snakeclassics.exe

Gekkon Ltd

The application snakeclassics.exe by Gekkon has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Snake Classics by GamesPub Ltd.. While running, it connects to the Internet address virtualbookstores.net on port 80 using the HTTP protocol.
Publisher:
GamesPub Ltd.  (signed by Gekkon Ltd)

Version:
1.0.0.1

MD5:
77dd8bcdd2299439c7dc61ba24abb5c0

SHA-1:
65f8160fc122fe4b951db75b92999f8e27df325e

SHA-256:
f1de8737795cca0a53facd6263560cdb871ae19b81681be56339cf8329ab0684

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/23/2024 2:43:41 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Gekkon (M)
15.10.19.5

File size:
1.7 MB (1,745,488 bytes)

Product version:
1.0.0.1

Copyright:
(c) GamesPub Ltd. All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\toomkygames.com\snake classics\snakeclassics.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
8/9/2010 3:35:50 AM

Valid to:
8/9/2013 3:35:46 AM

Subject:
E=is@newfreescreensavers.com, CN=Gekkon Ltd, O=Gekkon Ltd, L=Mahe, S=Seychelles, C=SC

Issuer:
CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:
0100000000012A56A1781E

File PE Metadata
Compilation timestamp:
8/2/2012 8:25:19 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:0hzMRmxpHjtKJah8/0oi86CaM15W3VIC7/nn/usUf9EOwrEDDSW:mMRmxpjSah8vi86CaM15W3VISmsUfqOi

Entry address:
0x101AC8

Entry point:
E8, 0B, 6B, 00, 00, E9, 89, FE, FF, FF, 3B, 0D, A0, FC, 56, 00, 75, 02, F3, C3, E9, 92, 6B, 00, 00, 8B, FF, 55, 8B, EC, 56, 8B, 75, 14, 85, F6, 75, 04, 33, C0, EB, 61, 83, 7D, 08, 00, 75, 13, E8, 56, 12, 00, 00, 6A, 16, 5E, 89, 30, E8, FC, 6D, 00, 00, 8B, C6, EB, 48, 83, 7D, 10, 00, 74, 16, 39, 75, 0C, 72, 11, 56, FF, 75, 10, FF, 75, 08, E8, 5E, 1C, 00, 00, 83, C4, 0C, EB, C7, FF, 75, 0C, 6A, 00, FF, 75, 08, E8, DC, 19, 00, 00, 83, C4, 0C, 83, 7D, 10, 00, 74, BB, 39, 75, 0C, 73, 0E, E8, 0C, 12, 00, 00, 6A...
 
[+]

Entropy:
6.3932

Code size:
1.1 MB (1,199,104 bytes)

The file snakeclassics.exe has been discovered within the following program.

Snake Classics  by GamesPub Ltd.
www.ToomkyGames.com
About 1% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to virtualbookstores.net  (198.44.66.74:80)

TCP (HTTP):
Connects to 94.31.29.96.IPYX-077437-ZYO.above.net  (94.31.29.96:80)

TCP (HTTP SSL):
Connects to wb-in-f156.1e100.net  (66.102.1.156:443)

TCP (HTTP):
Connects to static.khi77.pie.net.pk  (221.120.207.35:80)

TCP (HTTP SSL):
Connects to cache.google.com  (109.226.50.31:443)

TCP (HTTP):

Remove snakeclassics.exe - Powered by Reason Core Security