home

shippingpc-willowgame-securom_activation.exe

SecuROM Matroschka

Gearbox Software LLC

Publisher:
Gearbox Software LLC  (signed and verified)

Product:
SecuROM Matroschka

Description:
SecuROM Matroschka Unpacker

Version:
1.2.7

MD5:
0896e9808bc7fad3a86534fb23c9feb0

SHA-1:
3843d339dedf3f14f7f19385c2055616171a6823

SHA-256:
e20ce327ef81628afcca30ec92ed7318f1ee37ff8e5974fe2406e9b95fc53bf7

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/18/2024 3:09:10 PM UTC  (today)

File size:
5 MB (5,280,384 bytes)

Product version:
1.2.7

Copyright:
Copyright (C) 2008

Original file name:
Matroschka Unpacker

File type:
Executable application (Win32 EXE)

Language:
German (Austria)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\shippingpc-willowgame-securom_activation.exe

Digital Signature
Signed by:
Gearbox Software LLC

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
7/23/2009 5:00:00 PM

Valid to:
5/10/2011 4:59:59 PM

Subject:
CN=Gearbox Software LLC, OU=GAME DEVELOPMENT, O=Gearbox Software LLC, L=Plano, S=Texas, C=US

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
43F02210ABB8B30F1086A8F126377684

File PE Metadata
Compilation timestamp:
1/9/2009 7:23:55 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
98304:cCIcH6zDd1NjoLtl4vF9b6h3cXwjam3oHLSVk0etN:LHyzohl4vF63ywjuHLSVgN

Entry address:
0x6FA940

Entry point:
B8, 11, FF, FF, FF, 8B, 84, 04, EF, 00, 00, 00, A3, A8, C7, DB, 00, 89, 25, AC, C7, DB, 00, E8, 06, 00, 00, 00, 83, 2A, 79, AF, 00, 64, 81, 04, 24, 3F, 00, 00, 00, FF, 34, 24, 81, 2C, 24, 3E, 00, 00, 00, 87, 2C, 24, 55, 87, 6C, 24, 04, 87, 04, 24, 8B, 00, 83, E8, 44, C1, E2, 00, 87, 04, 24, F8, 83, DA, 00, C1, E2, 00, C7, 44, 24, 04, C2, 04, 00, 77, EB, FA, FC, A3, 68, C8, DB, 00, 83, 3D, 68, C8, DB, 00, 00, 9C, 9C, 83, EC, 1C, C7, 44, 24, 18, 91, DC, 4A, 72, C7, 44, 24, 14, 49, 00, 00, 00, 89, 74, 24, 10...
 
[+]

Entropy:
7.8868  (probably packed)

Code size:
7.4 MB (7,753,728 bytes)

Scan shippingpc-willowgame-securom_activation.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.