game2e.com auto-joiner.exe

Garena Auto-Joiner

hbm

It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in.
Publisher:
hbm

Product:
Garena Auto-Joiner

Version:
1.0.0.1

MD5:
454eb3f28ba2fdcc0aa26f7b30656535

SHA-1:
5e6e0ccc139d8a4cfabb70b0d5a88122a0821c17

SHA-256:
fb834b60e9050c5495f7d274374f37e984465637317e38863aee460b533584ab

Scanner detections:
5 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/28/2024 9:38:12 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Rogue.8814431
7.11.136.228

Comodo Security
UnclassifiedMalware
17925

McAfee
Artemis!454EB3F28BA2
5600.6789

Norman
Suspicious_Gen2.VQGAC
11.20150421

Rising Antivirus
PE:Trojan.Win32.Generic.159FC0FF!362791167
23.00.65.15419

File size:
408 KB (417,792 bytes)

Product version:
1.0.0.1

Copyright:
(c) hbm. All rights reserved.

Original file name:
AutoGG.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

File PE Metadata
Compilation timestamp:
12/26/2012 1:00:16 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:8gKu9uBNO7GakDSS6DhooG854bUAFzxaCfboa7mGC1GbVH6yt6ie:8quLPRhbUAFzxaIEaKGCYS

Entry address:
0x2AB92

Entry point:
E8, 04, 68, 00, 00, E9, 17, FE, FF, FF, FF, 35, 90, C9, 45, 00, E8, 66, 62, 00, 00, 85, C0, 59, 74, 02, FF, D0, 6A, 19, E8, 8A, 56, 00, 00, 6A, 01, 6A, 00, E8, 64, 69, 00, 00, 83, C4, 0C, E9, 69, 68, 00, 00, 55, 8B, EC, 8B, 45, 14, 56, 57, 33, FF, 3B, C7, 74, 47, 39, 7D, 08, 75, 1B, E8, 75, 40, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 32, 33, 00, 00, 83, C4, 14, 8B, C6, EB, 29, 39, 7D, 10, 74, E0, 39, 45, 0C, 73, 0E, E8, 50, 40, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, D7, 50, FF, 75, 10, FF, 75...
 
[+]

Code size:
268 KB (274,432 bytes)

Scheduled Task
Task name:
Auto-Joiner.exe

Trigger:
Logon (Runs on logon)


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

TCP (HTTP):
Connects to cache.google.com  (202.179.1.15:80)

TCP (HTTP):

TCP (HTTP):

Scan game2e.com auto-joiner.exe - Powered by Reason Core Security