» gamemanageryandere.exe
Overview
Analysis
File Details
Downloads (101)

gamemanageryandere.exe

Game Manager

The application gamemanageryandere.exe has been detected as a potentially unwanted program by 5 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. The file has been seen being downloaded from tmpfile10533.s3.amazonaws.com and multiple other hosts.

File name:

Publisher:

Game Manager

Product:

Game Manager

Version:

MD5:

7111fcfe763df967e8b2c4c283399c85

SHA-1:

abb3f1f89cf546183a1d91370ee3a865634355bb

SHA-256:

3fcbed7beff97ca4542fa1cee4655eba01dab15accedf14419befa1f27c396ff

Scanner detections:

5 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:

4/23/2024 5:21:05 PM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/InstallMonetizer.AN potentially unwanted application

6.3.12010.0

Kaspersky

not-a-virus:AdWare.Win32.InstallMonster

15.0.2.529

Microsoft Security Essentials

SoftwareBundler:Win32/Stallmonitz

1.231.219.0

Reason Heuristics

Adware.Bundler (M)

16.10.23.21

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.4

File size:

1.2 MB (1,213,808 bytes)

Product version:

Game Manager

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\gamemanageryandere.exe

File PE Metadata

Compilation timestamp:

12/5/2009 10:50:41 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:4CHWk11HtGId7zpft9IIZo+xBw/b7g2XxPimkvZ8yHj:CkV9zpft9/3zwTM2Xxr/4

Entry address:

0x30CB

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

22.5 KB (23,040 bytes)

The file gamemanageryandere.exe has been seen being distributed by the following 50 URLs.

https://tmpfile10533.s3.amazonaws.com/download77/ic_trackings/22249/.../yandere-simulator.exe

https://tmpfile11860.s3.amazonaws.com/download77/ic_trackings/10043/.../yandere-simulator.exe

https://tmpfile14164.s3.amazonaws.com/download77/ic_trackings/6351/.../yandere-simulator.exe

http://www.bitstagcontent.com/YJfowm cz w7JpKidIntVVCWr7sNiqEjlDDso4KJVwjzbBKIk4NM2uNy5N24TIbwRduAcoMmFYg9GaILjoOh2rU06y 5hb76i 5kd5HOwl2YN40yhOuysdeUDa6WQVm7z9nkmdp5uINF0V5rpOaDEP7CKp_zkOD1Yzi7ExMffiGcBNmaqMtXbzM8SVXm3uiEo1GbT73aloPfIxyq7C3sTGECxICv4A==-G2gBAOSwzn6v7S9SpQM420yl5Lju9KD87f 6UtSJIKWppLWyJxQAFlN6Rhk HvxEjSNOftSKhgIIugSdHiBfhJyDhHdI7hE_lfYoJrLzg7gBV NOr7pxPut5DiL7YeSWf1TzrLyWY_y9NVo_Nwo8nhWadHbg470tiKkfU2kM7WeQbLRufkqHN8 zB0D92efew n50eXhVyOMcLIYUq5PArkSp1RBRymKjCT9IfcClo60PGht90K4J2Qjzr94Pf7WyPqSE851w 3Mwma4wNkVNjugmGykcgf 2x4UywYxiB98oaHzl3PEDJERQPpfHSQRyZiM5o0GMI0mFZCkRUMSjnXQQ=

https://11112221.s3.amazonaws.com/download77/shipping/downloads/.../GameManagerYandere.exe

http://www.giftchuckleflash.com/H6vkUXaDBgANdUbsnMeFZrIOs4jaWMQs4JVJRXVs K6_qZTjd_IMGTZO7a2DwI3_eiD2lCIf7RBMTGyadKtFxMlF2SZ6sL9Tf5Rk1yrpINzfWufhljlfmBLs5b0CkHNWvZoBYJAerNc7Dfp9EeU8PVtTXVqWIXqk_rIpoA44m67QT3Ql2yl2sQIUPIm0lVdf3Uzzec18E6FhEn1LpaWkKlFrMd6_uA==-G1gAAGRgnq2tAUxENA_YgAOXiIJBJhsAh42xs8XhjRye50gCfEPjtu3NYpQkgv9r7KMF3wK8y2e_oKu85PsRLaMp83ImZ_XbWAWdWJHJ F gFVGCYgmaIXEK

