goldfishing.4.exe

Novel Games Limited

This is a setup program which is used to install the application. The file has been seen being downloaded from www.novelgames.com.
Publisher:
Novel Games Limited  (signed and verified)

MD5:
b8078c56b1739a6ce46fef39c40a103f

SHA-1:
577bcde903b4a669c36a610960b4cf0271c7ff9e

SHA-256:
da3d0b482143f7065514ec4eb5c413b1d0f1d01b2e86b8bf4fea6a8e72c258da

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/24/2024 8:29:04 PM UTC  (today)

Scan engine
Detection
Engine version

SUPERAntiSpyware
Trojan.Agent/Gen-Backdoor
8977

File size:
654.5 KB (670,160 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\goldfishing.4.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
4/13/2015 5:59:56 AM

Valid to:
5/23/2016 5:01:39 AM

Subject:
CN=Novel Games Limited, O=Novel Games Limited, L=Hong Kong, S=Hong Kong, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121BD8C3718B98A11CF31D13E6443F751D9

File PE Metadata
Compilation timestamp:
11/6/2011 11:18:01 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:imftwnQC6yTILE5OP5K0pOFD0SfRTzibZPaHUGB6J+zcKuwyqJvT3YJnuopE:/twQCFTILEq5ppCjubZPabUHKXyqJvbF

Entry address:
0x1362

Entry point:
E8, B8, 22, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, 08, 60, 41, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, 0C, 60, 41, 00, 5D, C3, 05, 44, FF, FF, FF, 6A, 0E, 59, 3B, C8, 1B, C0, 23, C1, 83, C0, 08, 5D, C3, E8, 1D, 1F, 00, 00, 85, C0, 75, 06, B8, 70, 61, 41, 00, C3, 83, C0, 08, C3, 8B, FF, 55, 8B, EC, 33, C0, 39, 45, 08, 6A, 00, 0F, 94, C0, 68, 00, 10, 00, 00, 50, FF, 15, 68, 00, 41, 00, A3, CC, 6C, 41, 00, 85...
 
[+]

Code size:
59.5 KB (60,928 bytes)

The file goldfishing.4.exe has been seen being distributed by the following URL.

Scan goldfishing.4.exe - Powered by Reason Core Security