLineA
FindNextFileA
HeapReAlloc
MoveFileExA
ExpandEnvironmentStringsA
SetEnvironmentVariableA
GetFullPathNameA
MoveFileA
GetFileAttributesW
GetNumberFormatA
UnmapViewOfFile
CreateFileW
GlobalAlloc
LocalFileTimeToFileTime
FindClose
Sleep
GetFileType
SetFileAttributesW
SetFileTime
CreateFileA
GetTickCount
FindResourceA
SetCurrentDirectoryA
SetLastError
CompareStringA
VariantInit
SHGetFileInfoA
ShellExecuteExA
SHChangeNotify
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHFileOperationA
SetFocus
MapWindowPoints
GetParent
UpdateWindow
EndDialog
CharUpperA
DefWindowProcA
ShowWindow
GetSystemMetrics
LoadBitmapA
SetWindowPos
SendDlgItemMessageA
CharLowerA
OemToCharBuffA
GetWindowRect
DispatchMessageA
EnableWindow
SetMenu
SetDlgItemTextA
PostMessageA
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
wvsprintfA
TranslateMessage
DialogBoxParamA
GetWindow
GetSysColor
GetDC
RegisterClassExA
ReleaseDC
SetWindowTextA
DestroyIcon
GetWindowLongA
IsWindowVisible
SendMessageA
GetWindowTextA
GetClientRect
GetDlgItem
IsWindow
LoadIconA
wsprintfA
FindWindowExA
CreateWindowExA
LoadCursorA
OemToCharA
CharToOemBuffA
LoadStringA
CopyRect
WaitForInputIdle
GetClassNameA
GetMessageA
DestroyWindow
CharToOemA
CreateStreamOnHGlobal
OleUninitialize
CoCreateInstance
OleInitialize
CLSIDFromString
Number of PE resources by type
RT_DIALOG 6
RT_STRING 5
RT_ICON 4
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 18
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2010:03:15 07:27:58+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
49152

LinkerVersion
9.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x913f

InitializedDataSize
129536

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
Compressed bundles
File identification
MD5 2670a7ecdab26460f5217ffe43ba4279
SHA1 aba3dcef1088fbc5d19d91d01da5b034f1b0f08d
SHA256 d479594426e1bec7a2a628717e10dcc171d6a68bfbd8e323fcbe3a04a605ffdb
ssdeep
24576:qtz3DAsFGebJwXx8+FA5lOnf9DBVkjyQft1EsW3rnkZKIdIRBhEsc1IR9wsIFK8G:6D6Xy+FASf90jtt1EsW3j+VEBcbO3Qa

authentihash 693f8c1be2857353f0791c34c423619b7c6a60ce0b02c72a1837f1d39ffe15cd
imphash 4088dfe1893fc3f918b97c40d5535da7
File size 1.3 MB ( 1399727 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID WinRAR Self Extracting archive (4.x-5.x) (91.4%)
Win32 Executable MS Visual C++ (generic) (3.4%)
Win64 Executable (generic) (3.0%)
Win32 Dynamic Link Library (generic) (0.7%)
Win32 Executable (generic) (0.5%)
Tags
peexe overlay software-collection

VirusTotal metadata
First submission 2010-10-02 15:42:21 UTC ( 8 years, 6 months ago )
Last submission 2019-04-17 05:11:01 UTC ( 4 days, 3 hours ago )
File names 3D_pinball--space-cadet.exe
vor5z3yqrd54lum5shib3jnqgty3b4en.exe
90179402.exe
aba3dcef1088fbc5d19d91d01da5b034f1b0f08d.exe
3d_pinball_for_windows_-_space_cadet-1.1.exe
Space cadet pinball.exe
file
file-2349127_swat
3d pinball space cadet.exe
303329098.exe
1165472.exe
3d_pinball_for_windows_-_space_cadet.exe
2670a7ecdab26460f5217ffe43ba4279.exe.bin
87160007.exe
3d_pinball_for_windows_space_cadet.exe
microsoft_3d_pinball.exe
3DP1NB4LL Hoax77.exe
unconfirmed 377237.crdownload
3d_pinball_for_windows_space_cadet.exe
3d_pinball_for_windows_space_cadet.exe
384150458.exe
225925515.exe
3d_pinball_for_windows_-_space_cadet.uuu
filename
3d_pinball_for_windows_-_space_cadet.pdf.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!