home

gamelogin.exe

gamelogin

337 Technology Limited

The application gamelogin.exe, “Game Login application” by 337 Technology Limited has been detected as adware by 5 anti-malware scanners. While running, it connects to the Internet address host-82-222-160-113.reverse.superonline.net on port 80 using the HTTP protocol.
Publisher:
337 Technology Limited.  (signed by 337 Technology Limited)

Product:
gamelogin

Description:
Game Login application

Version:
1.2.15.6465

MD5:
97a76f18e19b936757efe3e05abafc4c

SHA-1:
d04322c3c6b630274077be6b58740fdd90b49c99

SHA-256:
5c472a351ea7c577b12c99db0c288f8832b3b736e733b69a55466074dafd9c4b

Scanner detections:
5 / 68

Status:
Adware

Analysis date:
4/19/2024 8:19:28 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.Elex
4.0.3.15418

Comodo Security
ApplicUnwnt
18107

Reason Heuristics
Threat.337Technology
15.4.18.6

Trend Micro House Call
TROJ_GEN.F47V0610
7.2.108

Vba32 AntiVirus
AdWare.D365
3.12.24.3

File size:
1.1 MB (1,147,456 bytes)

Product version:
1.2.15.6465

Copyright:
Copyright (C) 2012

Original file name:
gamelogin.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\337\bombom\gamelogin.exe

Digital Signature
Signed by:
337 Technology Limited

Authority:
GlobalSign nv-sa

Valid from:
6/25/2012 12:04:18 PM

Valid to:
6/26/2015 12:04:18 PM

Subject:
CN=337 Technology Limited, O=337 Technology Limited, L=香港, S=香港, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121A511A565DC1022CCD7BA41E2E418FE65

File PE Metadata
Compilation timestamp:
4/9/2013 1:17:43 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:wO8U8xH0ILgbmuX9mvSemaep2XsittcTWa466M8mIo:D8xHZlW2XsetcT7W+

Entry address:
0x96F83

Entry point:
E8, 45, 5D, 00, 00, E9, 89, FE, FF, FF, 6A, 10, 68, D0, E6, 4E, 00, E8, D7, 40, 00, 00, 33, C0, 89, 45, E0, 89, 45, FC, 89, 45, E4, 8B, 45, E4, 3B, 45, 10, 7D, 13, 8B, 75, 08, 8B, CE, FF, 55, 14, 03, 75, 0C, 89, 75, 08, FF, 45, E4, EB, E5, C7, 45, E0, 01, 00, 00, 00, C7, 45, FC, FE, FF, FF, FF, E8, 08, 00, 00, 00, E8, DE, 40, 00, 00, C2, 14, 00, 83, 7D, E0, 00, 75, 11, FF, 75, 18, FF, 75, E4, FF, 75, 0C, FF, 75, 08, E8, 0D, F0, FF, FF, C3, 8B, FF, 55, 8B, EC, 8B, 4D, 0C, 53, 33, DB, 3B, CB, 76, 1B, 6A, E0...
 
[+]

Code size:
762.5 KB (780,800 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-frt3.facebook.com  (31.13.92.36:443)

TCP (HTTP):
Connects to www.turktelekom.com.tr  (195.175.118.81:80)

TCP (HTTP):
Connects to host-82-222-160-113.reverse.superonline.net  (82.222.160.113:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-fra3.facebook.com  (31.13.93.36:443)

TCP (HTTP):
Connects to 1a.2d.6132.ip4.static.sl-reverse.com  (50.97.45.26:80)

TCP (HTTP):
Connects to xx-fbcdn-shv-01-frt3.fbcdn.net  (31.13.92.14:80)

TCP (HTTP):
Connects to xx-fbcdn-shv-01-fra3.fbcdn.net  (31.13.93.7:80)

TCP (HTTP):
Connects to d8.e2.1632.ip4.static.sl-reverse.com  (50.22.226.216:80)

TCP (HTTP SSL):
Connects to wb-in-f156.1e100.net  (66.102.1.156:443)

TCP (HTTP):
Connects to c1.2f.6132.ip4.static.sl-reverse.com  (50.97.47.193:80)

TCP (HTTP):
Connects to a23-55-155-27.deploy.static.akamaitechnologies.com  (23.55.155.27:80)

TCP (HTTP):
Connects to a23-51-123-27.deploy.static.akamaitechnologies.com  (23.51.123.27:80)

TCP (HTTP):
Connects to a23-37-43-27.deploy.static.akamaitechnologies.com  (23.37.43.27:80)

TCP (HTTP):
Connects to a204-2-179-50.deploy.akamaitechnologies.com  (204.2.179.50:80)

TCP (HTTP):
Connects to a204-2-179-41.deploy.akamaitechnologies.com  (204.2.179.41:80)

TCP (HTTP):
Connects to 95-128-60-148.static.doratelekom.com  (95.128.60.148:80)

Remove gamelogin.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.