home

8 ball pool hack tool_10924_i51438876_il345.exe

Runner Utility

LLC Arctic West

The executable 8 ball pool hack tool_10924_i51438876_il345.exe has been detected as malware by 1 anti-virus scanner.
Publisher:
Dummy, Ltd.  (signed by LLC Arctic West)

Product:
Runner Utility

Version:
1.0.0.151

MD5:
da753ee9ff268b3361b537a1f0b17caa

SHA-1:
3a3b74d72d6c63c0c539ead0a3fb5c3aa20ec040

SHA-256:
ca6be867101b195d811bf9db2071175c81295b0b6b141bc14c65486b1d075582

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/15/2024 4:55:05 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.3.10.14

File size:
1.8 MB (1,906,688 bytes)

Product version:
1.0.0.151

Copyright:
Copyright (C) 2013

Original file name:
runner.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\8 ball pool hack tool_10924_i51438876_il345.exe

Digital Signature
Signed by:
LLC Arctic West

Authority:
COMODO CA Limited

Valid from:
8/24/2015 7:00:00 PM

Valid to:
8/24/2016 6:59:59 PM

Subject:
CN=LLC Arctic West, O=LLC Arctic West, STREET=Lviv highway 1, L=Mikolaiv, S=Lvovskaja, PostalCode=81600, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
416057CF015B4832DC973BA203AAB312

File PE Metadata
Compilation timestamp:
8/28/2015 5:13:07 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x3C7C4C

Entry point:
68, 0C, 4C, 90, 88, E8, C7, F8, E4, FF, BE, C4, CE, 3D, 8D, AD, 6D, 5B, C2, 40, F5, 83, 36, C2, 7E, D2, CB, 25, C2, D9, 09, A0, A8, 3D, 84, F6, 8F, DC, 3D, F5, D9, F4, 54, C2, 54, 51, F4, 3E, C2, 22, 01, 0D, 3A, C2, 6A, 7E, D7, A0, 3D, 9B, A2, 07, F4, 3D, 3C, BB, 5B, C2, 29, 7C, D5, 39, C2, CC, 2F, DD, 3D, 47, 31, 6E, 30, 7A, B5, D0, 3D, 17, D8, 94, CC, 3D, B3, 87, 4D, 5B, C2, 72, D3, A3, 36, C2, A0, 2A, 4C, D5, 3D, 5F, CE, 3E, C3, 3D, 98, A8, 00, 1C, 25, 7B, 50, C2, 08, 60, B3, D0, 3D, 7A, 8C, A5, 3D, 11...
 
[+]

Entropy:
7.9783  (probably packed)

Code size:
1.8 MB (1,895,424 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.