home

game_3dmgame-1480_o16.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from www.baidu.com.
MD5:
7de46f4314f90822520836c6606fb98b

SHA-1:
fcf7261797acdbfd5ca8b495b4bcec8d46bd0766

SHA-256:
127323e86adfefd10b4ad568eb430cc38a284a7ae24e6aa164aa73936288aeee

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/17/2025 4:36:40 PM UTC  (today)

File size:
3.2 MB (3,328,817 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\game_3dmgame-1480_o16.exe

File PE Metadata
Compilation timestamp:
7/25/2016 2:55:02 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:iyP3yPaTvIQW7A2dGNvXDjmmnzMNiDuchDmju:oIlNvnmmzMNidAju

Entry address:
0x10256C

Entry point:
FF, 30, 64, 89, 20, 8B, 45, 08, 50, 0F, B6, 0D, 08, 41, 4D, 00, 8B, 55, EC, 33, C0, E8, CE, B3, FF, FF, 59, 33, C0, 5A, 59, 59, 64, 89, 10, EB, 3F, 33, C0, 5A, 59, 59, 64, 89, 10, E9, 12, 08, F3, FF, 8D, 45, D0, E8, 72, C7, FA, FF, 8B, 45, D0, 8B, 15, 7C, 5E, 50, 00, 8B, 92, C8, 00, 00, 00, E8, 3E, 98, FF, FF, 84, C0, 74, 0B, C6, 45, E7, 01, E8, 41, 0C, F3, FF, EB, 07, E8, 3A, 0C, F3, FF, EB, 93, 80, 7D, E7, 00, 75, 0A, B8, 18, 41, 4D, 00, E8, B8, EC, FD, FF, 8B, 45, F0, 50, 8B, 4D, F4, 8B, 55, F8, 8B, 45...
 
[+]

Entropy:
7.6031

Code size:
1 MB (1,052,160 bytes)

The file game_3dmgame-1480_o16.exe has been seen being distributed by the following URL.

http://www.baidu.com/cb.php?c=IgF_pyfqnHRdrjD1PWn0IZ0qnfK9ujYzn10sPWf40Aw-5HcYrj0YnHn0TAq15HcYnWTvnH00T1YsmWRdmWIBnWfsn179ryNb0AwY5HDYP10kPH0snHf0IgF_5y9YIZ0lQztdTjbLQh4dpyq8QhP8QvbE5v7ZNWu9R1-3mRn4U--gnykmXb4om-IbpAFgNgwPN7DYHRD-nYf-nYf0ThfqrHb40AFV5HD0TZcqn0KdpyfqnWcvPjbLPsKEpyfqrHfkPjR0mv-b5HmsPH6Y0AqLUWYs0ZK45HDsP6KWThnqPHRvP1D

Scan game_3dmgame-1480_o16.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.