http://www.bitstagcontent.com/rrVj5OkuccKiq26uLnCEAzVkuGzBzEhUG3zdZllaXN3aeWqImBPTM_ACZXa2stINB0oSoAzkGg96DCDd6ivUBtjI6eccZLo6rPbJXeGydyr4IOqe_smCDuuY6egAHfHXEHqwE6xxuZZ2Ny49TeA6ZCHI2dzpqA74n0kimZ72WXg6JBPJgrIRD J1UXyfWqfr1vOky_7voIUeVlY0M4OU1QEqTP 1ug==-G2gBAGRZzn6v7kcbgu_ENaXpTOB03elB dv_fffLtyBJWpTm0hYGEgcUUHYyClU4386ITO7nPB8JlQKwyjKpsnhBP4kZ50jOVfwE_0uVBO0lVAc04Y9Gffl0wv0Wl_zLG49ia_Ivtsa92XKQ 5O1rYcbLQ7PtnbEzeEWGtsxsp0NpLNpHtB4bevkaOv49mHfPWzv2Mft57PTw6sC9 d4IgGhwP2vJKq0E7LA_aQK3KefpD_oUtC2S5nX_IZbaYw25lm_3vudD5ac1qQHALy7GfSm3DRESWv9WTBUPkL5a8lrpL3Fpo4RUFmrZauwRQ5EzscmcqTatWhJ6mgg1hGBQ80cW6gba6JB

http://www.bitstagcontent.com/noS08n94jFt248lAfItIzGHmuUAr1mlF_UX6pP0nPvKcxZrWk6WZYogCYYmMo5Yyzr1MQYQiqfEMYnFSbAspPiWzPkh W Mvnrso7EbqAeNIj7TX3ydnshr6ws79J_ eHOrsM0wUp1 MWG lgUG6UfApISGJX0VSPx_ROZKUs2COkmcO3Pnh5z2xol0pRY8TiSHfZ7MPH_HopkidyHs0ye3BTId59g==-G2gBAGSZrrapt9FC8HtxTdXgdd3pQfnb_333S1uQJC1Kc2kLAzkFEWQnIyEK_86ITCm9H0dCGQNoLHQ8LF7CH4eMc2StI3wi_3MRo8IwGh1gl3006vPTCfdXWZj9ZhuPZKv7J1ttMcyVL7u1rYcbQQ7PtnbIzeEWSLUwsp0NpFjvK2zXtk6Oto5vH_b1w_aOetx Pjs9vApgf44XDCgEsP_lSJVOhAWw73gA _jjxAdcCtp30WdrftMtMKBSPuv3e79jNWdujRlKqXy4qYo SxuiurVyCIbKe i_5mwtlpBLlSZSaMVSY5LYMqkQBfJUiwxzyylCeaKQZxkIEAlqTo2yFFIbAwU=

