home

GPlayer.exe

EXETender Client

Exent Technologies Ltd.

The application GPlayer.exe by Exent Technologies has been detected as a potentially unwanted program by 3 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Exetender’. This file is typically installed with the program Free Ride Games Player by Exent Technologies. While running, it connects to the Internet address a.tribalfusion.com on port 80 using the HTTP protocol.
Publisher:
Exent Technologies Ltd.  (signed and verified)

Product:
EXETender™ Client

Description:
EXETender Player

Version:
07.03.32.00

MD5:
730074bf850c4bdb4f68641ce4033a2e

SHA-1:
a61a435e05231ed1d5093f280150992dfbcb8f87

SHA-256:
7ac8ca228efe10281b7a290dacdb5a4c3dc97c91f4d2b043296268308d27601b

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
11/16/2024 12:01:03 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
HW32.Stranact
1.3.0.4246

Boost by Reason
Optional.Startup.ExentTechnologies.H
188861

Reason Heuristics
PUP.Startup.ExentTechnologies.H
14.3.28.18

File size:
4.7 MB (4,895,192 bytes)

Product version:
07.03.32.00

Copyright:
Copyright © 1996-2010 Exent Technologies Ltd. All rights reserved.

Original file name:
GPlayer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\free ride games\gplayer.exe

Digital Signature
Signed by:
Exent Technologies Ltd.

Authority:
VeriSign, Inc.

Valid from:
3/30/2011 3:00:00 AM

Valid to:
4/20/2014 2:59:59 AM

Subject:
CN=Exent Technologies Ltd., OU=R&D, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Exent Technologies Ltd., L=Petah-Tikva, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
050462494E0565D5FACB8034FF1521E4

File PE Metadata
Compilation timestamp:
8/30/2012 5:14:37 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:apCKK3HUa9RQn3PNuHh7hl5fJFRIpBO4W8PCedmT+:ap/KXU42naiO47

Entry address:
0x1FB8A4

Entry point:
55, 8B, EC, 6A, FF, 68, 80, 68, 78, 00, 68, 88, E5, 5F, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 2C, 34, 77, 00, 33, D2, 8A, D4, 89, 15, BC, 83, 85, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, B8, 83, 85, 00, C1, E1, 08, 03, CA, 89, 0D, B4, 83, 85, 00, C1, E8, 10, A3, B0, 83, 85, 00, 6A, 01, E8, EB, 62, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, C2, 00, 00, 00, 59, E8, 96, 60, 00, 00, 85, C0, 75, 08, 6A, 10, E8, B1, 00, 00, 00, 59, 33, F6, 89, 75...
 
[+]

Entropy:
6.5923

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
3.4 MB (3,612,672 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Exetender

Command:
"C:\Program Files\free ride games\gplayer.exe" \runonstartup


The file GPlayer.exe has been discovered within the following program.

Free Ride Games Player  by Exent Technologies
Publisher's description - “FreeRide Games, operated by Exent, is the only 100% free online destination providing more than 400 premium full-download PC casual and online games. FreeRide Games remains the only website of its kind.”
55% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a.tribalfusion.com  (204.11.109.67:80)

TCP (HTTP SSL):
Connects to edge-atlas-shv-01-mxp1.facebook.com  (31.13.86.1:443)

TCP (HTTP):
Connects to ec2-52-18-163-110.eu-west-1.compute.amazonaws.com  (52.18.163.110:80)

TCP (HTTP SSL):
Connects to a104-106-96-7.deploy.static.akamaitechnologies.com  (104.106.96.7:443)

TCP (HTTP):
Connects to tags.expo9.exponential.com  (204.11.109.75:80)

TCP (HTTP):
Connects to a88-221-145-16.deploy.akamaitechnologies.com  (88.221.145.16:80)

TCP (HTTP):
Connects to a104-69-67-140.deploy.static.akamaitechnologies.com  (104.69.67.140:80)

TCP (HTTP SSL):
Connects to edge-atlas-shv-01-cdg2.facebook.com  (179.60.192.10:443)

TCP (HTTP):
Connects to ec2-54-243-142-242.compute-1.amazonaws.com  (54.243.142.242:80)

TCP (HTTP):
Connects to a88-221-113-58.deploy.akamaitechnologies.com  (88.221.113.58:80)

TCP (HTTP):
Connects to a23-65-198-154.deploy.static.akamaitechnologies.com  (23.65.198.154:80)

TCP (HTTP):
Connects to a23-55-136-65.deploy.static.akamaitechnologies.com  (23.55.136.65:80)

TCP (HTTP):
Connects to a23-200-86-151.deploy.static.akamaitechnologies.com  (23.200.86.151:80)

TCP (HTTP):
Connects to a23-200-86-145.deploy.static.akamaitechnologies.com  (23.200.86.145:80)

TCP (HTTP):
Connects to a172-227-94-14.deploy.static.akamaitechnologies.com  (172.227.94.14:80)

TCP (HTTP):
Connects to 153.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net  (37.252.172.27:80)

Remove GPlayer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.