» GPlayer.exe
Overview
Analysis
File Details
Behaviors (1)
Network (100)

GPlayer.exe

EXETender Client

Exent Technologies Ltd.

The application GPlayer.exe by Exent Technologies has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Exetender’. While running, it connects to the Internet address cache.google.com on port 80 using the HTTP protocol.

File name:

GPlayer.exe

Publisher:

Exent Technologies Ltd. (signed and verified)

Product:

EXETender™ Client

Description:

EXETender Player

Version:

07.04.09.00

MD5:

6f6d8545ad32dc1981b6529629ed201f

SHA-1:

c4495044c2375fe6d878e3d6bfc87c01b1fe00e0

SHA-256:

0d5379fd2ef5f60ef260cb8eb292944b2d93ae551f9d7f5c7da94996f9c8c7c1

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/27/2024 12:50:02 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.FreeRideGames.ExentTechnologies.Meta (L)

16.2.17.15

File size:

4.7 MB (4,932,288 bytes)

Product version:

07.04.09.00

Original file name:

GPlayer.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\free ride games\gplayer.exe

Digital Signature

Signed by:

Exent Technologies Ltd.

Authority:

Symantec Corporation

Valid from:

12/29/2015 7:00:00 AM

Valid to:

8/20/2016 6:59:59 AM

Subject:

CN=Exent Technologies Ltd., O=Exent Technologies Ltd., L=Petah-Tikva, S=Israel, C=IL

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

05A4B8516871B7EE97B26A109895E16A

File PE Metadata

Compilation timestamp:

2/14/2016 4:56:06 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

98304:OZwojJAEx9tjh0/XEv8t7+59/9lFRI+ANU1:O6o+Ex9fr7Q

Entry address:

0x210719

Entry point:

55, 8B, EC, 6A, FF, 68, 40, 82, 7A, 00, 68, 9C, 27, 61, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 54, 44, 79, 00, 33, D2, 8A, D4, 89, 15, 20, E1, 87, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 1C, E1, 87, 00, C1, E1, 08, 03, CA, 89, 0D, 18, E1, 87, 00, C1, E8, 10, A3, 14, E1, 87, 00, 6A, 01, E8, 2C, 63, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, C2, 00, 00, 00, 59, E8, D7, 60, 00, 00, 85, C0, 75, 08, 6A, 10, E8, B1, 00, 00, 00, 59, 33, F6, 89, 75... 
[+]

Entropy:

6.5612

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

3.6 MB (3,747,840 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Exetender

Command:

"C:\Program Files\free ride games\gplayer.exe" \runonstartup

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to tags.expo9.exponential.com (204.11.109.78:80)

TCP (HTTP):

Connects to a.tribalfusion.com (204.11.109.65:80)

TCP (HTTP):

Connects to a172-227-172-199.deploy.static.akamaitechnologies.com (172.227.172.199:80)

TCP (HTTP):

Connects to ec2-107-21-229-137.compute-1.amazonaws.com (107.21.229.137:80)

TCP (HTTP):

Connects to a23-196-29-170.deploy.static.akamaitechnologies.com (23.196.29.170:80)

TCP (HTTP):

Connects to ec2-54-235-127-141.compute-1.amazonaws.com (54.235.127.141:80)

TCP (HTTP):

Connects to a23-194-5-250.deploy.static.akamaitechnologies.com (23.194.5.250:80)

TCP (HTTP):

Connects to a23-10-102-129.deploy.static.akamaitechnologies.com (23.10.102.129:80)

TCP (HTTP):

Connects to r200-40-28-25.antel.net.uy (200.40.28.25:80)

TCP (HTTP):

Connects to ec2-34-206-174-5.compute-1.amazonaws.com (34.206.174.5:80)

TCP (HTTP):

Connects to ec2-107-20-183-39.compute-1.amazonaws.com (107.20.183.39:80)

TCP (HTTP SSL):

Connects to a23-208-197-109.deploy.static.akamaitechnologies.com (23.208.197.109:443)

TCP (HTTP):

Connects to 80.83.2ea9.ip4.static.sl-reverse.com (169.46.131.128:80)

TCP (HTTP):

Connects to 154.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net (37.252.172.70:80)

TCP (HTTP):

Connects to 114.255.178.107.bc.googleusercontent.com (107.178.255.114:80)

TCP (HTTP):

Connects to ip206.ip-94-23-171.eu (94.23.171.206:80)

TCP (HTTP):

Connects to ec2-54-247-182-202.eu-west-1.compute.amazonaws.com (54.247.182.202:80)

TCP (HTTP):

Connects to ec2-54-243-139-126.compute-1.amazonaws.com (54.243.139.126:80)

TCP (HTTP):

Connects to ec2-52-28-39-233.eu-central-1.compute.amazonaws.com (52.28.39.233:80)

TCP (HTTP):

Connects to ec2-52-211-21-195.eu-west-1.compute.amazonaws.com (52.211.21.195:80)

Remove GPlayer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.