» elfbowln.exe
Overview
Analysis
File Details
Programs (2)
Downloads (11)

elfbowln.exe

NVision Design, Inc.

File name:

elfbowln.exe

Publisher:

NVision Design, Inc.

Description:

Elf Bowling Game

Version:

1.0.0.0

MD5:

05d297880443c5d194beb8bf758a18f8

SHA-1:

12f6a4fe447fe86f81f6f5b9dee38ce56a724ce7

SHA-256:

dceb5b89544b20744091f55c8ec49d2baaf59bf530ce50a4c2a14d12b069de0c

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

4/25/2024 2:57:21 AM UTC (today)

Scan engine

Detection

Engine version

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.24.3

File size:

1.1 MB (1,130,496 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Language:

English (United States)

File PE Metadata

Compilation timestamp:

11/12/1999 9:43:44 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:ZDV31MQch46c867Bo3HTwYX8oZl+S2wxsklA:ZDBci6cEXTwgtZlV33C

Entry address:

0x1000

Entry point:

A1, 94, 52, 45, 00, C1, E0, 02, A3, 98, 52, 45, 00, 57, 51, 33, C0, BF, A4, 01, 46, 00, B9, 78, 59, 46, 00, 3B, CF, 76, 05, 2B, CF, FC, F3, AA, 59, 5F, 52, 6A, 00, E8, 90, 2F, 05, 00, 8B, D0, E8, C3, 7F, 04, 00, 5A, 6A, 00, E8, 3B, 90, 04, 00, 59, 68, 5C, 52, 45, 00, 6A, 00, E8, 74, 2F, 05, 00, A3, 9C, 52, 45, 00, 6A, 00, E9, B2, E5, 04, 00, E9, 91, 90, 04, 00, 33, C0, A0, 89, 52, 45, 00, C3, A1, 9C, 52, 45, 00, C3, CC, B9, B8, 00, 00, 00, 0B, C9, 74, 3C, 83, 3D, 94, 52, 45, 00, 00, 73, 0A, B8, E2, 00, 00... 
[+]

Entropy:

7.4622

Code size:

336 KB (344,064 bytes)

The file elfbowln.exe has been discovered within the following programs.

Eudora by QUALCOMM Incorporated

Eudora is an email client that supports the POP3, IMAP and SMTP protocols. The original version is no longer in developement, there is an open-source version available.

www.eudora.com

About 1% of users remove it

PfP Arcade Pack #1 (PfP) by Preserved for Posterity

About 7% of users remove it

The file elfbowln.exe has been seen being distributed by the following 11 URLs.

http://download2154.mediafire.com/0w7bfc9xwfig/.../Elf Bowling.exe

https://doc-00-ak-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/t2amdn99bk5ha807686jc83bkrijcv6s/1457308800000/05809986452258998829/.../0B6UrBLyOm_Xmd3MxWlMxM0kxNFk?e=download

http://download2154.mediafire.com/n4fy9icyupkg/.../Elf Bowling.exe

http://download1519.mediafire.com/hddg377jafeg/.../Elf Bowling.exe

http://phonpang/Intranet/Games_Flash/.../????????.EXE

http://download1224.mediafire.com/dh899edvao3g/.../Elf Bowling.exe

https://drive.google.com/uc?export=download&id=0B6UrBLyOm_Xmd3MxWlMxM0kxNFk

https://doc-00-ak-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/p2290iihe5e4jiee4133l6ksp2lmpcs2/1452916800000/05809986452258998829/.../0B6UrBLyOm_Xmd3MxWlMxM0kxNFk?e=download

https://doc-00-ak-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/6immvumfsstovchd1on0ugsm4rflldg4/1459123200000/05809986452258998829/.../0B6UrBLyOm_Xmd3MxWlMxM0kxNFk?e=download

https://doc-00-ak-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/jc8sm7ukaps8vkl50s1114vkk4ena537/1452729600000/05809986452258998829/.../0B6UrBLyOm_Xmd3MxWlMxM0kxNFk?e=download

http://www.justlaugh.com/downloads/games/.../elfbowl.exe

Scan elfbowln.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.