extremejungleracers.exe

Gamehitzone Inc.

The application extremejungleracers.exe by Gamehitzone has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address 94.31.29.128.IPYX-077437-ZYO.above.net on port 80 using the HTTP protocol.
Publisher:
Gamehitzone Inc.  (signed and verified)

MD5:
56598a0064fbd8ab71bb1d8a38129e78

SHA-1:
9c07018022f36f6203be52e1070bac9b35d1f9d0

SHA-256:
d4edefe74ee94070a3c8df679e57173cab501da6ab322c271decd6d6648436a3

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/27/2024 12:06:25 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Gamehitzone
15.5.4.13

File size:
3 MB (3,187,376 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\gamehitzone.com\extremejungleracers\extremejungleracers.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
10/14/2014 8:46:02 AM

Valid to:
1/14/2017 7:46:02 AM

Subject:
E=abuse@gamehitzone.com, CN=Gamehitzone Inc., O=Gamehitzone Inc., L=Belize City, S=Belize, C=BZ

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121CE11F3B8C23214B9089ECDD724159825

File PE Metadata
Compilation timestamp:
6/6/2011 10:30:51 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:bgYB65m+QTeEOUdlM+XxxVzlZMrPZPAbd/29bel:sO65m+We24yx/5oPAbdO9Sl

Entry address:
0x14B2C0

Entry point:
55, 8B, EC, 6A, FF, 68, 20, 78, 66, 00, 68, BC, F9, 54, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, D8, 40, 66, 00, 33, D2, 8A, D4, 89, 15, 44, 97, 6E, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 40, 97, 6E, 00, C1, E1, 08, 03, CA, 89, 0D, 3C, 97, 6E, 00, C1, E8, 10, A3, 38, 97, 6E, 00, 33, F6, 56, E8, EA, 48, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, B0, 00, 00, 00, 59, 89, 75, FC, E8, 10, 24, 00, 00, FF, 15, D4, 40, 66, 00, A3, C4, DC, 6E, 00, E8...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
2.4 MB (2,502,656 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to mpdedicated.com  (173.192.48.97:80)

TCP (HTTP):
Connects to 94.31.29.128.IPYX-077437-ZYO.above.net  (94.31.29.128:80)

TCP (HTTP SSL):
Connects to wb-in-f154.1e100.net  (66.102.1.154:443)

TCP (HTTP):

TCP (HTTP SSL):
Connects to wk-in-f154.1e100.net  (74.125.206.154:443)

TCP (HTTP SSL):
Connects to wb-in-f156.1e100.net  (66.102.1.156:443)

TCP (HTTP SSL):
Connects to wb-in-f155.1e100.net  (66.102.1.155:443)

TCP (HTTP):
Connects to mil04s24-in-f14.1e100.net  (216.58.205.46:80)

TCP (HTTP):
Connects to mil04s23-in-f14.1e100.net  (172.217.23.110:80)

TCP (HTTP SSL):
Connects to jl-in-f154.1e100.net  (209.85.200.154:443)

TCP (HTTP):
Connects to hit-adult.opendns.com  (146.112.61.106:80)

TCP (HTTP):
Connects to bzq-218-16-236.cablep.bezeqint.net  (81.218.16.236:80)

TCP (HTTP):

TCP (HTTP SSL):
Connects to a104-122-101-41.deploy.static.akamaitechnologies.com  (104.122.101.41:443)

Remove extremejungleracers.exe - Powered by Reason Core Security