home

GameAdvisor.exe

Game Advisor

NCsoft

Publisher:
NCsoft  (signed and verified)

Product:
Game Advisor

Version:
1, 0, 1, 9

MD5:
a542f73a28b158d76c366c0688b31c6c

SHA-1:
7eb8e3542e0d4b93386f0b1d1d32e831333b2089

SHA-256:
cae981534452c6da2d1e59d9c1d64867a15c536238e4e3cea432ca8156aa1bba

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
1/15/2025 5:55:23 PM UTC  (today)

Scan engine
Detection
Engine version

Vba32 AntiVirus
suspected of Win32.Trojan-Downloader
3.12.12.2

File size:
753.2 KB (771,320 bytes)

Product version:
1, 0, 1, 9

Copyright:
(c) 2009 NCsoft Corporation.

Original file name:
GameAdvisor.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\downloads\gameadvisor.exe

Digital Signature
Signed by:
NCsoft

Authority:
VeriSign, Inc.

Valid from:
6/1/2008 7:00:00 PM

Valid to:
6/17/2009 6:59:59 PM

Subject:
CN=NCsoft, OU=NCsoft, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=NCsoft, L=Austin, S=Texas, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
702D6BD05FE04B125E63EE99AAE54EFC

File PE Metadata
Compilation timestamp:
3/24/2009 4:41:02 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:Exm5UVI8UaUM1jhSL26licf1EjunSOgH3nSvNh2DTVIfOVDrldcBb:Exm5iI8UpohL6ltYuWTDTefOVDrfcB

Entry address:
0xB745

Entry point:
E8, 8C, 52, 00, 00, E9, 16, FE, FF, FF, 53, 8B, 5C, 24, 08, 56, 57, 8B, F9, C7, 07, F4, 93, 41, 00, 8B, 03, 85, C0, 74, 26, 50, E8, B6, 2A, 00, 00, 8B, F0, 46, 56, E8, A4, FB, FF, FF, 85, C0, 59, 59, 89, 47, 04, 74, 12, FF, 33, 56, 50, E8, 57, E8, FF, FF, 83, C4, 0C, EB, 04, 83, 67, 04, 00, C7, 47, 08, 01, 00, 00, 00, 8B, C7, 5F, 5E, 5B, C2, 04, 00, 8B, C1, 8B, 4C, 24, 04, C7, 00, F4, 93, 41, 00, 8B, 09, 83, 60, 08, 00, 89, 48, 04, C2, 08, 00, 53, 8B, 5C, 24, 08, 56, 8B, F1, C7, 06, F4, 93, 41, 00, 8B, 43...
 
[+]

Entropy:
7.3906

Code size:
96 KB (98,304 bytes)

Scan GameAdvisor.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.