24fd2ba8f102880be01493f95ddc354c8cad41bca7b1a46d2e8aefcd3f3cf510

Gamehitzone Inc.

The file 24fd2ba8f102880be01493f95ddc354c8cad41bca7b1a46d2e8aefcd3f3cf510 by Gamehitzone has been detected as a potentially unwanted program by 3 anti-malware scanners.
Publisher:
Gamehitzone Inc.  (signed and verified)

MD5:
2dca99560ac66662947882fa321bf88d

SHA-1:
bd14715da5b960906d294da54ae565d0820eacfe

SHA-256:
24fd2ba8f102880be01493f95ddc354c8cad41bca7b1a46d2e8aefcd3f3cf510

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
11/8/2024 6:27:24 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.HfsAdware
1.3.0.6379

Reason Heuristics
PUP.Gamehitzone
15.6.4.7

Trend Micro House Call
Suspicious_GEN.F47V0505
7.2.155

File size:
204.7 KB (209,584 bytes)

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
10/14/2014 9:46:02 AM

Valid to:
1/14/2017 8:46:02 AM

Subject:
E=abuse@gamehitzone.com, CN=Gamehitzone Inc., O=Gamehitzone Inc., L=Belize City, S=Belize, C=BZ

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121CE11F3B8C23214B9089ECDD724159825

File PE Metadata
Compilation timestamp:
12/5/2014 5:57:54 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:BTo5rvPqg0/dtX9pcZ36f7CuVNjSO/l0QIPx2JcJSCdeg830fpLBUU+ocl8YfItF:orP7sTX9/LCSCdT8+YlhQtF

Entry address:
0x19F73

Entry point:
55, 8B, EC, 6A, FF, 68, 20, 43, 42, 00, 68, 08, CC, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 3C, 30, 42, 00, 33, D2, 8A, D4, 89, 15, 3C, B7, 42, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 38, B7, 42, 00, C1, E1, 08, 03, CA, 89, 0D, 34, B7, 42, 00, C1, E8, 10, A3, 30, B7, 42, 00, 33, F6, 56, E8, 26, 16, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, B0, 00, 00, 00, 59, 89, 75, FC, E8, 6B, 2A, 00, 00, FF, 15, 38, 30, 42, 00, A3, 30, CE, 42, 00, E8...
 
[+]

Entropy:
6.2272

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
136 KB (139,264 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to mpdedicated.com  (173.192.48.97:80)

TCP (HTTP):
Connects to 94.31.29.128.IPYX-077437-ZYO.above.net  (94.31.29.128:80)

TCP (HTTP SSL):
Connects to wb-in-f157.1e100.net  (66.102.1.157:443)

TCP (HTTP SSL):
Connects to wb-in-f156.1e100.net  (66.102.1.156:443)

TCP (HTTP SSL):
Connects to wk-in-f155.1e100.net  (74.125.206.155:443)

TCP (HTTP SSL):
Connects to wb-in-f155.1e100.net  (66.102.1.155:443)

TCP (HTTP):
Connects to par21s03-in-f14.1e100.net  (216.58.213.142:80)

TCP (HTTP):
Connects to host-41-206-64-98.afnet.net  (41.206.64.98:80)

TCP (HTTP):
Connects to a23-55-149-163.deploy.static.akamaitechnologies.com  (23.55.149.163:80)

TCP (HTTP):
Connects to a23-51-117-163.deploy.static.akamaitechnologies.com  (23.51.117.163:80)

TCP (HTTP):

TCP (HTTP):