http://www.bitstagcontent.com/ Gr7DD 9w_3ENFZDMhoqCAJwBlP1Et3ZhzT9LHFetiJ20fywbTIStpGhYCDbVnBSPoUgrx0ZAhtFyg3TrickilVU6dWy2EkUwZ8F4vumvmvdHqJAskLSdmJs0_EWuV3TPbWBH6lGPIxbxq bJIO92zKeAhlMNttg62xQnXqYHceN7jQnMjX4nMNIk1wglVZT yKBIspaANj 88x2tFOWmiYQB3GRLgEYVw5uJ3Rpyy8gVk6A84d0jmS52NLqbuOvkrqMCHSwHy40y6 Oycry5UZByhIQ2 hnqPzYDaK5uxGUBLTw WocYtn9Ti82U8x9iAnFhXToU6ddInO_0UsFfd5_RN3k228RpFjBOV0ZhCqPWg05fI6G 9ViGSDm29zbVQIzzrxvz8SNXk8sGJPOsGNWZty55sG4JEHiD78H6oetkQvZg4 DCpVZ7e1zg5ynqdrhqvAKQLR LEqJfb63D5ayaoeq9GGx9pNwZ36CR8LhAIHh9OWy58FT pYgIsRW91CtiVk15pmx McmWv BJ6t65OEgPgJyMdlO6Ukf 6wdRfRbtke697M4ofDSEUx2UTxi9SPz8TYLLDSEuWyhhOB4_eBQ5B2lNZzAESGZ3KT36VZUNfmaZtHyG8mEimNCPEwKz8KrMBZ0IQ8hoJ_xB_SQFs5TB1gpjd21aMurgqTXw oG2rqKVNVFW18bWaOHoR4gPVIYjwzqdG4oRtX9jMd2EbKtgOawQDaC0HFGOqvMHu3eLe58XyKnew9 6HzL4Qu8kQt86_dfO3fgbt9YwxSozekX9hnPMz0jfgKi4QQz0jF8byvHC0 SJRWD584i2OMp3ECHL2zleElyNr5gFxYyunOduHGr2IriksqzhPVqlCJwqABzVD0HRVKNBVjsRAEH1uMxPQjpl0Vp5Dm75EaHikLwus56q3wvQ9cDSZhlqmFYrN 3Z_9f1 Ta7EF7JCRZZYbzRH

http://www.bitstagcontent.com/tbJ39 ND4vhtepe6l0_2vq6slE17WIDPx4dob7Qxshe0q2sV7NzuJ9MoOtjOnZnqmkHSe3ngoHmez4kskqO1rxbqiokChBx1FnNxxJDkZnR2pPsyDkHkG7WOhYagr j_NE2ickf0pg0qGIys7LQFesAnR9o6beXVQ8QGXi_SEFduFHgQvvS9OCcD3rImB4eXwsYSLhCeB6nGvtWZZKWdk5m1E7jfKg==-G2gBAGRZzn6v7kebgO_EFUlnAqfrTg_K3_7vu1 BUnSojSXtjCQOKCAspNRqML5dkZkcr U UgoCuAV6yzq4oX_ycw4RzKm4Sf4X24QpEVoDvyEPhr15dMJ91tU0y9tPLKtyT_bGvdmy0HpT9a2Hm4kOzzb2mE3h1tc6Y6R7WwgnU3LwI_Xtk6Oto5vH_bNw_aOftx Pjs9vKr4_hxPwHFV8f2vzKq0Y1jx_Swqvu9_svygS0Hbri 05jfcIkhU lm_3vudD5aU19ACAN7dDHpTSg1R8lp_FgyVj_jytaQ1ESElFYVy4JCECo68I 5a6VUwkWxqY2s1ErQuRIUQEnnrU0pGKBER

http://www.bitstagcontent.com/YVIVgIVWixeX2hxV_4H8MiRnt9Lk5qLETBqfWn ukzGXXuUFfgSnC3NfKT9VyhvQvYSHkFmWm z goOmxo2aficUpkMn5La9uSw7ej44UA4bTpWvZP3Q7abD F7c9WpLzfeYMLz_uueQRmn6MMNH1gRwOCYVjbD0cacJukKcMwUuDrNCi5eJkUpSiGJ3tFKO9XNH5B9aZb OU7aO47SZA8Gi7r2Bzg==-G2gBAGRZzn6v7kebgO_ENYzMDE7XnR6Uv_3fd798C5KkRWkubWEgcUABZSejUIXz7YzI5H4p85FQFCAr1lnVxQv6ycw4R3Ku4Sf4X24QtEdoDmjCH4368umE y2u Zc3HsXW5F9sjXuz5aD0J2tbDzdaHJ5t7Yibwy1pbMvIdjaQzqZlQOO1rZOjrePbh333sL1jH7efz04Pryq5P8cTCKgruf VRZV2Aiu5n1Ul9 kn6w 6FLTtUuE1v EWPWijn_Xrvd_5YMl5DT0A4N3NoDfl1BAlr_VnwVD5CJWvJa9F50MHYjclq5ONBgxHUFZ3yccYQpe1VWS01h0fbbJOAnIiQ8oYR2gQ

