home

airmechcanary.exe

Carbon Games Inc.

The executable airmechcanary.exe has been detected as malware by 8 anti-virus scanners. The file has been seen being downloaded from www.carbongames.com.
Publisher:
Carbon Games Inc.  (signed and verified)

MD5:
79f765fe254de97aff404f3cf5dae6f5

SHA-1:
65a28cd0e7990ad5be5d5979352322275f9d327c

SHA-256:
f5c6e09cc96fb2b527d1e02c9b56123f561de38c44a24d65640107bc3297cf84

Scanner detections:
8 / 68

Status:
Malware

Analysis date:
11/24/2024 6:43:18 PM UTC  (today)

Scan engine
Detection
Engine version

Comodo Security
UnclassifiedMalware
19218

ESET NOD32
probably unknown NewHeur_PE
8.10267

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.7.5.0

K7 AntiVirus
Trojan
13.183.13054

McAfee
Artemis!79F765FE254D
5600.7031

Norman
Downloader
11.20140821

Sophos
Mal/Generic-S
4.98

VIPRE Antivirus
Trojan.Win32.Generic
32292

File size:
238.4 KB (244,072 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\airmechcanary.exe

Digital Signature
Signed by:
Carbon Games Inc.

Authority:
Starfield Technologies, Inc.

Valid from:
3/18/2013 7:47:08 PM

Valid to:
3/18/2014 2:37:33 PM

Subject:
CN=Carbon Games Inc., O=Carbon Games Inc., L=Bellevue, S=WA, C=US

Issuer:
SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
07C12214E6AB34

File PE Metadata
Compilation timestamp:
2/12/2014 6:03:06 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:I41QsgETTky9gkgj8Dnx4dzDij7uAq+vU:vgETTjrgj8DYivnRU

Entry address:
0x3F48

Entry point:
E8, C2, 3F, 00, 00, E9, 95, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, A3, 08, 83, 41, 00, 5D, C3, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A1, 34, 72, 41, 00, 33, C5, 89, 45, FC, 53, 8B, 5D, 08, 57, 83, FB, FF, 74, 07, 53, E8, 24, 40, 00, 00, 59, 83, A5, E0, FC, FF, FF, 00, 6A, 4C, 8D, 85, E4, FC, FF, FF, 6A, 00, 50, E8, 92, 0C, 00, 00, 8D, 85, E0, FC, FF, FF, 89, 85, D8, FC, FF, FF, 8D, 85, 30, FD, FF, FF, 83, C4, 0C, 89, 85, DC, FC, FF, FF, 89, 85, E0, FD, FF, FF, 89, 8D, DC, FD, FF, FF, 89, 95, D8...
 
[+]

Entropy:
5.8212

Code size:
66.5 KB (68,096 bytes)

The file airmechcanary.exe has been seen being distributed by the following URL.

https://www.carbongames.com/AirMechCanary.exe

Remove airmechcanary.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.