gamemanager.exe

MyGameManager

LuckyCityGames

The executable gamemanager.exe has been detected as malware by 4 anti-virus scanners. The program is a setup application that uses the Nullsoft Scriptable Install System installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from pvsz042016.turbodisk.net.
Publisher:
LuckyCityGames

Product:
MyGameManager

Version:
2

MD5:
8e6fd9110489f4ef3a95674372f9551c

SHA-1:
bce9119e5ea4c1da04047e8ed8d113b7618623b9

SHA-256:
57ba2ccc8f28613efb3af80931ce47430e64d01d12c05b836551ddb666e5d5e8

Scanner detections:
4 / 68

Status:
Malware

Analysis date:
12/28/2024 11:29:35 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160518-2

AVG
Win32/Sality
2015.0.4604

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

File size:
1.2 MB (1,309,367 bytes)

Product version:
2

Copyright:
GameManager

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Scriptable Install System

Common path:
C:\Documents and Settings\{user}\My documents\downloads\gamemanager.exe

File PE Metadata
Compilation timestamp:
12/5/2009 6:20:41 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:Ij/tHWk11HtGId7zpft9IIZo+xBw/b7g2XxPimkvL8mHL:s/okV9zpft9/3zwTM2XxrPw

Entry address:
0x30CB

Entry point:
8D, 05, 99, BF, 4D, 03, 3D, 17, 83, 8C, 5A, 8A, C6, 68, 8A, BB, 01, 00, 8D, 35, C5, AA, 58, 71, 84, E4, 11, F2, 8D, 35, A2, 85, 61, 58, 57, 0F, AF, DD, 70, 06, F7, C3, 1B, C0, 55, 35, 30, F8, E8, 31, 00, 00, 00, 8B, EE, 32, DB, 8D, 05, 22, 8C, 01, E6, 69, D0, 2D, E3, 67, 7C, 31, FA, 56, 77, 11, F7, C7, D1, B1, EA, BB, BB, E7, CD, EB, 39, C7, C2, 9F, C1, 4B, 70, 59, 8D, 1D, 45, F4, BF, A5, 86, F2, 29, DF, F2, 69, D5, F1, D7, 4C, 39, 0F, AF, FE, FF, C2, 88, D5, 8B, EF, 8A, C3, 85, DF, 8D, 39, C6, C4, 53, 41...
 
[+]

Code size:
22.5 KB (23,040 bytes)

The file gamemanager.exe has been seen being distributed by the following URL.

Remove gamemanager.exe - Powered by Reason Core Security