http://www.bitstagcontent.com/lSqIVFkfsY_i2JVK1pUyfdlXHj1HI7DsgfxCrQ2350Z6t1q5T1yCa dRMCxIh4rOiOiaVrCTiSo7Dug62SykLn6vt21Pps9gimJrp_J7kL_H84D6ZPUU6D3KnvWKlWsk6tvrS9yEcg60QqK3_k2oRioE4g_1IpFRNmkcKV2prBtc4eO3u0tLljT2vZAsMvmiuZvhLD8NRV_EitsjwLRRygA12ebATw==-G2gBAGRZLn v7kebBJ 4A82ZwXTd6UH52_99t0PSFiRJi9Jc2sJA4uYBZicjIQr_zohM7pUyGwlFBlSxzrIuXgw_GRnnSNY2 ET lxsE5RCagzDmj0bD4umE y2u Zc3HsXW F9sjbrTRb_0xmtbDzdKHJ5t7Yibwy3SZsnIdjaQzialH0ZrWydHW8e3D_v2YXvHPG4_n50eXlW0P8cTcOAr2v_Koko7gRXtZ1nRfvjJ6gMuBW27ofCa33ALoCzgs3699zvrLzivoQMAeXfT7064bYiS13rTYKh8IJSvBa lyMgWnfcGgTQlxT4SRvTSRa dNl5bnShFMG0bKRA7DUZKLRU5Sw==

https://tmpfile10533.s3.amazonaws.com/download77/ic_trackings/13859/.../yandere-simulator.exe

http://www.laboratoryguardtours.com/b8Rqn87E bzt7O2S7LFViFkKhZ LU8FC_K5mkf60avs9QSR5v5XAh5nUwiD32AP0k8ffIarjTYdjvhftU_6tiUvCewiAWE7hzM_6yoyed71YBcT7j13PnYIUEuYC9Olmaug8I7S_U21NaJsKzdHpdhOpVIYC3i7IBVTKgBXHiUVS177ekcoaE1I4H5C74QPivvrL128MxBLxpDPq6BJyrZBtehxsQg==-G1cAAGRgnq2tSYzCRdiAA5ciHWSyAXDYGDtbPM7IGkNvaLtcruNJKFYG_8fYxwSeBXh3r sDenQP fkS74aLf6ZFv4L9dm0NLbr_S 0LTCJKMAhGogiOAQ==

https://tmpfile10533.s3.amazonaws.com/download77/ic_trackings/9273/.../yandere-simulator.exe

https://tmpfile3824.s3.amazonaws.com/download77/ic_trackings/19464/.../yandere-simulator.exe

https://tmpfile10533.s3.amazonaws.com/download77/ic_trackings/19629/.../yandere-simulator.exe

https://tmpfile10533.s3.amazonaws.com/download77/ic_trackings/8409/.../yandere-simulator.exe

