garena+_install.exe

Garena Online Pte Ltd

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This file is installed with the program Garena - ELSWORD. The file has been seen being downloaded from www.ranchmetabits.com and multiple other hosts.
Publisher:
Garena Online Pte Ltd  (signed and verified)

MD5:
2619221f62ccb6a9f3077881f1654537

SHA-1:
5d01956ba6e5b09771183f6c156ebf7c8606f322

SHA-256:
9c261d9fe06e8a408221b8471f592f54807b0abfd20ad8279eb983c8dfccf980

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/23/2024 8:51:37 PM UTC  (today)

Scan engine
Detection
Engine version

Trend Micro House Call
HV_ZYX_.A0B9C4B5
7.2.124

File size:
70.6 MB (74,078,400 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\garena+_install.exe

Digital Signature
Authority:
Symantec Corporation

Valid from:
1/13/2015 1:00:00 AM

Valid to:
12/25/2017 12:59:59 AM

Subject:
CN=Garena Online Pte Ltd, O=Garena Online Pte Ltd, L=Singapore, S=Singapore, C=SG

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
4EEAD9745E9F68E71D871268ABF2041C

File PE Metadata
Compilation timestamp:
12/5/2009 11:53:13 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1572864:RWN65AE4bC7avWyeWaVmvx3ktNBzzz1xB/M9ExWEryTHJ+6k:RWY5hbavWQPx0tNBRJxMI6k

Entry address:
0x352F

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, B8, A7, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 80, 40, 00, 53, FF, 15, 88, 82, 40, 00, 6A, 08, A3, 98, 63, 42, 00, E8, D6, 2E, 00, 00, A3, E4, 62, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 88, 0C, 42, 00, FF, 15, 58, 81, 40, 00, 68, AC, A7, 40, 00, 68, E0, 5A, 42, 00, E8, DC, 29, 00, 00, FF, 15, AC, 80, 40, 00, BF, 00, C0, 42, 00, 50, 57, E8, CA, 29, 00, 00...
 
[+]

Entropy:
7.9999

Packer / compiler:
Nullsoft install system v2.x

Code size:
24.5 KB (25,088 bytes)

The file garena+_install.exe has been discovered within the following program.

Garena - ELSWORD  by Garena Online Pte Ltd.
About 3% of users remove it
 
Powered by Should I Remove It?

The file garena+_install.exe has been seen being distributed by the following 39 URLs.

http://www.ranchmetabits.com/GV8pUsQ2fS yKsGkMv0bfFGOmSOVxcLXLxY4i_8bem6L5uhxmdJft_39X9hkh8WwaeK4KRRJFAcQSaGVKl0O0GaauG6bW0rjT4PAFK4_6NcfomWPbIILb7urNOQ55O_RjVi9cbXY9rCVRapukdKOvtz6zPiYsIfWVllVCGj7l_OL87wZJn3LcU79ZokBYOczupNoGCR7o0Ebh7nPKrYU1SQ7IN3TXA==-GxEDAGTKLawsSPKIviOizQ0uC RgIgfsbTHEfBJ7bxx4ssbIzyIwzwIs1VTfOZguvKe63Z2n3g7j3 BwmA53jE3MY9B_3K8ZD_Kket2JdO7kX8sd9BkzmRYgVhbDFUYX3MjPv2Z4eIeRlb8fXHr6MzU_pq6STCMGVIKhuGkJo9xlH8Jzi p7rQoSyGPkrak6fTZji4l43s2LDOVUcWa 2BAvREsEkt6l2UcK5WOwvlmCRyQ1hARwXKjgxbg_H_KxuwkfI pIucTLfS6R3ts1G0vb4kzfOYG1cAGiAfwR8 YZZj5bFU8DkQN_si 1qDwgpu8h5jUo803KgFqsDoSHMdkWG0THce0xEubBNYaGi8pDMj4D1XhGR8x9prv7mBHdO EKeryjKbzqKzBxIqJWW2YNKOEcaiWqabaUI 5PZVFz6hJOn2i3JRaqhDQqkhAzT6tc 2XSl Qmnf0Qs12_LLW0JrhGINUvNh5Da1pjwlCDNB4F4xPNmIk0FDWdXYiO45JBSGOyjGBFu16wtUS6bG7p4FR9yiPSfpBQO9sC22sTrdEIBZwVThOypw41_LBInegIRF2x ETZENmXzvEl2H09BvUaRFhfQ6WCwrN8tVFevBZ83M ge6K6J42vQCECCF OMoVKJ34J2bTUcSjMpisUlFUcuUPP69k17YjjY6Igw8brPEtAcGE24oOUHzN1KfIsvsMQ_d7XnzKMs6zsbUn4_Z5lqLDc9eCa57pakD

