» GameCenter@Mail.Ru.exe
Overview
Analysis
File Details
Behaviors (1)
Network (92)

GameCenter@Mail.Ru.exe

GameCenter@Mail.Ru

LLC Mail.Ru

The application GameCenter@Mail.Ru.exe by LLC Mail.Ru has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘GameCenterMailRu’. While running, it connects to the Internet address dl37.ext.terrhq.ru on port 80 using the HTTP protocol.

File name:

Publisher:

LLC Mail.Ru (signed and verified)

Product:

GameCenter@Mail.Ru

Version:

2.0.375.22299

MD5:

1112a2bdc5da1b74c434b447996949dd

SHA-1:

d76799341f1787a6561c5e6436dbf2083379a8f2

SHA-256:

9f8a9fc91ca90221593b043487d30fbc406d56282a987a878087ee8686fa3c05

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/27/2024 3:57:04 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Optional.Startup.R

14.3.28.18

File size:

4.3 MB (4,555,264 bytes)

Product version:

2.0.375.22299

Original file name:

GameCenter@Mail.Ru.exe

File type:

Executable application (Win32 EXE)

Language:

Russian (Russia)

Common path:

C:\users\{user}\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe

Digital Signature

Signed by:

LLC Mail.Ru

Authority:

Thawte, Inc.

Valid from:

12/9/2011 1:00:00 AM

Valid to:

2/7/2014 12:59:59 AM

Subject:

CN=LLC Mail.Ru, O=LLC Mail.Ru, L=Moscow, S=Moscow, C=RU

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

1C09DBBC732D4B58F7A88EBACF323417

File PE Metadata

Compilation timestamp:

1/31/2014 2:45:44 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:7xgPah55KxI26pmajbUux7xa+lDTmhzfkxirTqIGdrE:1gCEdajbUurLCzfkwrTqIN

Entry address:

0x1F4630

Entry point:

55, 8B, EC, 83, C4, F0, B8, F4, C5, 5E, 00, E8, E4, 60, E1, FF, A1, 5C, 9F, 5F, 00, 80, 38, 00, A1, 84, 9D, 5F, 00, 0F, 95, 00, E8, 8B, E5, FB, FF, E8, 12, 21, E1, FF, 8B, C0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

1.9 MB (2,043,392 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

GameCenterMailRu

Command:

"C:\users\{user}\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe" -autostart

The executing file has been seen to make the following network communications in live environments.

TCP:

Connects to 249.102.pppoe.mari-el.ru (77.40.102.249:53167)

TCP:

Connects to nat90.sevtelecom.ru (62.76.12.90:1250)

TCP:

Connects to nat-79-173-88-93.gtn.ru (79.173.88.93:6881)

TCP:

Connects to nat38.instalnet.com.pl (193.17.174.38:6881)

TCP:

Connects to jerboa-nas.kvant.if.ua (91.230.25.125:6882)

TCP:

Connects to inside-ip-115.astranet.ru (5.139.222.29:65417)

TCP:

Connects to host-2-60-43-46.pppoe.omsknet.ru (2.60.43.46:6881)

TCP:

Connects to host-2-60-35-132.pppoe.omsknet.ru (2.60.35.132:6881)

TCP:

Connects to host-2-60-18-248.pppoe.omsknet.ru (2.60.18.248:6881)

TCP:

Connects to dynamicip-46-0-64-36.pppoe.samara.ertelecom.ru (46.0.64.36:19367)

TCP:

Connects to dynamicip-188-187-1-216.pppoe.volgograd.ertelecom.ru (188.187.1.216:6881)

TCP:

Connects to ctvsvetl.donbass.com (92.242.96.126:1326)

TCP:

Connects to b-internet.176.49.182.43.nsk.rt.ru (176.49.182.43:6881)

TCP:

Connects to 94.244.162.177.nash.net.ua (94.244.162.177:6881)

TCP:

Connects to 92.16.117.87.donpac.ru (87.117.16.92:6881)

TCP:

Connects to 90.37.117.87.donpac.ru (87.117.37.90:6881)

TCP:

Connects to 89.16.117.87.donpac.ru (87.117.16.89:6882)

TCP:

Connects to 76.76.41.46.donpac.ru (46.41.76.76:6881)

TCP:

Connects to 7.53.114.188.donpac.ru (188.114.53.7:6881)

TCP:

Connects to 7.204.51.84.donpac.ru (84.51.204.7:6881)

Remove GameCenter@Mail.Ru.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.