home

yohoho-30-install.exe

Puzzle Pirates

Three Rings Design, Inc.

This is a self-extracting archive and installer.
Publisher:
Three Rings Design, Inc.  (signed and verified)

Product:
Puzzle Pirates

Description:
Puzzle Pirates Installer

Version:
1.0.0

MD5:
f9a5d69cd5b9cf1d9ef907ba9c9c4f1f

SHA-1:
8ceacb198c9bde2fd5b5ef7a793faf58262136d2

SHA-256:
65580af728bd84adf1bc65a329faba9816bbc1e953394f9ceb76553bc2c61489

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/27/2024 1:31:30 PM UTC  (today)

Scan engine
Detection
Engine version

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

File size:
314.9 KB (322,432 bytes)

Copyright:
Puzzle Pirates (c)2001-2006 Three Rings Design, Inc.

Trademarks:
Puzzle Pirates(tm) Three Rings Design, Inc.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\yohoho-30-install.exe

Digital Signature
Signed by:
Three Rings Design, Inc.

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
7/27/2006 5:00:00 PM

Valid to:
9/29/2008 4:59:59 PM

Subject:
CN="Three Rings Design, Inc.", OU=Fun Department, O="Three Rings Design, Inc.", L=San Francisco, S=California, C=US

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
62C2EBF03D2F5F54B17CC1C20CD93C6E

File PE Metadata
Compilation timestamp:
11/23/2004 3:05:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
6144:QMMxRpO+mqNWzA3MWYT+vy4hdwmgOKZonINLac61PRiRedh6EXhwHkXK1G7D2:QlxrfNfc8vy4hdHgjWnINgRiRC6EWHkS

Entry address:
0x34B5

Entry point:
55, 89, E5, 57, 56, 53, 83, EC, 24, C7, 45, DC, 00, 00, 00, 00, C7, 45, D8, 00, 00, 00, 00, E8, 8F, 48, 00, 00, 6A, 00, E8, B8, 47, 00, 00, A3, 00, 0D, 43, 00, BF, D0, A2, 40, 00, 68, 13, A3, 40, 00, 68, C0, 0D, 43, 00, E8, 10, 2B, 00, 00, B3, 20, 68, 00, C4, 43, 00, 68, 00, 04, 00, 00, FF, 15, 48, 24, 43, 00, E8, 38, FF, FF, FF, 85, C0, 75, 2D, 68, FB, 03, 00, 00, 68, 00, C4, 43, 00, FF, 15, 54, 24, 43, 00, 68, 1E, A3, 40, 00, 68, 00, C4, 43, 00, FF, 15, B4, 24, 43, 00, E8, 0F, FF, FF, FF, 85, C0, 0F, 84...
 
[+]

Entropy:
7.8581  (probably packed)

Code size:
30 KB (30,720 bytes)

Scan yohoho-30-install.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.