http://www.ranchmetabits.com/ZUxRjy1UKK5bJhvIs1kJZ7QYXYNw_ir_hFVP7vD4LERLoBVw3Bru9gn5k3FVtjuYBW8gz8JXqwJxiWzr6Kc_nwhC_dDKAyQN eghMrh3AsX8MnZPv_nlDHE_O8KhEtWQEZoL4d8ZnBakhzufRBrtrYXYBhdrQy825Kw_7Qu8UvXRSBgybhxwQDRIVyc0IR0zKC62Ki1teV7hqELTtu2v_2saux59Qw==-GxEDAGT6bfIx8AXRKCJjhXN5yICJHLC3xRDzSey9ceDJGiM_i8A88nMux rKzhHgPRXfuWYD7asm5tFcQTcOobj C1gAfPQ7UAKgNPBdzZdpQhoyNq0zvF7fmJS7ujLyUGOytnmF8bIKYmy0VpHdpBxmNAM4egepzv7sRRD073NkEWCa HC5IO4qMgr0A1rXC0k2pQwWt3PvL9YUmuA5mabDnJwBy5WSxtp5nZNKHFFrk_dzjFJpLZOeFolAf1lKwFdcMfM_KEVsBrFm_rR7 GXnVMbpC1v6vp8KwwtlI6te6KS6AIf0K33u w5mgOxdLNTMMgr_Eol5GKO7D7FR0yAw5KLbEjP3aHFi3K_ZI2K5kjLn tjCEzenCnljPW8BcnOcZNRhtXp8LGKeX5k4 jbSw 1BX23aqMZlH90M2a41ojCWwdN8JMyDtpAyPCupBE0tcWMqa_UDSOBjiXIlZa5WBQAqEMbO2g8dxk2fmZ_iOBsukxdTC4Hk2Lz0diEbVJWo_SycXaSE_V7bwPNJtpOAzhPfhzpxRhFcYMSM_NULG3vKEVPtGWb6me7dmIKFcjzvOvByAqJJATUz0zCvcBvf3lWL2Rc3zaTrhxZIBCpIDUX6Uicuh_amzQ2_4wiVq4g_Hq59MSUyWJy7n8DL_RpIiAjlK4I fK7krMKAVCnTcwG1Xcmoddz7COpS_Qbhaoe1iMi_KX yjDOsrK3fsL3PYpQYTlw45rnulqQ1K

