× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f11822a0576752e632faddf41fe33f33fc919217743a9e6325007eb6074d9a53
File name: bubblebomb.exe
Detection ratio: 1 / 54
Analysis date: 2016-03-04 11:59:46 UTC ( 2 years, 10 months ago )
Antivirus Result Update
CMC Trojan-PSW.Win32.Mirbaby!O 20160303
Ad-Aware 20160304
AegisLab 20160304
Yandex 20160303
AhnLab-V3 20160303
Alibaba 20160304
ALYac 20160304
Arcabit 20160304
Avast 20160304
AVG 20160304
Avira (no cloud) 20160304
AVware 20160304
Baidu-International 20160303
BitDefender 20160304
Bkav 20160303
ByteHero 20160304
CAT-QuickHeal 20160304
ClamAV 20160304
Comodo 20160304
Cyren 20160304
DrWeb 20160304
Emsisoft 20160229
ESET-NOD32 20160304
F-Prot 20160304
F-Secure 20160304
Fortinet 20160304
GData 20160304
Ikarus 20160304
Jiangmin 20160304
K7AntiVirus 20160304
K7GW 20160304
Kaspersky 20160304
Malwarebytes 20160304
McAfee 20160304
McAfee-GW-Edition 20160304
Microsoft 20160304
eScan 20160304
NANO-Antivirus 20160304
nProtect 20160304
Panda 20160303
Qihoo-360 20160304
Rising 20160304
Sophos AV 20160304
SUPERAntiSpyware 20160304
Symantec 20160303
Tencent 20160304
TheHacker 20160302
TrendMicro 20160304
TrendMicro-HouseCall 20160304
VBA32 20160303
VIPRE 20160304
ViRobot 20160304
Zillya 20160303
Zoner 20160304
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version
Description Ada Bubble Bomb Setup
Comments This installation was built with Inno Setup: http://www.innosetup.com
Packers identified
F-PROT INNO, appended, Aspack, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00009264
Number of sections 8
PE sections
Overlays
MD5 efc5abb3837843a711b876b7606751f9
File type data
Offset 50688
Size 2544162
Entropy 8.00
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
GetModuleFileNameA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
CloseHandle
GetFullPathNameA
LocalFree
CreateProcessA
InitializeCriticalSection
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
CharNextA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE NEUTRAL 6
DUTCH 4
ENGLISH US 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
This installation was built with Inno Setup: http://www.innosetup.com

LinkerVersion
2.25

ImageVersion
0.0

FileVersionNumber
0.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
14336

EntryPoint
0x9264

MIMEType
application/octet-stream

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
Ada Bubble Bomb Setup

OSVersion
1.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Ada Bubble Bomb

CodeSize
35328

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 71269642149519c1109692d25d176fae
SHA1 e4ba7b9dae476795e99cfbc022c02ba6ecb1e9a0
SHA256 f11822a0576752e632faddf41fe33f33fc919217743a9e6325007eb6074d9a53
ssdeep
49152:8EwMYShtF4uyK5bMj6H0WqJeSTutNhjHxPqfdAYnygUT/5:QMtFpt5bMZeS6FRPq1nygUT/5

authentihash bcd8de4ba1fe52c7249d1eb9a056cc708f2910fda278f4845eea3ccec7e2dff2
imphash 25890460a2b98652bed7ba240be2c1d7
File size 2.5 MB ( 2594850 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (82.8%)
Win32 Executable Delphi generic (10.7%)
Win32 Executable (generic) (3.4%)
Generic Win/DOS Executable (1.5%)
DOS Executable Generic (1.5%)
Tags
peexe aspack overlay

VirusTotal metadata
First submission 2008-11-03 10:23:43 UTC ( 10 years, 2 months ago )
Last submission 2016-03-04 11:59:46 UTC ( 2 years, 10 months ago )
File names bubblebomb.exe
1282248722-bubblebomb.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Runtime DLLs