grandautoadventure.exe

Gamehitzone Inc.

The application grandautoadventure.exe by Gamehitzone has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address 94.31.29.128.IPYX-077437-ZYO.above.net on port 80 using the HTTP protocol.
Publisher:
Gamehitzone Inc.  (signed and verified)

MD5:
8b8708a050ecf7e7ac4b91c9dbde1b95

SHA-1:
b7d9415fda9d2ecb19361e3a5a3d1de8998ce3e7

SHA-256:
cc73411e452804afb7b5af7cb5104fcaceaa9c114a0472d1438006b19f9ab3a6

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/23/2024 10:30:48 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Gamehitzone (M)
15.7.11.15

File size:
204.7 KB (209,616 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\gamehitzone.com\grandautoadventure\grandautoadventure.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
10/3/2014 4:33:05 PM

Valid to:
1/3/2018 4:33:05 PM

Subject:
E=abuse@gamehitzone.com, CN=Gamehitzone Inc., O=Gamehitzone Inc., L=Belize City, S=Belize, C=BZ

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11212DA109C716E14D8F300F2D8DD9ACEBA0

File PE Metadata
Compilation timestamp:
6/26/2015 2:52:19 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:j2vo5rvPqg0/dtX9pcZ36f7CuVNjSO/l0QIPx2JcNui1eg830fpLBUU+oTNUfsA1:TrP7sTX9/Luui1T8+vrADZ

Entry address:
0x19F73

Entry point:
55, 8B, EC, 6A, FF, 68, 20, 43, 42, 00, 68, 08, CC, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 3C, 30, 42, 00, 33, D2, 8A, D4, 89, 15, 3C, B7, 42, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 38, B7, 42, 00, C1, E1, 08, 03, CA, 89, 0D, 34, B7, 42, 00, C1, E8, 10, A3, 30, B7, 42, 00, 33, F6, 56, E8, 26, 16, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, B0, 00, 00, 00, 59, 89, 75, FC, E8, 6B, 2A, 00, 00, FF, 15, 38, 30, 42, 00, A3, 30, CE, 42, 00, E8...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
136 KB (139,264 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to mpdedicated.com  (173.192.48.97:80)

TCP (HTTP):
Connects to 94.31.29.128.IPYX-077437-ZYO.above.net  (94.31.29.128:80)

TCP (HTTP):
Connects to h88-150-240-195.host.redstation.co.uk  (88.150.240.195:80)

TCP (HTTP):
Connects to amung.us  (67.202.94.86:80)

TCP (HTTP SSL):
Connects to wb-in-f154.1e100.net  (66.102.1.154:443)

TCP (HTTP):

TCP (HTTP):
Connects to a23-43-133-163.deploy.static.akamaitechnologies.com  (23.43.133.163:80)

TCP (HTTP SSL):
Connects to wb-in-f157.1e100.net  (66.102.1.157:443)

TCP (HTTP SSL):
Connects to wb-in-f156.1e100.net  (66.102.1.156:443)

TCP (HTTP SSL):
Connects to wb-in-f155.1e100.net  (66.102.1.155:443)

TCP (HTTP):
Connects to wb-in-f100.1e100.net  (66.102.1.100:80)

TCP (HTTP):
Connects to cache.google.com  (84.15.64.17:80)

TCP (HTTP):
Connects to a23-51-229-163.deploy.static.akamaitechnologies.com  (23.51.229.163:80)

TCP (HTTP):
Connects to a23-50-197-163.deploy.static.akamaitechnologies.com  (23.50.197.163:80)

Remove grandautoadventure.exe - Powered by Reason Core Security