home

gamecenter@mail.ru.exe

Игровой центр@Mail.Ru

Mail.Ru Games LLC

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘GameCenterMailRu’.
Publisher:
LLC Mail.Ru  (signed by Mail.Ru Games LLC)

Product:
Игровой центр@Mail.Ru

Version:
3.0.1171.32758

MD5:
bedbffa38d108c0527c0a21513445e8d

SHA-1:
fea907695c55c29bb70a06e170f9929ab929470a

SHA-256:
566040249d66139f3b758da2918d66ccf995f87f68594f25f9441c4179ff723b

Scanner detections:
3 / 68

Status:
Clean  (3 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
11/27/2024 3:37:14 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
W32/Virut.Gen
7.11.30.172

Dr.Web
MULDROP.Trojan
9.0.1.036

Rising Antivirus
PE:Malware.RDM.49!5.37[F1]
23.00.65.16203

File size:
5 MB (5,234,048 bytes)

Product version:
3.0.1171.32758

Copyright:
Copyright (C) 2016 LLC Mail.Ru

Original file name:
Игровой центр@Mail.Ru.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe

Digital Signature
Signed by:
Mail.Ru Games LLC

Authority:
Symantec Corporation

Valid from:
1/16/2015 3:00:00 AM

Valid to:
1/16/2018 2:59:59 AM

Subject:
CN=Mail.Ru Games LLC, O=Mail.Ru Games LLC, L=Moscow, S=Moscow, C=RU

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
4B1583785609B4EDF9AFA914E471CA0C

File PE Metadata
Compilation timestamp:
2/5/2016 2:20:17 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:ec05mRcjw/Jhy/uOtU/qxQLUw3c0ZSO/1bex:e5mRcehy/RYqOp33Z/1bex

Entry address:
0x2C4940

Entry point:
55, 8B, EC, 83, C4, F0, B8, B4, 80, 6B, 00, E8, 3C, 5E, D4, FF, A1, 58, BA, 6C, 00, 80, 38, 00, A1, B4, B7, 6C, 00, 0F, 95, 00, E8, 5B, 2B, F8, FF, E8, 96, A3, D6, FF, E8, C5, 1C, D4, FF, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
2.8 MB (2,894,848 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
GameCenterMailRu

Command:
"C:\users\{user}\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe" -autostart


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to dl18.ext.terrhq.ru  (188.93.63.129:80)

TCP (HTTP):
Connects to dl27.ext.terrhq.ru  (178.22.88.109:80)

TCP (HTTP):
Connects to mail.ru  (178.22.89.142:80)

TCP (HTTP):
Connects to dl26.ext.terrhq.ru  (178.22.88.106:80)

TCP (HTTP):
Connects to dl25.ext.terrhq.ru  (178.22.88.105:80)

TCP (HTTP):
Connects to dl3.ext.terrhq.ru  (188.93.63.124:80)

TCP:
Connects to 60.67.41.31.clients.uainet.net  (31.41.67.60:6882)

TCP:
Connects to 128-74-44-178.broadband.corbina.ru  (128.74.44.178:6881)

TCP:
Connects to PPPoE-78-29-94-226.san.ru  (78.29.94.226:6881)

TCP:
Connects to pppoe-170.ru-gigabit.net  (31.210.170.252:6881)

TCP:
Connects to ppp78-37-213-240.pppoe.avangarddsl.ru  (78.37.213.240:6881)

TCP (HTTP):
Connects to p2p.dl.mail.ru  (178.22.88.72:80)

TCP:
Connects to net-2-42-37-135.cust.vodafonedsl.it  (2.42.37.135:6881)

TCP:
Connects to net156.233.188-58.ertelecom.ru  (188.233.156.58:6881)

TCP:
Connects to ip-46-73-129-140.bb.netbynet.ru  (46.73.129.140:6881)

TCP:
Connects to host-86.net209.sol.az  (188.227.209.86:6881)

TCP:
Connects to host-46-63-201-73.stv.ru  (46.63.201.73:6881)

TCP:
Connects to host-46-250-124-15.la.net.ua  (46.250.124.15:6882)

TCP:
Connects to host-32-135.podolsknet.ru  (176.109.32.135:6881)

TCP:
Connects to dynamicip-37-113-170-98.pppoe.chel.ertelecom.ru  (37.113.170.98:6881)

Scan gamecenter@mail.ru.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.