racersvspolice.exe

Gamehitzone Inc.

The application racersvspolice.exe by Gamehitzone has been detected as a potentially unwanted program by 4 anti-malware scanners. This is a setup program which is used to install the application. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from cjogos.com.br.
Publisher:
GameHitZone.com   (signed by Gamehitzone Inc.)

MD5:
e6a8d8dfa2d0e57f38bd2f6d1b31e370

SHA-1:
a833b3e70aea3339fac2c24dfc1040cc17a08c4a

SHA-256:
b417f72187390a45b030b1551398dd92eb55997f9118578948e85ce9365c9313

Scanner detections:
4 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
12/26/2024 3:05:38 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
OpenCandy
2015.0.3397

ESET NOD32
8.10026

Reason Heuristics
PUP.Gamehitzone.O
14.7.31.3

File size:
53.9 MB (56,496,464 bytes)

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
12/30/2013 6:07:03 PM

Valid to:
12/31/2014 6:07:03 PM

Subject:
E=abuse@gamehitzone.com, CN=Gamehitzone Inc., O=Gamehitzone Inc., L=Belize City, S=Belize, C=BZ

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112137083CF0DD5622254F323C0D8C7424DA

File PE Metadata
Compilation timestamp:
10/13/2013 11:19:32 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
1572864:rMW3EqjtDZPgqVIZ8FVw3YOYzOnq6ARiXLrH:rl35LVV83YO0OqRiXH

Entry address:
0x113BC

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 2C, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 16, D8, FF, FF, E8, 65, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 2B, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 50, 86...
 
[+]

Entropy:
7.9999

Developed / compiled with:
Microsoft Visual C++

Code size:
63.5 KB (65,024 bytes)

The file racersvspolice.exe has been seen being distributed by the following URL.

Remove racersvspolice.exe - Powered by Reason Core Security