gulbara.3.exe

Novel Games Limited

This is a setup program which is used to install the application. The file has been seen being downloaded from www.novelgames.com.
Publisher:
Novel Games Limited  (signed and verified)

MD5:
1c7803ed45ea450193109301e33f612b

SHA-1:
e51504484b7c6a8c36b4b0fd7b80702c81b22ec9

SHA-256:
5d6afd4bfe9b8eb0a9d5b9a4d33f9c3a35d77a9e4b257fc24a3d000fe5df3de3

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/24/2024 8:47:40 PM UTC  (today)

Scan engine
Detection
Engine version

SUPERAntiSpyware
Trojan.Agent/Gen-Backdoor
9135

File size:
652.5 KB (668,200 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\gulbara.3.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
2/4/2014 12:06:58 PM

Valid to:
4/23/2015 12:01:39 PM

Subject:
CN=Novel Games Limited, O=Novel Games Limited, L=Hong Kong, S=Hong Kong, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121B20F14C8CC3BBD879ADB57F706E84029

File PE Metadata
Compilation timestamp:
11/7/2011 6:18:01 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:fmftwnQC6yTILEROPhzcKuwyqJvT3YJfFD0SfRTzibZPaHUGB6JXK06NFV3P:CtwQCFTILESKKXyqJvbGjubZPabUtp6J

Entry address:
0x1362

Entry point:
E8, B8, 22, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, 08, 60, 41, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, 0C, 60, 41, 00, 5D, C3, 05, 44, FF, FF, FF, 6A, 0E, 59, 3B, C8, 1B, C0, 23, C1, 83, C0, 08, 5D, C3, E8, 1D, 1F, 00, 00, 85, C0, 75, 06, B8, 70, 61, 41, 00, C3, 83, C0, 08, C3, 8B, FF, 55, 8B, EC, 33, C0, 39, 45, 08, 6A, 00, 0F, 94, C0, 68, 00, 10, 00, 00, 50, FF, 15, 68, 00, 41, 00, A3, CC, 6C, 41, 00, 85...
 
[+]

Entropy:
7.8892  (probably packed)

Code size:
59.5 KB (60,928 bytes)

The file gulbara.3.exe has been seen being distributed by the following URL.

Scan gulbara.3.exe - Powered by Reason Core Security