gametopcomhewlettpackard.exe

The application gametopcomhewlettpackard.exe has been detected as a potentially unwanted program by 16 anti-malware scanners. It runs as a windows Service named “GameTopcomHewlettPackard”. While running, it connects to the Internet address server-54-192-75-79.hkg50.r.cloudfront.net on port 80 using the HTTP protocol.
MD5:
a8fdc6db7498f54b6eb67b038a06e016

SHA-1:
f6397e3c073007fe8a16aa5450a93cdc44bff50c

SHA-256:
9f43849f63f990b0c21c4030986cc84131474df76a6dcdf4702f2fadd06bde92

Scanner detections:
16 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 4:37:10 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Rootkit-gen [Rtk]
2014.9-161005

AVG
Generic_r
2017.0.2600

Comodo Security
TrojWare.Win32.Suweezy.B
25858

ESET NOD32
Win32/Adware.Agent.NRI application
6.3.12010.0

Fortinet FortiGate
Malware_Generic.P0
10/5/2016

F-Secure
Trojan.GenericKD.3567206
5.15.154

G Data
Win32.Trojan.Agent.840GEG
16.10.25

K7 AntiVirus
Adware
13.241.21053

Kaspersky
Trojan.Win32.AdLoad
15.0.2.529

Malwarebytes
PUP.Optional.Elex
v2016.10.05.01

McAfee
Adware-SEasy
5600.6256

NANO AntiVirus
Trojan.Win32.AdLoad.egrddg
1.0.38.11822

Trend Micro House Call
TROJ_GEN.R023C0PIS16
7.2.279

Trend Micro
TROJ_GEN.R023C0PIS16
10.465.05

VIPRE Antivirus
Adware.SEasy
52708

ViRobot
Trojan.Win32.Z.Seasy.177664[h]
2014.3.20.0

File size:
173.5 KB (177,664 bytes)

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\Program Files\hewlett-packard\gametopcomhewlettpackard.exe

File PE Metadata
Compilation timestamp:
9/23/2016 1:48:08 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
3072:GtbnI7CbkogNocyiZsG0H8Qw+x7Y1Wi8:Gt3bJbcVLsi

Entry address:
0xBF3A

Entry point:
E8, 87, 35, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, FF, 15, C0, D0, 41, 00, 6A, 01, A3, C4, 93, 42, 00, E8, D4, 3A, 00, 00, FF, 75, 08, E8, 69, 3A, 00, 00, 83, 3D, C4, 93, 42, 00, 00, 59, 59, 75, 08, 6A, 01, E8, BA, 3A, 00, 00, 59, 68, 09, 04, 00, C0, E8, 37, 3A, 00, 00, 59, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, 5B, C2, 00, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, A8, 91, 42, 00, 89, 0D, A4, 91, 42, 00, 89, 15, A0, 91, 42, 00, 89, 1D, 9C, 91, 42, 00, 89, 35, 98, 91, 42, 00, 89, 3D, 94...
 
[+]

Entropy:
6.2729

Code size:
111 KB (113,664 bytes)

Service
Display name:
GameTopcomHewlettPackard

Type:
Win32OwnProcess, InteractiveProcess


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-230-150-62.sin2.r.cloudfront.net  (54.230.150.62:80)

TCP (HTTP):
Connects to server-54-230-150-93.sin2.r.cloudfront.net  (54.230.150.93:80)

TCP (HTTP):
Connects to server-54-192-159-176.sin3.r.cloudfront.net  (54.192.159.176:80)

TCP (HTTP):
Connects to server-54-192-159-92.sin3.r.cloudfront.net  (54.192.159.92:80)

TCP (HTTP):
Connects to server-54-192-159-30.sin3.r.cloudfront.net  (54.192.159.30:80)

TCP (HTTP):
Connects to server-54-230-0-162.lhr5.r.cloudfront.net  (54.230.0.162:80)

TCP (HTTP):
Connects to server-54-192-233-92.nrt12.r.cloudfront.net  (54.192.233.92:80)

TCP (HTTP):
Connects to server-52-85-151-116.hkg51.r.cloudfront.net  (52.85.151.116:80)

TCP (HTTP):
Connects to server-54-192-75-79.hkg50.r.cloudfront.net  (54.192.75.79:80)

TCP (HTTP):
Connects to server-54-192-159-15.sin3.r.cloudfront.net  (54.192.159.15:80)

TCP (HTTP):
Connects to server-54-230-150-180.sin2.r.cloudfront.net  (54.230.150.180:80)

TCP (HTTP):
Connects to server-54-192-233-219.nrt12.r.cloudfront.net  (54.192.233.219:80)

TCP (HTTP):
Connects to server-54-192-159-244.sin3.r.cloudfront.net  (54.192.159.244:80)

TCP (HTTP):
Connects to server-54-192-25-230.mxp4.r.cloudfront.net  (54.192.25.230:80)

TCP (HTTP):
Connects to server-54-192-25-109.mxp4.r.cloudfront.net  (54.192.25.109:80)

TCP (HTTP):
Connects to server-54-192-233-127.nrt12.r.cloudfront.net  (54.192.233.127:80)

TCP (HTTP):
Connects to server-54-230-191-55.maa3.r.cloudfront.net  (54.230.191.55:80)

TCP (HTTP):
Connects to server-54-230-0-118.lhr5.r.cloudfront.net  (54.230.0.118:80)

TCP (HTTP):
Connects to server-54-192-25-72.mxp4.r.cloudfront.net  (54.192.25.72:80)

TCP (HTTP):
Connects to server-54-192-25-148.mxp4.r.cloudfront.net  (54.192.25.148:80)

Remove gametopcomhewlettpackard.exe - Powered by Reason Core Security