home

Snook13s.exe

Snooker147 & Poolster

JHC Software Limited

The executable Snook13s.exe, “This installer database contains the logic and data required to install Snooker147 & Poolster.” has been detected as malware by 7 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from www.jhc-software.com.
Publisher:
JHC Software Limited

Product:
Snooker147 & Poolster

Description:
This installer database contains the logic and data required to install Snooker147 & Poolster.

Version:
1.3

MD5:
7a36c358f13ba92fdc5afcf6e2f7da7b

SHA-1:
1e1ddce46440c859c7757de4b8f2b95d5ccab7bd

SHA-256:
022da6592ae41b649f6ec91a54352800dad9a2af3641123be20a0c2270997291

Scanner detections:
7 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
1/13/2025 4:03:01 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160708-3

AVG
Win32/Sality
2015.0.4604

Emsisoft Anti-Malware
Win32.Sality
16.07.20

ESET NOD32
Win32/Sality.NBA virus
7.0.302.0

F-Prot
W32/Sality.gen2
4.6.5.141

F-Secure
Win32.Sality.3
5.15.96

Microsoft Security Essentials
Threat.Undefined
1.225.2018.0

File size:
1.4 MB (1,447,824 bytes)

Product version:
1.3

Copyright:
Copyright (C) JHC Software Limited

Original file name:
Snook13s.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\snook13s.exe

File PE Metadata
Compilation timestamp:
4/13/2007 7:56:18 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
24576:XMcvu/e3OM4eLAzYQswBIA4w1dvchvRcjWLyA8pIG6+9zcpKSj2erDnB4TdIw+Fj:XMtaOM4eLAzYdX6dvooW84pPj2KDnaxE

Entry address:
0x183B8

Entry point:
B8, E8, C0, 50, 32, 0C, EA, 35, 14, DC, 03, 52, 69, F6, 70, 56, 35, 1E, 86, F5, 0F, AF, F5, F7, C0, 98, 55, E2, 2E, 0F, BF, CE, 8B, CA, 88, ED, 84, E1, 6B, DB, 00, 8D, 35, 6D, 0F, 1C, B2, BB, 6A, C1, 00, 00, 86, D6, 8D, 2D, AB, 3B, 35, 5A, 03, C3, 81, CE, 23, F2, ED, 7E, 2D, 72, 06, 00, 00, 34, B2, C7, C3, 00, 89, 62, F6, B2, 0A, 47, 0F, B6, F7, B1, 87, FE, CD, 68, B9, 82, 35, 00, B6, F3, E8, 00, 00, 00, 00, 8A, D0, 39, F8, 19, DE, 8A, C7, 24, 34, 38, DE, 68, 58, 65, 00, 00, F6, C6, 8B, 5D, EB, 0E, 89, C3...
 
[+]

Entropy:
7.7931  (probably packed)

Code size:
98 KB (100,352 bytes)

The file Snook13s.exe has been seen being distributed by the following URL.

http://www.jhc-software.com/.../Snook13r.exe

Remove Snook13s.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.