http://www.downloadpresentcity.com/cFsv L8E_KYeVjaGeC0qYQzruNMUydBi59mPv4hRNc0dDx8PROacEvo2CPKo2K32ZjSlaFKNyQm_XrfjykevBqSUGW8gJm O1aryk oF2p23e2FtipZiGEddIRvcgp5hPykNUOHtEFwraVCeqOrdH4H65bktrBIHZhQTQJCoELti4L0y17U=-GxEDAGQop3s gkQMPCK2Da52bdRhIgfsbTHEfBJ7bxx4ssbIzyIwp9vSPmq4Xpd6xnsqqLKGW3UbigbbG_aNL5PJSg62QkbDPrKxMzq0iKJI1s3zerPcA1bkc0kgygEsw7RsetMzeYAbmpYU10n3KUf7EgndMly LY2UjAbnHWMUUGEVcieyhUTZoqlC05CPnA2jtaQRvqFUG_ihTzd3jMj9RnjgGbEa3sFoYJOK1LZIU4NoJ4RLCpog92yRA0jDcHknxYTDOm8Svc4ETy2 T8fTCTL6zrTsqNNBnk5Fr4mw9V PAqH6oi1zIi25onoBzfRwEA8sRJrOpB6b18H0JZqHsUZmf17Juno eVjM1LflumRqBUtbspuDZDtIBPQJ6j7hwenl5HBnmAnSoQ_MSJnqvEr4Fb5KlIM6fnMwI9mpZdYb_ykrLVDt47qGOb_L dxodSyIO_MmCtiTEDOmQONwss WovC48RHaFaHByWbGUwqy1vjDW 4v4plM9WxLO23WLr0jUZUZq1EeYPVYQCF6OgjV jpTmXrrHZ50A9wh8aSfy95eiLQg9sNNy_MWTbMgRgGIRf_ rRALL2fAjULjwYS8_ohGUnLiOd3sIR2DMeEcRNpeMyyN0YzvyBu m5H2rM5HuElOMToMLtm8jRh9SlveXFR7XeoI0KmjGLqcy1b_rdqH4gH8XTGCEdx6Ag9vkmN4xTiIt3Uehc8KSnKc4vdpdJ7TPVI5ft5I3fc8PcyenHVbDFOZb4_MXubMlCdeXtF6jrfK7NpU

http://garena.th.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fl5-NoJ6imZ0=

http://garena.th.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fl5-PoKKolZs=

http://www.ranchmetabits.com/hVUnZvALxVp_BWtjZTQ0t2lJdz1kzpQydpZqaoIGq f9u6nZH1DPjPHosuoh_MXQhDICgxNML2kYRD6tiIsy7M6O4WK2NCeX0U3ZIaJBpDQshUb8Ip1xXxBmStc1sDxcvWjqi7sJ9kPiLJgGm3QaXCwyqhpydhTIoBFyCJnyzwR dC3eFTk=-GxEDAGTIbTQO8U8IwljiEXVS50KmpAATOWBviyHmk9h748CTNUZ FoG5JNuQdfkeb92K91Q89aAN5AE7nvoAms37VbhrNZy1vku0ni5zfLBjg2UPadAIUnaFV95KAV5or4M0xIzxe550sdoEBVzhhrfxNaCa4kQKSmSzPdLjxGkp7Dl8G6QAT_savT04YgKsmVAkfxgVLO jPy0jFXmlCvVtfOr sNmEtOKWRQcJXZ_wGy8fmg4JUG WbazQVAYL1PPYxCZZeaEay3fwZjc55UTZJF1R0L451HWKgQVV5w11wGJX cTSH2BSmyUMdbEJvzc9DV8ZoaY4pV02xtBI1nPixCy4izVr3TLMYgr1rG_oVFJ7qTUQFDVvc0ZNCbBHpwNQ3QVlp9kxWMr7eNzVgj8wnMsYbRUmyvphD3Wljyo9KmY5uVrgDLwnwYD55DLNvjUSh9 GPkzMparttzqYFhaHcLQtW KRPJsd0fd93SV0h4pNDcvQZPwsDNpEpUt5QK3JVQ_cpLohWPGx ipbL fYvfy83duYEaDD wr3UoKQOdGr_EZV6SfjMT_mqX_vg1CKuqnsgy2206Jx1V0uvWXAmOEhqab SJ5 Y8E9cJfXgPY3 qlYjo_Bdx4bup8 fp_cR_ljuxtu5dOkuxdLvtrcJK2ZvtApHwwLVyc ntRpD4Io_LChwZTjxyfeXUsARieJT4YpV1oQSdC Xn9P7MZxTzgF7nUtqQs4fj1uCrRtxUEFpyebqj3XJEPGtiJNWnhpx7rVO1ptSUbNWcHlTu

