» javaflashnbb.exe
Overview
Analysis
File Details

javaflashnbb.exe

Tibia Player

CoffeeCup Software

The executable javaflashnbb.exe has been detected as malware by 15 anti-virus scanners.

File name:

javaflashnbb.exe

Publisher:

CipSoft GmbH (signed by CoffeeCup Software)

Product:

Tibia Player

Description:

Tibia Player

Version:

10.00

MD5:

c0c6b21a562a030070075bc842370b5a

SHA-1:

9614291db8547d78526de0ae3fc056e9b0865dab

SHA-256:

37a609364b2d808ca37155b40426d88301ae128e1d3fa172ae4e57ab4b129b18

Scanner detections:

15 / 68

Status:

Malware

Analysis date:

11/5/2024 7:06:09 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Razy.117889

-23

Avira AntiVirus

TR/Injector.sdhjp

8.3.3.4

Arcabit

Trojan.Razy.D1CC81

1.0.0.792

avast!

Win32:Malware-gen

2014.9-170226

AVG

Inject3

2018.0.2455

Baidu Antivirus

Win32.Trojan.WisdomEyes.16070401.9500

4.0.3.17226

Bitdefender

Gen:Variant.Razy.117889

1.0.20.285

Emsisoft Anti-Malware

Gen:Variant.Razy.117889

8.17.02.26.05

ESET NOD32

Win32/Injector.DJLZ (variant)

11.14726

Fortinet FortiGate

W32/GenKryptik.QBG!tr

2/26/2017

F-Secure

Gen:Variant.Razy.117889

11.2017-26-02_1

G Data

Gen:Variant.Razy.117889

17.2.25

K7 AntiVirus

Trojan

13.247.22025

MicroWorld eScan

Gen:Variant.Razy.117889

18.0.0.171

Qihoo 360 Security

HEUR/QVM03.0.0000.Malware.Gen

1.0.0.1120

File size:

2.3 MB (2,444,712 bytes)

Product version:

10.00

Trademarks:

Tibia is a registered Trademark of CipSoft GmbH

Original file name:

Player.exe

File type:

Executable application (Win32 EXE)

Language:

Búlgaro (Bulgária)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\javaflashnbb.exe

Digital Signature

Signed by:

CoffeeCup Software

Authority:

Symantec Corporation

Valid from:

2/2/2016 10:00:00 PM

Valid to:

4/3/2019 8:59:59 PM

Subject:

CN=CoffeeCup Software, O=CoffeeCup Software, L=Roswell, S=Georgia, C=US

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

5F6628DB20A983AA898EA7E2CC4DCE63

File PE Metadata

Compilation timestamp:

1/5/2017 12:05:25 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

Entry address:

0x1A00

Entry point:

68, DC, FF, 61, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 6D, AE, 11, 3D, 74, 8B, 61, 40, 9B, 6F, 4C, 73, B1, A4, 15, F9, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 76, 62, 34, 70, 72, 6F, 6A, 65, 63, 74, 56, 62, 00, 00, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 05, 34, 2F, 6A, 8F, 69, CD, 7F, 49, A7, 81, 5B, 1B, EC, 62, 33, F9, 6B, 1A, 3E, E4, 1E, A1, FE, 4F, 98, A7, 6D, 87, B0, A9, 88, D2, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00... 
[+]

Developed / compiled with:

Microsoft Visual Basic v5.0

Code size:

2.2 MB (2,289,664 bytes)

Remove javaflashnbb.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.