home

WinAlch.exe

Alchemy

PopCap

Publisher:
PopCap

Product:
Alchemy

Description:
WinAlch

Version:
1, 5, 0, 0

MD5:
e71c302b64d25dbdfc84082198ad9307

SHA-1:
0b084a9e37dbb72741f8654dada3a8afe1ba471c

SHA-256:
50a15f57e97ce4bf0c02d354d4f970a37f4155637e9cc252e97e17653bc9e13f

Scanner detections:
2 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/25/2024 10:42:12 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Dropper.Gen
7.11.30.172

VIPRE Antivirus
LooksLike.Win32.Malware!A
8510

File size:
1.2 MB (1,224,193 bytes)

Product version:
1.5y

Copyright:
Copyright © 2001

Original file name:
WinAlch.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\popcap games\alchemy deluxe\winalch.exe

File PE Metadata
Compilation timestamp:
1/30/2003 4:49:30 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.0

CTPH (ssdeep):
24576:/NYt2QA1wkCaI44gPp52FhXRy5MPMp58oe0agb0tSsBbkgC:lYbhJWp52F3PI5Q0adSs9kgC

Entry address:
0x25D4E0

Entry point:
89, 25, 10, B6, 65, 00, 68, 0C, D5, 65, 00, EB, 02, F7, 05, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, EB, 03, 31, C9, A1, EB, 55, EB, 02, FF, 23, EB, 02, 8D, 37, 55, EB, 02, 69, B1, 89, E5, EB, 0A, 3B, EB, 02, EB, 05, E8, 82, EB, F8, 00, 8B, 45, 08, EB, 02, 23, 04, 8B, 00, EB, 02, C7, 05, 3D, 03, 00, 00, 80, EB, 02, 83, EF, 75, 04, 31, C0, EB, 18, 3D, 04, 00, 00, 80, EB, 02, F7, 05, 75, 08, 31, C0, EB, 02, F7, 05, EB, 05, B8, 01, 00, 00, 00, 5D, EB, 02, 80, E7, C3, 55, EB, 01, E8, 89, E5, EB...
 
[+]

Entropy:
7.9732  (probably packed)

Code size:
1004 KB (1,028,096 bytes)

Windows Firewall Allowed Program
Name:
C:\Program Files\PopCap Games\Alchemy Deluxe\WinAlch.exe


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to 195.34.13.149.zylom.net  (149.13.34.195:80)

Scan WinAlch.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.