http://www.downloadpresentcity.com/nljN8PHK63JoL4J4HYCwjQWh0qxYjY5K5R1jUmaRaAbJJHkE_M8VVVatOxFasF8x0TrbIAjbt6tyhdDuRr42akqT3Q21P3eptfsknT3HpffqcmviDHWXwRlfri2QkidUUX_CNAyX5nDGh3wqCf3iXJUArAZpShCiZVL2y4qbAxSTAZrVgunIvkRWDYajkP6HHaRoGNiy1YAgKs8nEcTnG3XckWZ_7Q==-GxUDAGSoW_wfD17Q6_0cFcuygUtE7AAmcsDeFkPMJ7H3xoEna4z8LAJzTfYh6_JvvHcb3lsNzeIIyi08v7Hbm_bph9pLhlIpGOq81D59QQIZJtsOBf2Nf3jTWJxsWvV4ZTXFtmv_cmQGPtG7xBRBIrcYqBCwN_cQxQBcda pIEAYAIvdq3UhJo4Bp_l58xGiiyXVyClQ2t9sf6rfYV 7QIfkIZDewNP952NPx7M8QN O50ZtCrdcnk5tzEd6z_Ykt6RwxioicLS6M09Mb20 P64niyZOyoUNhfPHUrj7lDk2Ya vxcbvMYUG7_XUgwnQZukJ SxWseG8FOZ5 vtB1LmkJKr bG 1gRm9xGueNdIOZbw_uNSbxxFMJL4EWaDOK5oucj6gBqP0sXa JnINA1MnmXbCnkGy5QmUsauXgkDX6PUBofw Lb90afz0072qEQqqrCFe5hYoZlF7qNADGwFHYEjEomGgVV0wW7gyON5ykWNhoN7yyR_STatOppus1jgJinUOCnoN6SMjBKsIXGSfmGyTmYLBigPmJhrCrnspoK5RfsDPrGxlxyQ6tnjXHZJhMzEcVEfVhvM0se9Dya9L0ZFt8qD_fcUwsE75pYCJpOOvUmo3JyaM oUH7 drAUKVZe3HlMjB3fl a eWtqzH7c1VOzRZZk2spSWg4tghzkKnYAPi7pkTSaSYZ4uhL zn7ZsYocHHQfOhTu njJIAWM49wxhrEIzN

http://garena.th.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fl5-Lo6Gml50=

http://www.vaultsfarmhosting.com/AkF5L3NneRrJZlmxTi3vLlvlk9wYsZ6T48pQgwySUyXUGdwNFU4fAoiU3Ek2 Upgu857WyCHCwNf0BtGRtqSGYv5wWbIJV tBRYvToXA fYDqrb hz2xXI04Nou NLaZEJculh2cTHaFmwHVrN1fK5zW7ZNiR8RgSaMZXCyxffbuwmrejxEQpC4VKf8fPDZK7sAGDVgNKWk6OrrkW2aIbqKR6Dd5BLqzoYP6CqRyopqT dUIEmAEXCxgEav4Xg7VFaMldKeOkaaPGKfCWDsL3jenkj1KKQyYN_Z4aF9NjsoFfvsLntH6vfxkeYmJ1SlTixEHEHF y1GV_aBqLVHM7lsM6u0Y i8H2ISKsuQNgYH6AuqdkhZBeRU45KGbi8F0VrIv9irDCJNazmegQxQWWTd5tOeDZlDfdItnwjGXusJHLr43cK__Eip9Yf_0brflltC2h7BvE2IBTgF 4g8KOhpkSheAfBx6AAeXkzGBD1vR _T3dNQMGvb0 6QbxE7Bizt0M3KySyMC5fEII5FtOhFORd_itD7NTzu1IrPUyfmDacMTK78dBiL0ekBYoeMb7YQJwkfRd6VN2STOTj0ozOnXkmEWPnMAsnRR0l09_mXb9cy MwU=-G04AAORNd15OnZLrOw2siJKRBMEGHDglFBAlNt_ABq6occ29bZGXP1sB llSSyGriSgRM0ZiR GTbqsBD1pEBxz RjrM 6sWfwA=-e

Latest 30 of 39 download URLs

Scan garena+_install.exe - Powered by Reason Core Security