home

bombbuddies.exe

Balanced Worlds (Beijing) Software Co., Ltd.

Publisher:
Balanced Worlds (Beijing) Software Co., Ltd.  (signed and verified)

MD5:
9690676276d361b14d9643cd36aee7a0

SHA-1:
6dce4636d23f2c6f6c8f9677eeb30eb8ff85ee47

SHA-256:
dbb83edddfe6f9e2ddd75dee39a02a1b606ce5efcfe4fe1cdc41dddc6c0496ee

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 10:25:09 PM UTC  (today)

File size:
2.8 MB (2,972,928 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\bombbuddies.exe

Digital Signature
Signed by:
Balanced Worlds (Beijing) Software Co., Ltd.

Authority:
DigiCert Inc

Valid from:
4/5/2012 10:00:00 AM

Valid to:
4/10/2013 10:00:00 PM

Subject:
CN="Balanced Worlds (Beijing) Software Co., Ltd.", O="Balanced Worlds (Beijing) Software Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
07A581482809A37EBF5DBB652DF621E4

File PE Metadata
Compilation timestamp:
6/20/2012 6:15:23 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:oCnZ+4hTPORj/VFNw7DrFuHyO/kRq5olri1rJB667JNYcQDTjEflTw:oCnEI2jV4rFuVcT1oPj7JNQjEflTw

Entry address:
0x60EC3

Entry point:
E9, 88, C6, 04, 00, E9, 73, 02, 03, 00, E9, 3E, 1F, 01, 00, E9, 59, DD, 02, 00, E9, E4, D0, 05, 00, E9, FF, 54, 02, 00, E9, 6A, 59, 01, 00, E9, 45, 90, 06, 00, E9, D0, 4F, 06, 00, E9, AB, B8, 04, 00, E9, 26, F9, 00, 00, E9, 61, 83, 0B, 00, E9, CC, F2, 08, 00, E9, 57, 85, 08, 00, E9, 42, 00, 08, 00, E9, 1D, 39, 06, 00, E9, 18, 67, 04, 00, E9, 53, 58, 05, 00, E9, 2E, 50, 03, 00, E9, 79, 83, 08, 00, E9, 9C, 32, 04, 00, E9, BF, CE, 03, 00, E9, 14, 32, 04, 00, E9, 35, 0F, 04, 00, E9, E0, 95, 04, 00, E9, 7B, 8E...
 
[+]

Entropy:
7.4835

Developed / compiled with:
Microsoft Visual C++ 8.0 (Debug)

Code size:
782.5 KB (801,280 bytes)

The file bombbuddies.exe has been seen being distributed by the following 3 URLs.

https://dw.uptodown.com/dwn/LYUAZxEISmRPkyGCdE2EEJ9JAPigFWByVMqKJClgs3lF1xVyC1g3YXBbc-xwH0CDXLghQ9YdR6TTcxQ5lU3h6Ebhg2FQh6_nvVSmlT4AIqxr-cPbLojvyc2a_k103_0e/WY7SoO1Iq2HYljGgufJLmsIgxX2Igo7DCH70IVtyUrIQEjYWgKKw3bhFvEKwARRyIo1Q_OTgahxLlSqVWTbmqaJHW2gEr45zA91O6O0oaL3wUMFPHYEHJrrUJdPlRPSs/aNMKkkOyqHN2Az_TjfA_a-5IE9IP2HfNSV_lt8lh9ZAcVU4vJ61mrqWICfALY66MmIE7bAgtE9GALLPeVd54c-Gvz9IYZjwup5Hl59sPIm6JJzJYnyYLDf8J-Rq4EBxc/.../

https://dw.uptodown.com/dwn/shoz8v-gsLvsQnoLXbZHfDT8lYAL-O3qPkz_IP9Y5K7yUVQVvvDWsg1vmKP4-3zvRMqC4ri6eiB33TJke5YrVMbp0_aNJtzDysU3VreE93u3xAf9kDPW3jRhV23RiCKi/6mlQThakZq1FrUSO0l1rSxmRefVayhbq549dAABCiyF1jQIBt0GAfO-XJN27E_rpsfHxhrww6ebNlFuJase6U-TjTkbQ5nONGGF7ir1vsUj8KKmZ2xtFXJu1fY-c_nDX/E_FjEEipzrhL14lOrTlC77bnEdEOtn27eQTkWBnD1W4Ok6VDaZvuJ2UhBFaxD0T77NTxG3_2Eapeg6yXO-1iXnloO8j9O9zYtYcSRE4_aPEyXbG_0ELe3p2Gn-qdI7KO/.../

http://d2pk4hely5h9na.cloudfront.net/Downloads/InstallerExe/000035/.../BombBuddies.exe

Scan bombbuddies.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.