gamelogin.exe

gamelogin

337 Technology Limited

The application gamelogin.exe, “Game Login application” by 337 Technology Limited has been detected as adware by 3 anti-malware scanners. While running, it connects to the Internet address c2.fb.c1ad.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Publisher:
337 Technology Limited.  (signed by 337 Technology Limited)

Product:
gamelogin

Description:
Game Login application

Version:
1.2.9.6169

MD5:
c03270ec9aa340c0178de7b187338913

SHA-1:
1a11b84f9263534accdf3171a998a385e1775a29

SHA-256:
9e90b0c8110775306786e0b890e0dba015c9761e0209c2b981e16385d76c0d9e

Scanner detections:
3 / 68

Status:
Adware

Analysis date:
8/19/2018 9:44:30 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/ELEX.DX potentially unwanted application
6.3

Reason Heuristics
PUP.ELEX.337Techn (M)
16.8.2.19

Trend Micro House Call
TROJ_GEN.F47V0610
7.2.219

File size:
1.1 MB (1,200,192 bytes)

Product version:
1.2.9.6169

Copyright:
Copyright (C) 2012

Original file name:
gamelogin.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\337\ddtank\gamelogin.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
6/25/2012 6:04:18 AM

Valid to:
6/26/2015 6:04:18 AM

Subject:
CN=337 Technology Limited, O=337 Technology Limited, L=香港, S=香港, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121A511A565DC1022CCD7BA41E2E418FE65

File PE Metadata
Compilation timestamp:
3/19/2013 7:41:44 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:UuSqV3klPzKByKr0UO7r23nfy9jTS46Ilnn8fjyFFXc:LhG8ur23fy9jTStIln87SFs

Entry address:
0x93D53

Entry point:
E8, 75, 5D, 00, 00, E9, 89, FE, FF, FF, 6A, 10, 68, B8, A8, 4E, 00, E8, 07, 41, 00, 00, 33, C0, 89, 45, E0, 89, 45, FC, 89, 45, E4, 8B, 45, E4, 3B, 45, 10, 7D, 13, 8B, 75, 08, 8B, CE, FF, 55, 14, 03, 75, 0C, 89, 75, 08, FF, 45, E4, EB, E5, C7, 45, E0, 01, 00, 00, 00, C7, 45, FC, FE, FF, FF, FF, E8, 08, 00, 00, 00, E8, 0E, 41, 00, 00, C2, 14, 00, 83, 7D, E0, 00, 75, 11, FF, 75, 18, FF, 75, E4, FF, 75, 0C, FF, 75, 08, E8, 0D, F0, FF, FF, C3, 8B, FF, 55, 8B, EC, 8B, 4D, 0C, 53, 33, DB, 3B, CB, 76, 1B, 6A, E0...
 
[+]

Code size:
749 KB (766,976 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-gru2.facebook.com  (31.13.85.36:443)

TCP (HTTP):
Connects to xx-fbcdn-shv-02-gru2.fbcdn.net  (157.240.12.16:80)

TCP (HTTP):
Connects to 179.185.57.42.static.adsl.gvt.net.br  (179.185.57.42:80)

TCP (HTTP):
Connects to 187.115.146.50.static.host.gvt.net.br  (187.115.146.50:80)

TCP (HTTP):
Connects to d8.e2.1632.ip4.static.sl-reverse.com  (50.22.226.216:80)

TCP (HTTP):
Connects to xx-fbcdn-shv-01-gru2.fbcdn.net  (31.13.85.4:80)

TCP (HTTP):
Connects to a200-187-85-136.deploy.akamaitechnologies.com  (200.187.85.136:80)

TCP (HTTP):
Connects to elex108.dominiotemporarioidc.com  (187.16.29.237:80)

TCP (HTTP):
Connects to c2.fb.c1ad.ip4.static.sl-reverse.com  (173.193.251.194:80)

TCP (HTTP):
Connects to 1a.2d.6132.ip4.static.sl-reverse.com  (50.97.45.26:80)

TCP (HTTP):
Connects to a7.eb.c0ad.ip4.static.sl-reverse.com  (173.192.235.167:80)

TCP (HTTP):
Connects to xx-fbcdn-shv-02-mia1.fbcdn.net  (157.240.0.22:80)

TCP (HTTP):
Connects to i0-h0-s1053.p0-mia.cdngp.net  (174.35.36.86:80)

TCP (HTTP):
Connects to a72-246-216-229.deploy.akamaitechnologies.com  (72.246.216.229:80)

TCP (HTTP):
Connects to nataliafaria.studentpartners.com.br  (187.16.29.156:80)

TCP (HTTP):
Connects to i0-h0-s1060.p0-mia.cdngp.net  (174.35.36.93:80)

TCP (HTTP):
Connects to elex65.dominiotemporarioidc.com  (187.16.29.196:80)

TCP:
Connects to elex35.dominiotemporarioidc.com  (187.16.29.164:8000)

TCP (HTTP):
Connects to elex23.dominiotemporarioidc.com  (187.16.29.152:80)

TCP (HTTP):
Connects to c92ef12a.virtua.com.br  (201.46.241.42:80)

Remove gamelogin.exe - Powered by Reason Core Security