vao game tl tu tuyet.exe

TLBB Launch

Beijing AmazGame Age Internet Technology Co., Ltd.

The application vao game tl tu tuyet.exe by Beijing AmazGame Age Internet Technology Co. has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address xx-fbcdn-shv-01-hkg3.fbcdn.net on port 443.
Publisher:
Changyou.com Limited  (signed by Beijing AmazGame Age Internet Technology Co., Ltd.)

Product:
TLBB Launch

Description:
Launch_1.0.3.18

Version:
1.0.3.18

MD5:
f741cd79280b42e93911898576f9895f

SHA-1:
f50cf1e5d7a4c849ee600b5ebd42b79351e59096

SHA-256:
304e373c839845697406a1912a507e074494de925ef384a6301bf2b64f292e31

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 12:20:27 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.BeijingA
17.1.16.12

File size:
6.1 MB (6,438,008 bytes)

Product version:
1.0.3.18

Copyright:
(C) 2008-2010 Changyou.com Limited. All Rights Reserved.

Original file name:
Launch.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
4/28/2009 7:00:00 AM

Valid to:
4/28/2012 6:59:59 AM

Subject:
CN="Beijing AmazGame Age Internet Technology Co., Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Beijing AmazGame Age Internet Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
131E7EB34A7DB63E08A235718EEF6849

File PE Metadata
Compilation timestamp:
8/4/2011 10:00:19 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

Entry address:
0x835BD

Entry point:
4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 18, 01, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Code size:
524 KB (536,576 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-hkg3.fbcdn.net  (31.13.95.12:443)

TCP (HTTP SSL):
Connects to edge-z-1-p2-shv-01-hkg3.facebook.com  (31.13.95.46:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-hkg3.facebook.com  (31.13.95.36:443)

Remove vao game tl tu tuyet.exe - Powered by Reason Core Security