home

vao game tl xich bich.exe

TLBB Launch

Beijing AmazGame Age Internet Technology Co., Ltd.

The application vao game tl xich bich.exe by Beijing AmazGame Age Internet Technology Co. has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address 125.234.49.145.hcm.viettel.vn on port 443.
Publisher:
Changyou.com Limited  (signed by Beijing AmazGame Age Internet Technology Co., Ltd.)

Product:
TLBB Launch

Description:
Launch_1.0.3.18

Version:
1.0.3.18

MD5:
6a8ebf186b55e224842a282957a41c8e

SHA-1:
765ee839c3dccb4be4fdafff713892afc88b30d3

SHA-256:
d7de82065f1f655336a1705c22c9184640c0cbbe6c0090ee3c51a2850ce775c9

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
5/16/2024 5:11:09 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.BeijingA
17.1.16.13

File size:
6.1 MB (6,438,008 bytes)

Product version:
1.0.3.18

Copyright:
(C) 2008-2010 Changyou.com Limited. All Rights Reserved.

Original file name:
Launch.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, China)

Common path:
C:\users\{user}\downloads\tlbbxb_full_v2.93\vao game tl xich bich.exe

Digital Signature
Signed by:
Beijing AmazGame Age Internet Technology Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
4/28/2009 7:00:00 AM

Valid to:
4/28/2012 6:59:59 AM

Subject:
CN="Beijing AmazGame Age Internet Technology Co., Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Beijing AmazGame Age Internet Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
131E7EB34A7DB63E08A235718EEF6849

File PE Metadata
Compilation timestamp:
8/4/2011 10:00:19 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

Entry address:
0x835BD

Entry point:
4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 18, 01, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.0902

Code size:
524 KB (536,576 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-hkg3.fbcdn.net  (31.13.95.12:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-hkg3.facebook.com  (31.13.95.36:443)

TCP (HTTP SSL):
Connects to 125.234.49.145.hcm.viettel.vn  (125.234.49.145:443)

TCP (HTTP):
Connects to server-52-85-151-37.hkg51.r.cloudfront.net  (52.85.151.37:80)

Remove vao game tl xich bich.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.