» gamemanager.exe
Overview
Analysis
File Details
Downloads (1)

gamemanager.exe

MyGameManager

LuckyCityGames

The application gamemanager.exe has been detected as a potentially unwanted program by 10 anti-malware scanners. The program is a setup application that uses the Nullsoft Scriptable Install System installer, however the file is not signed with an authenticode signature from a trusted source. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. The file has been seen being downloaded from plants-v-zombies.vi.softonic.com.

File name:

gamemanager.exe

Publisher:

LuckyCityGames

Product:

MyGameManager

Version:

MD5:

10b1db8f01d9534a69014e0ee4393dbc

SHA-1:

f35c12a89678044e0c887fce85dbddffea6a062b

SHA-256:

96fdc5e2fb14b127d34bfc865598e0b6e9c230f2c0e24ef6952465cb49d99f08

Scanner detections:

10 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:

11/1/2024 11:22:45 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

avast!

Win32:Kukacka

160327-1

AVG

Win32/Slugin.A

2015.0.4542

Dr.Web

modification of Win32.Sector.5

9.0.1.05190

Emsisoft Anti-Malware

Gen:Win32.Sality.Dam

11.5.0.6191

ESET NOD32

Win32/InstallMonetizer.AN potentially unwanted application

8.0.319.0

Kaspersky

Packed.Win32.Katusha

15.0.0.562

McAfee

Virus.W32/Sality!dam

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.215.3133.0

VIPRE Antivirus

Threat.4650432

47926

File size:

1.3 MB (1,399,962 bytes)

Product version:

GameManager

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Scriptable Install System

Language:

Language Neutral

Common path:

C:\Documents and Settings\{user}\My documents\downloads\gamemanager.exe

File PE Metadata

Compilation timestamp:

12/6/2009 5:50:41 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:RQzHWk11HtGId7zpft9IIZo+xBw/b7g2XxPimkvL8mHFkj:bkV9zpft9/3zwTM2XxrP6e

Entry address:

0x30CB

Entry point:

60, 01, CD, 0F, A5, D3, 23, CF, FF, C6, 6A, 00, FF, 15, FC, 70, 40, 00, E8, 00, 00, 00, 00, 03, CD, 69, FE, 65, 94, 07, AE, 87, C8, 0F, AF, FE, 6A, 00, FF, 15, EC, 70, 40, 00, 5B, 81, C3, CE, 95, 82, 00, 18, D4, 0F, BD, D5, 0F, AF, C8, 81, EB, B0, 86, 79, 00, 0F, C1, C8, 87, C8, 15, CC, 5F, A6, D1, 53, 81, C3, 05, 0D, 00, 00, 0F, AD, D8, 0F, C9, C7, C1, 7C, 4F, D6, 41, 81, C3, E3, 0D, 00, 00, 8A, C6, 23, CF, 0F, CF, 81, EB, D2, 09, 00, 00, F2, 15, 4C, DF, 26, 51, 0F, BA, E0, 36, 53, 81, EB, E5, 0E, 00, 00... 
[+]

Entropy:

7.3799

Code size:

22.5 KB (23,040 bytes)

The file gamemanager.exe has been seen being distributed by the following URL.

http://plants-v-zombies.vi.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmaiHo6KlkZk=

Remove gamemanager.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.