home

garena-plus.exe

Garena Plus

The file garena-plus.exe has been detected as a potentially unwanted program by 4 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. The file has been seen being downloaded from garena-plus.th.softonic.com and multiple other hosts.
Publisher:
Garena Plus

Product:
Garena Plus

Version:
2

MD5:
55e3c25ec03b5bf33197932a420cae9b

SHA-1:
8d1ddcb80d1e912cb6f9e9152b80e9ee4b6280e2

SHA-256:
761dc3fee3f77b81facea0762d6a2003f26ea13eccbc088516e90d19ea061bb2

Scanner detections:
4 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:
11/1/2024 11:33:37 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

avast!
NSIS:InstMonetizer-CA [PUP]
2014.9-160322

ESET NOD32
Win32/InstallMonetizer.AN potentially unwanted
10.13210

Microsoft Security Essentials
SoftwareBundler:Win32/Stallmonitz
1.1.12505.0

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.4

File size:
1.2 MB (1,240,778 bytes)

Product version:
2

Copyright:
Garena Plus

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\garena-plus.exe.part

File PE Metadata
Compilation timestamp:
12/5/2009 8:50:41 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:NZHWk11HtGId7zpft9IIZo+xBw/bwg2XxPimkvL8BHm:ykV9zpft9/3zwTx2XxrPs

Entry address:
0x30CB

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

The file garena-plus.exe has been seen being distributed by the following 36 URLs.

http://garena-plus.th.softonic.com/start-download/.../8d64f57933fe81d83209af862269ea1a

http://garena-plus.th.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmaeOn52fkpk=

http://garena-plus.th.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmaiKp5yjk5o=

http://garena-plus.th.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmaiMp5ynkpw=

http://garena-plus.th.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmaiLn5-gmJQ=

http://garena-plus.th.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmaiJoqGilJQ=

http://garena-plus.th.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmaiLoJ2jk5U=

http://garena-plus.th.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmaiNoqOnlZk=

http://garena-plus.th.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmaeNp6SilZY=

http://garena-plus.th.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmaePoaWmmpg=

http://garena-plus.th.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmaiJop6nlZg=

http://garena-plus.th.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmaeOp6OfkZc=

http://garena-plus.th.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmaiNnqCkmpo=

http://garena-plus.th.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmaiNpaComZs=

http://garena-plus.th.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmaiLoKOkkZs=

http://garena-plus.th.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmaiOpKCjlpQ=

http://garena-plus.th.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmaeOoqWhlpQ=

http://garena-plus.th.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmaiMoKGgkZc=

http://garena-plus.th.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmaiOoaKjkZs=

http://garena-plus.th.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmaiOpJ2ol5k=

http://garena-plus.th.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmaiKo6ComJs=

http://garena-plus.th.softonic.com/start-download/.../386c4881576d0dc31366d8ebf2790822

http://garena-plus.th.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmaiLp6KnkpQ=

http://garena-plus.th.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmaiOpaChkZo=

http://garena-plus.th.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmaiOo52nk5Y=

http://garena-plus.th.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmaiIoqCklpg=

http://garena-plus.th.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmaiMpqCklZk=

http://garena-plus.th.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmaiLoKWol5w=

http://garena-plus.th.softonic.com/start-download/.../8d64f57933fe81d83209af862269ea1a

http://garena-plus.th.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmaiJoqWfmZQ=

Latest 30 of 36 download URLs

Remove garena-plus.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.