home

amber_pyramids_solitaire.exe

Media Contact LLC

The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from c.gametop.com.
Publisher:
Media Contact LLC

Description:
Amber Pyramids Solitaire Setup

MD5:
0fac9876e443f56f2bce7bbd99c4e142

SHA-1:
cec76555069d523ec737cc494dd28ccb92dd1206

SHA-256:
b7eee899763159675863d17d18bac4c713ce8e863ee5a00ad1c580043a1e7ca8

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/5/2024 10:21:57 PM UTC  (today)

File size:
5.5 MB (5,776,250 bytes)

Copyright:
Copyright (C) Media Contact LLC

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
English (United States)

Common path:
C:\users\{user}\downloads\amber_pyramids_solitaire.exe

File PE Metadata
Compilation timestamp:
6/20/1992 3:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:wamxgeWU8a2Z/32vv+pWIwHUQXXB8ZLw/bZrISF/bkO9Nvd7fv:sgxUGZ/3y+oIwHUQXXB8ZLGb1ISFY6dD

Entry address:
0x98BC

Entry point:
60, 0F, C8, 8B, CF, 0F, A5, F1, 45, 0F, BF, E8, 0F, AF, CF, 38, D8, 0F, A4, C0, AB, F3, 81, C3, 6D, FA, 1E, 20, 38, F8, B0, D7, 32, D5, E8, 30, 00, 00, 00, D1, EB, 0F, C8, FE, C0, 0F, A4, DA, 78, C7, C7, DD, 8D, 98, 50, 69, C5, 36, 7A, 70, 19, 69, C5, D2, CE, 5A, 32, 87, C9, C0, EA, 86, BE, 9F, 22, 00, 00, F3, 0F, BC, FA, 81, EE, DB, 0E, 00, 00, 84, C3, 8D, 35, C7, 0D, 80, 80, 49, 0F, C1, F1, 0F, BD, D0, 3B, EF, 70, 09, 80, DC, D0, F7, C5, FA, 8C, C7, F6, 81, EB, E9, 36, 00, 00, 81, F7, 63, 36, 4A, 35, 0F...
 
[+]

Entropy:
7.9992  (probably packed)

Code size:
36 KB (36,864 bytes)

The file amber_pyramids_solitaire.exe has been seen being distributed by the following URL.

http://c.gametop.com/.../Amber_Pyramids_Solitaire.exe

Scan amber_pyramids_solitaire.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.