home

a0009899.exe

TianLongBaBu

Beijing AmazGame Age Internet Technology Co., Ltd.

The application a0009899.exe by Beijing AmazGame Age Internet Technology Co. has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Changyou.com limited  (signed by Beijing AmazGame Age Internet Technology Co., Ltd.)

Product:
TianLongBaBu

Description:
《天龙八部2》

Version:
0, 85, 0, 0

MD5:
b6d6f761db6bd805e9f4a54c47fdbc37

SHA-1:
63e52ff1d33d1c8b645a6404037e150be31d1fc6

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 1:05:42 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.BeijingA
16.12.7.13

File size:
1.8 MB (1,869,944 bytes)

Product version:
0, 85, 0, 0

Copyright:
(C) 2008-2009 Changyou.com Limited.All Rights Reserved

Original file name:
Game.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (PRC)

Digital Signature
Signed by:
Beijing AmazGame Age Internet Technology Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
4/28/2009 7:00:00 AM

Valid to:
4/28/2012 6:59:59 AM

Subject:
CN="Beijing AmazGame Age Internet Technology Co., Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Beijing AmazGame Age Internet Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
131E7EB34A7DB63E08A235718EEF6849

File PE Metadata
Compilation timestamp:
12/22/2011 10:13:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

Entry address:
0x1000

Entry point:
68, 01, A0, 7A, 00, E8, 01, 00, 00, 00, C3, C3, 66, DA, 97, FB, D0, 7B, EE, 0C, 08, 31, 9F, 50, 8B, D3, 3A, D7, 21, 99, 6D, 77, CB, 92, 1E, F8, B4, EC, E7, A2, 6C, 91, 70, 2A, D1, D9, CD, 0F, D3, 2E, AD, A2, 54, 3D, 38, 5E, 54, 1C, AF, 0D, 9C, 34, 28, AB, BD, 91, B0, E9, 34, 27, 8B, 45, 23, B4, 61, 17, 7A, C6, 23, D1, 8C, 02, A2, CD, 17, 94, A6, 41, 40, F2, 57, BC, 36, D0, 40, 9A, 94, 26, 94, A5, 4C, 00, 0E, 05, 1E, 2F, F3, E1, 57, AC, 8B, 72, C7, B8, 52, 6C, F1, BE, CF, 20, A6, B5, 58, A1, C0, B1, CF, AB...
 
[+]

Entropy:
7.4274

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
2.4 MB (2,555,904 bytes)

Remove a0009899.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.