» bouncing_balls.exe
Overview
Analysis
File Details
Programs (10)
Downloads (13)
Network (1)

bouncing_balls.exe

Tibaco internet media B.V.

The application bouncing_balls.exe by Tibaco internet media B.V has been detected as a potentially unwanted program by 6 anti-malware scanners. Additionally, the file is typically installed by a number of programs including FunnyGames - Mahjong 1 by FunnyGames and FunnyGames - Shanghai Dynasty by FunnyGames. The file has been seen being downloaded from webgameplayer.tibaco.net and multiple other hosts. While running, it connects to the Internet address 63.01.acb8.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.

File name:

bouncing_balls.exe

Publisher:

Tibaco internet media B.V. (signed and verified)

MD5:

6c4fdc0f3961ae21af2485dbd4813827

SHA-1:

cda83671244b0d98f5153ff73b6f9789ce705059

SHA-256:

70e81bf2cb6b1650e7d2e39f78737d193576312b6840a71e71c913bfb83d1267

Scanner detections:

6 / 68

Status:

Potentially unwanted

Analysis date:

1/6/2025 11:01:02 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Bkav FE

W32.Clodfe6.Trojan

1.3.0.6185

Dr.Web

Adware.GameVance.130

9.0.1.078

herdProtect (fuzzy)

variant of little_pony_big_war.exe (PUP)

2015.6.24.21

Malwarebytes

PUP.Optional.Tibaco

v2015.04.09.11

Reason Heuristics

PUP.GameVance

15.4.11.23

Trend Micro House Call

HV_ZYX_CA0838A1.TOMC

7.2.78

File size:

213.1 KB (218,168 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\bouncing_balls.exe

Digital Signature

Signed by:

Tibaco internet media B.V.

Authority:

Thawte, Inc.

Valid from:

10/11/2011 5:00:00 PM

Valid to:

11/10/2012 3:59:59 PM

Subject:

CN=Tibaco internet media B.V., O=Tibaco internet media B.V., L=Eindhoven, S=Noord-Brabant, C=NL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

4424B13DB47435EE567C0BD7B189D979

File PE Metadata

Compilation timestamp:

3/6/2012 12:49:51 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.21

CTPH (ssdeep):

6144:2LL+7nszWx1bRtYFCT2SGrsYITje+K/2O/q52F2fouEP3hNy46bi2:hnsSx1NtYFCT2SGrsYITje+K+O/q5029

Entry address:

0x12B0

Entry point:

55, 89, E5, 83, EC, 18, C7, 04, 24, 02, 00, 00, 00, FF, 15, 74, 95, 42, 00, E8, 38, FD, FF, FF, 90, 8D, B4, 26, 00, 00, 00, 00, 55, 89, E5, 83, EC, 08, A1, A4, 95, 42, 00, C9, FF, E0, 66, 90, 55, 89, E5, 83, EC, 08, A1, 8C, 95, 42, 00, C9, FF, E0, 90, 90, 55, 89, E5, 83, EC, 08, C6, 05, 5F, 40, 42, 00, 01, 83, 3D, 60, 40, 42, 00, 00, 74, 10, A1, 60, 40, 42, 00, 89, 04, 24, E8, 5D, 4D, 01, 00, 83, EC, 04, 83, 3D, 64, 40, 42, 00, 00, 74, 10, A1, 64, 40, 42, 00, 89, 04, 24, E8, 44, 4D, 01, 00, 83, EC, 04, 83... 
[+]

Entropy:

7.0027

Code size:

115 KB (117,760 bytes)

The file bouncing_balls.exe has been discovered within the following programs.

FunnyGames - Angry Birds 1 by FunnyGames

This is a casual video game for the PC distributed through the FunnyGames portal at funnygames.us from Tibaco International.

www.funnygames.biz

About 5% of users remove it

FunnyGames - Bouncing Balls by FunnyGames

About 3% of users remove it

FunnyGames - Butterfly Kyodai by FunnyGames

www.funnygames.fr

About 9% of users remove it

FunnyGames - Crescent Solitaire by FunnyGames

Crescent Solitaire is a casual video game for the PC distributed through the FunnyGames portal at funnygames.us from Tibaco International.

About 8% of users remove it

FunnyGames - Doyu 8 Ball by FunnyGames

About 4% of users remove it

FunnyGames - Flipflash by FunnyGames

About 5% of users remove it

FunnyGames - Happy Wheels by FunnyGames

Happy Wheels is a casual video game for the PC distributed through the FunnyGames portal at funnygames.us from Tibaco International.

www.funnygames.us

About 2% of users remove it

FunnyGames - Mah Jong Connect by FunnyGames

About 6% of users remove it

FunnyGames - Mahjong 1 by FunnyGames

Mahjong 1 is a casual video game for the PC distributed through the FunnyGames portal at funnygames.us from Tibaco International.

About 5% of users remove it

FunnyGames - Mahjong Connect 2 by FunnyGames

About 5% of users remove it

Latest 20 of 13 programs

The file bouncing_balls.exe has been seen being distributed by the following 13 URLs.

http://webgameplayer.tibaco.net/110/.../bubble_buster.exe

http://webgameplayer.tibaco.net/110/.../hidden_objects_house.exe

http://webgameplayer.tibaco.net/110/.../strike_force_heroes_1.exe

http://webgameplayer.tibaco.net/110/.../epic_battle_fantasy_3.exe

http://webgameplayer.tibaco.net/110/.../world_cup_2010_penalty.exe

http://webgameplayer.tibaco.net/110/.../sports_heads_basketball.exe

http://webgameplayer.tibaco.net/110/.../angry_animals.exe

http://webgameplayer.tibaco.net/110/.../violet_sky.exe

http://webgameplayer.tibaco.net/110/.../zombie_tactics.exe

http://webgameplayer.tibaco.net/110/.../happy_wheels.exe

http://webgameplayer.tibaco.net/110/.../royal_offense.exe

http://webgameplayer.tibaco.net/110/.../swords_and_sandals_2.exe

http://webgameplayer.tibaco.net/110/.../hit_the_jackpot_2.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to 63.01.acb8.ip4.static.sl-reverse.com (184.172.1.99:80)

Remove bouncing_balls.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.