home

garenaplus_install.exe

Garena Online Pte Ltd

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This file is installed with multiple programs including Garena - Heroes of Newerth. The file has been seen being downloaded from www.garena.my and multiple other hosts.
Publisher:
Garena Online Pte Ltd  (signed and verified)

MD5:
f67eed0f0dd4123f44775ecf57d7a1df

SHA-1:
e99205b415c22008525f150daee5e56170170454

SHA-256:
632559629ccc4b2bd56a334b74d2024773862e6e733752622cc48228d680e67b

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
12/27/2024 3:04:05 AM UTC  (today)

Scan engine
Detection
Engine version

Trend Micro House Call
HV_ZYX_BK083510.TOMC
7.2.78

File size:
56.5 MB (59,282,880 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\ProgramData\garenamessenger\updatemanager\garenaplus_install.exe

Digital Signature
Signed by:
Garena Online Pte Ltd

Authority:
VeriSign, Inc.

Valid from:
10/18/2011 8:00:00 AM

Valid to:
11/3/2014 7:59:59 AM

Subject:
CN=Garena Online Pte Ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Garena Online Pte Ltd, L=Singapore, S=Singapore, C=SG

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2880A7F7FF2D334AA08744A8754FAB2C

File PE Metadata
Compilation timestamp:
12/6/2009 6:53:13 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1572864:nWN65pfWkNlctavWy0nTKpmvx3ktNjghdUuD9M/NLExr9n960O:nWY5pfWycavWNTfx0tNfuDAZwZO

Entry address:
0x352F

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, B8, A7, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 80, 40, 00, 53, FF, 15, 88, 82, 40, 00, 6A, 08, A3, 98, 63, 42, 00, E8, D6, 2E, 00, 00, A3, E4, 62, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 88, 0C, 42, 00, FF, 15, 58, 81, 40, 00, 68, AC, A7, 40, 00, 68, E0, 5A, 42, 00, E8, DC, 29, 00, 00, FF, 15, AC, 80, 40, 00, BF, 00, C0, 42, 00, 50, 57, E8, CA, 29, 00, 00...
 
[+]

Entropy:
7.9999

Packer / compiler:
Nullsoft install system v2.x

Code size:
24.5 KB (25,088 bytes)

The file garenaplus_install.exe has been discovered within the following programs.

Garena - Heroes of Newerth  by Garena Online Pte Ltd.
Heroes of Newerth is a video game distributed through the Garena platform.
hon.garena.com
About 7% of users remove it
Garena - League of Legends  by Garena Online Pte Ltd.
League of Legends is a multiplayer online battle arena video game where players are formed into two teams of five Champions. League of Legends is a session-based game. Matchmaking creates teams with even average MMR (Matchmaking Rating) of the constituent players.
lol.garena.com
About 1% of users remove it
Garena - PerfectWorld EN  by Garena Online Pte Ltd.
PerfectWorld is a video game distributed through the Garena platform.
pw2.garena.com/landing/sow/index.html
About 5% of users remove it
Trials Evolution Gold Edition  by Ubisoft
Publisher's description - “Trials Evolution: Gold Edition marks the Trials franchise’s triumphant return to the PC gaming platform. RedLynx’s signature franchise, the Trials series first made its mark in gaming with the 2008 release of Trials 2 SE for the PC.”
support.ubi.com
7% remove it
 
Powered by Should I Remove It?

The file garenaplus_install.exe has been seen being distributed by the following 3 URLs.

http://www.garena.my/im_download/?url=http://cdn.garenanow.com/im/.../GarenaPlus_Install.exe&lang=English_Version

http://intl.garena.com/im_download/?url=http://cdn.garenanow.com/im/.../GarenaPlus_Install.exe&lang=English_Version

http://pf.phpnuke.org/s/1381489461/en/2/.../232797-1792128-garena-plus.exe

Scan garenaplus_install.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.