garenaplus_install.exe

Garena Online Pte Ltd

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This file is installed with multiple programs including Garena Plus and Garena - Heroes of Newerth. The file has been seen being downloaded from www.garena.in.th and multiple other hosts.
Publisher:
Garena Online Pte Ltd  (signed and verified)

MD5:
69559e276a434b80ba93dfd0eb56c334

SHA-1:
484fff1794d8d172182851018330bc2f7ff2d0fb

SHA-256:
17a188370ad9a280097bd91b4ac6223293bfdd574122297d94d555659e5ffef5

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/23/2024 7:07:31 PM UTC  (today)

Scan engine
Detection
Engine version

Trend Micro House Call
HV_ZYX_BK083510.TOMC
7.2.35

File size:
62.8 MB (65,893,424 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\ProgramData\garenamessenger\updatemanager\garenaplus_install.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
10/18/2011 8:00:00 AM

Valid to:
11/3/2014 7:59:59 AM

Subject:
CN=Garena Online Pte Ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Garena Online Pte Ltd, L=Singapore, S=Singapore, C=SG

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2880A7F7FF2D334AA08744A8754FAB2C

File PE Metadata
Compilation timestamp:
12/6/2009 6:53:13 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1572864:6WN65LbIgrcghavWy3EKSmvx3ktNYKojelYDdBkq+Vh90Cr96xnIfYte/:6WY5fIkavW+x0tNeOYsn+nIgtE

Entry address:
0x352F

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, B8, A7, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 80, 40, 00, 53, FF, 15, 88, 82, 40, 00, 6A, 08, A3, 98, 63, 42, 00, E8, D6, 2E, 00, 00, A3, E4, 62, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 88, 0C, 42, 00, FF, 15, 58, 81, 40, 00, 68, AC, A7, 40, 00, 68, E0, 5A, 42, 00, E8, DC, 29, 00, 00, FF, 15, AC, 80, 40, 00, BF, 00, C0, 42, 00, 50, 57, E8, CA, 29, 00, 00...
 
[+]

Entropy:
7.9999

Packer / compiler:
Nullsoft install system v2.x

Code size:
24.5 KB (25,088 bytes)

The file garenaplus_install.exe has been discovered within the following programs.

Garena - Heroes of Newerth  by Garena Online Pte Ltd.
Heroes of Newerth is a video game distributed through the Garena platform.
hon.garena.com
About 7% of users remove it
Garena - League of Legends  by Garena Online Pte Ltd.
League of Legends is a multiplayer online battle arena video game where players are formed into two teams of five Champions. League of Legends is a session-based game. Matchmaking creates teams with even average MMR (Matchmaking Rating) of the constituent players.
lol.garena.com
About 1% of users remove it
Garena Plus  by Garena Online Pte Ltd.
The Garena Plus application developed for various games distributed by the comapny allows gamers to develop buddy lists, chat with friends online and check on game progress and achievements.
www.garena.com
About 2% of users remove it
 
Powered by Should I Remove It?

The file garenaplus_install.exe has been seen being distributed by the following 6 URLs.

http://www.garena.in.th/im_download/?url=http://cdn.garenanow.com/im/.../GarenaPlus_Install.exe&lang=English_Version

Scan garenaplus_install.exe - Powered by Reason Core Security