» gamecenter@mail.ru.exe
Overview
Analysis
File Details
Network (87)

gamecenter@mail.ru.exe

Игровой центр@Mail.Ru

LLC Mail.Ru

The application gamecenter@mail.ru.exe by LLC Mail.Ru has been detected as a potentially unwanted program by 4 anti-malware scanners. While running, it connects to the Internet address rope.fete.volia.net on port 6881.

File name:

Publisher:

LLC Mail.Ru (signed and verified)

Product:

Игровой центр@Mail.Ru

Version:

2.0.0.313

MD5:

82b9501f0b5eee21cc370248407187ad

SHA-1:

125d58d236064e31f82ed4053dd10e2a8392ed82

SHA-256:

65cb4b44f26c288483e131ede8a13cd5a3a6765d9ef54c57c0aafd73278c1ae7

Scanner detections:

4 / 68

Status:

Potentially unwanted

Analysis date:

11/27/2024 3:38:48 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Downloader-TPW [PUP]

2014.9-150719

Bkav FE

W32.HfsAdware

1.3.0.6379

Reason Heuristics

Win32.Generic.MailRu.Meta

15.7.19.9

Trend Micro House Call

TROJ_GEN.F47V0621

7.2.200

File size:

4 MB (4,210,200 bytes)

Product version:

2.0.0.313

Original file name:

Игровой центр@Mail.Ru.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe

Digital Signature

Signed by:

LLC Mail.Ru

Authority:

Thawte, Inc.

Valid from:

12/9/2011 3:00:00 AM

Valid to:

2/7/2014 2:59:59 AM

Subject:

CN=LLC Mail.Ru, O=LLC Mail.Ru, L=Moscow, S=Moscow, C=RU

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

1C09DBBC732D4B58F7A88EBACF323417

File PE Metadata

Compilation timestamp:

7/11/2013 7:21:06 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:RDVn0riZu+wkhShugY5rBxa+lDTmI2fkxiT1umKWnUd/:z9OkhShugY5rLLP2fkwTwmKiA

Entry address:

0x1B3F90

Entry point:

55, 8B, EC, 83, C4, F0, B8, B4, 49, 5A, 00, E8, D4, 62, E5, FF, A1, 9C, 89, 5B, 00, 80, 38, 00, A1, 04, 88, 5B, 00, 0F, 95, 00, E8, 1B, 71, FC, FF, E8, E6, 22, E5, FF, 8B, C0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

1.7 MB (1,779,712 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP:

Connects to www.users.mns.ru (178.162.71.161:6881)

TCP:

Connects to usr-176-222-193-224.lanck.net (176.222.193.224:6881)

TCP:

Connects to user-79-136-194-177.tomtelnet.ru (79.136.194.177:6881)

TCP:

Connects to user-62-68-136-117.tomtelnet.ru (62.68.136.117:6881)

TCP:

Connects to unallocated.sta.pautina.ua (92.249.83.14:6881)

TCP:

Connects to static-user-109-124-9-94.tomtelnet.ru (109.124.9.94:6881)

TCP:

Connects to r110-160.rubinplus.net (31.41.110.160:60512)

TCP:

Connects to pppoe176.net176-62-100.se2.omkc.ru (176.62.100.176:6881)

TCP:

Connects to ppp109-252-50-8.pppoe.spdop.ru (109.252.50.8:6881)

TCP:

Connects to nat-178-215-105-109.speedyline.ru (178.215.105.109:4113)

TCP:

Connects to nas.belogorsk.net (83.234.96.2:6881)

TCP:

Connects to l49-183-239.cn.ru (178.49.183.239:51693)

TCP:

Connects to host-2-60-81-244.pppoe.omsknet.ru (2.60.81.244:6881)

TCP:

Connects to host-2-60-73-194.pppoe.omsknet.ru (2.60.73.194:1066)

TCP:

Connects to host-2-60-43-88.pppoe.omsknet.ru (2.60.43.88:6882)

TCP:

Connects to host-2-60-16-226.pppoe.omsknet.ru (2.60.16.226:6881)

TCP:

Connects to host-212-96-109-44.stv.ru (212.96.109.44:13030)

TCP:

Connects to enode.176.59.41.97.tele2.ru (176.59.41.97:19765)

TCP:

Connects to enode.176.59.18.123.tele2.ru (176.59.18.123:1025)

TCP:

Connects to dynamic-2-61-54-79.pppoe.khakasnet.ru (2.61.54.79:6882)

Remove gamecenter@mail.ru.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.