» extremejungleracers.exe
Overview
Analysis
File Details
Network (16)

extremejungleracers.exe

Gamehitzone Inc.

The application extremejungleracers.exe by Gamehitzone has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address 94.31.29.128.IPYX-077437-ZYO.above.net on port 80 using the HTTP protocol.

File name:

Publisher:

Gamehitzone Inc. (signed and verified)

MD5:

56598a0064fbd8ab71bb1d8a38129e78

SHA-1:

9c07018022f36f6203be52e1070bac9b35d1f9d0

SHA-256:

d4edefe74ee94070a3c8df679e57173cab501da6ab322c271decd6d6648436a3

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

11/8/2024 4:58:59 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Gamehitzone

15.5.4.13

File size:

3 MB (3,187,376 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\gamehitzone.com\extremejungleracers\extremejungleracers.exe

Digital Signature

Signed by:

Gamehitzone Inc.

Authority:

GlobalSign nv-sa

Valid from:

10/14/2014 8:46:02 AM

Valid to:

1/14/2017 7:46:02 AM

Subject:

E=abuse@gamehitzone.com, CN=Gamehitzone Inc., O=Gamehitzone Inc., L=Belize City, S=Belize, C=BZ

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121CE11F3B8C23214B9089ECDD724159825

File PE Metadata

Compilation timestamp:

6/6/2011 10:30:51 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

49152:bgYB65m+QTeEOUdlM+XxxVzlZMrPZPAbd/29bel:sO65m+We24yx/5oPAbdO9Sl

Entry address:

0x14B2C0

Entry point:

55, 8B, EC, 6A, FF, 68, 20, 78, 66, 00, 68, BC, F9, 54, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, D8, 40, 66, 00, 33, D2, 8A, D4, 89, 15, 44, 97, 6E, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 40, 97, 6E, 00, C1, E1, 08, 03, CA, 89, 0D, 3C, 97, 6E, 00, C1, E8, 10, A3, 38, 97, 6E, 00, 33, F6, 56, E8, EA, 48, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, B0, 00, 00, 00, 59, 89, 75, FC, E8, 10, 24, 00, 00, FF, 15, D4, 40, 66, 00, A3, C4, DC, 6E, 00, E8... 
[+]

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

2.4 MB (2,502,656 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to mpdedicated.com (173.192.48.97:80)

TCP (HTTP):

Connects to 94.31.29.128.IPYX-077437-ZYO.above.net (94.31.29.128:80)

TCP (HTTP SSL):

Connects to wb-in-f154.1e100.net (66.102.1.154:443)

TCP (HTTP):

Connects to a23-57-219-27.deploy.static.akamaitechnologies.com (23.57.219.27:80)

TCP (HTTP SSL):

Connects to wk-in-f154.1e100.net (74.125.206.154:443)

TCP (HTTP SSL):

Connects to wb-in-f156.1e100.net (66.102.1.156:443)

TCP (HTTP SSL):

Connects to wb-in-f155.1e100.net (66.102.1.155:443)

TCP (HTTP):

Connects to mil04s24-in-f14.1e100.net (216.58.205.46:80)

TCP (HTTP):

Connects to mil04s23-in-f14.1e100.net (172.217.23.110:80)

TCP (HTTP SSL):

Connects to jl-in-f154.1e100.net (209.85.200.154:443)

TCP (HTTP):

Connects to hit-adult.opendns.com (146.112.61.106:80)

TCP (HTTP):

Connects to bzq-218-16-236.cablep.bezeqint.net (81.218.16.236:80)

TCP (HTTP):

Connects to a23-50-187-27.deploy.static.akamaitechnologies.com (23.50.187.27:80)

TCP (HTTP SSL):

Connects to a104-122-101-41.deploy.static.akamaitechnologies.com (104.122.101.41:443)

Remove extremejungleracers.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.