home

gamecenter@mail.ru.exe

Игровой центр@Mail.Ru

LLC Mail.Ru

The executable gamecenter@mail.ru.exe has been detected as malware by 1 anti-virus scanner. While running, it connects to the Internet address dl20.ext.terrhq.ru on port 443.
Publisher:
LLC Mail.Ru  (signed and verified)

Product:
Игровой центр@Mail.Ru

Version:
2.0.0.341

MD5:
a85a979c511cfb470d5d3bb4d0c1f25e

SHA-1:
44209af978ee74289d706bae73fbbe357b2708b0

SHA-256:
24ebedf40f8fb1f106a49f47c5a01557b4de148a53512072c9390d868e650c80

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
4/26/2024 9:06:00 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic
17.1.31.13

File size:
4.2 MB (4,424,728 bytes)

Product version:
2.0.0.341

Copyright:
Copyright (C) 2013 LLC Mail.Ru

Original file name:
Игровой центр@Mail.Ru.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe

Digital Signature
Signed by:
LLC Mail.Ru

Authority:
Thawte, Inc.

Valid from:
12/9/2011 8:00:00 AM

Valid to:
2/7/2014 7:59:59 AM

Subject:
CN=LLC Mail.Ru, O=LLC Mail.Ru, L=Moscow, S=Moscow, C=RU

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
1C09DBBC732D4B58F7A88EBACF323417

File PE Metadata
Compilation timestamp:
10/22/2013 3:58:04 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x1D9E90

Entry point:
55, 8B, EC, 83, C4, F0, B8, 24, A1, 5C, 00, E8, CC, 03, E3, FF, A1, A4, EF, 5D, 00, 80, 38, 00, A1, DC, ED, 5D, 00, 0F, 95, 00, E8, 2B, B9, FB, FF, E8, 4A, C4, E2, FF, 8B, C0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
1.8 MB (1,933,824 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to dl38.ext.terrhq.ru  (178.22.89.42:80)

TCP (HTTP):
Connects to dl20.ext.terrhq.ru  (178.22.89.26:80)

TCP (HTTP SSL):
Connects to dl21.ext.terrhq.ru  (178.22.89.27:443)

TCP:
Connects to usr-5-144-97-9.lanck.net  (5.144.97.9:37669)

TCP:
Connects to host-static-93-116-191-46.moldtelecom.md  (93.116.191.46:6881)

TCP:
Connects to host-static-188-237-192-27.moldtelecom.md  (188.237.192.27:6881)

TCP:
Connects to host-94-232-235-54.nsplus.ru  (94.232.235.54:6881)

TCP:
Connects to host29.techotelecom.cust.dsi.ru  (195.206.33.61:6881)

TCP:
Connects to host-2-60-235-77.pppoe.omsknet.ru  (2.60.235.77:6881)

TCP:
Connects to host-2-60-230-108.pppoe.omsknet.ru  (2.60.230.108:6881)

TCP:
Connects to host-2-60-134-60.pppoe.omsknet.ru  (2.60.134.60:6881)

TCP:
Connects to dynamicip-176-215-247-40.pppoe.irkutsk.ertelecom.ru  (176.215.247.40:6881)

TCP:
Connects to dynamicip-176-213-4-13.pppoe.nn.ertelecom.ru  (176.213.4.13:56183)

TCP:
Connects to dynamic-2-61-132-104.pppoe.khakasnet.ru  (2.61.132.104:6881)

TCP:
Connects to bras2-6.donapex.net  (46.150.97.122:6882)

TCP:
Connects to 95-190-206-247-bbc-dynamic.kuzbass.net  (95.190.206.247:6881)

TCP:
Connects to 90.150.115.73.permonline.ru  (90.150.115.73:6881)

TCP:
Connects to 76.47.21.213.at-home.ru  (213.21.47.76:6881)

TCP:
Connects to 5x18x233x75.static-business.iz.ertelecom.ru  (5.18.233.75:21977)

TCP:
Connects to 59.98.237.80.transtelecom.net  (80.237.98.59:6881)

Remove gamecenter@mail.ru.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.