http://www.bitstagcontent.com/1OSqiMbKswDdJ2l4J1DIvL1XUc9TPlQ1hA0CLYIlTHiD2ewprj5tS YOWUwAQPTZfh1JSXqlPEePtOGmApxgRqWWOSssg7rTJ9hhNuYD28zSJQfngoeAt yo 9f9OCjqMliUjjTDjxisy9AaOcrxkRIFR1dTjvHaiuGiEqYhord uY4EQTeyrGrZnSWio_CYwoUIZM3KsaUr6CGYGorQPd8uH34a8g==-G2gBAOSYLrcp3UjuwCvuEPOH6rrTg_K3__vul7YgSVqU5tIWBnIKIshORkIU_p0RmVKFMI2EIgPaMPYsLl6yPx4Z58hKJfhE_ucTBK4RkgPb5x N uLphPurPM5_841HstX_k62uHBd1qPq1rYcbTg7PtnbIzeEWFXLJyHY2kGJDqG23tnVytHV8 7CvHrZ35OP289np4VVE9 d4gYAQ0f0vT6p0IhjRfc8ium9_PP AS0H7rg35mt90i5Rpjs_6_d7vVC9yv4YaAOTDTV0OedYQ1a9VYzBUXrLha5GvYWEKa1ihRGqMZYLSvFBOO6TWKjBAQWCmAMid4BqFcMAyZ7Isl87IAgA=

https://tmpfile10533.s3.amazonaws.com/download77/ic_trackings/847/.../yandere-simulator.exe

https://tmpfile10533.s3.amazonaws.com/download77/ic_trackings/7498/.../yandere-simulator.exe

https://tmpfile1742.s3.amazonaws.com/download77/ic_trackings/751547/.../yandere-simulator.exe

http://www.bitstagcontent.com/6nmS6Ip_23FDfLX2mJzYVyxHMW2zOMA1QOd86T3 FrrTvVvmn0l3GFSHQ3ouo_Xv0A2IDO2zNhVzRmKizzW2sVL03eSAX6RKWtVVU33bBtDqaxV_NBX64or9wIvkPJMVGxj6tieAE6Nruq80JAtoEm1Z8JgT2ahSBH_Zkoj6Y7VboTIiSPOOEZWaNrtxDFO5gGE98v3qr9LXS83S1WHFLdnMPgoFiQ==-G2gBAOTHvPd26m5pn6LBLvShZFx3elD 9n_f_fItSJIWpbm0hYHEAQWUnYxCFc63MyKTuxhnI6EogCqmgdPiRf4TmHGOZG3GT_C_kCGIQ8gO8nH90agvnk6436rT rfeeFRb43 1NWqniz5247WthxtRh2dbO rmcIu0WTKynQ2ks0ns89Ha1snR1vHtw7592N4xj9vPZ6eHVwntz_EEHEpC 19BVWmnMKH9wAnt5z9BPuhS0Labx3rNb7hFLw7Ns3699zvrF3VYQwcAeHfTt5O6aogS1rppMFQ ksevRb3mpQSdFwJlybZkBl06R1VZeF1wUzUud4ZrW3sphStBAEOEnFtiKqw1

https://tmpfile3142.s3.amazonaws.com/download77/ic_trackings/276636/.../yandere-simulator.exe

https://tmpfile1855.s3.amazonaws.com/download77/ic_trackings/750421/.../yandere-simulator.exe

http://www.bitstagcontent.com/c?x=BpuTVxp2npGdloU2XTgWSr/Pz7JzGydqObcnsolzeWc=&c=RAlgOfwiW1CLv4/P G637g5aK7ncB07QfmfdUKw1AwEwQ89BSbyOeHSfj1H0xi1bOom6aWAWJJ4xwvJaR1EmsWfuo2fiGv4xDdyjWtdl5VgOnwDKFjScM9vtGXvizu2VVgriBTZi87D5HWDzv3kl04dLrSrHCyiFBljFll1kbTk=&downloadAs=yandere-simulator.exe&fallback_url=https://11112221.s3.amazonaws.com/download77/shipping/downloads/.../GameManagerYandere.exe

https://tmpfile3925.s3.amazonaws.com/download77/ic_trackings/21025/.../yandere-simulator.exe

https://tmpfile4488.s3.amazonaws.com/download77/ic_trackings/25549/.../yandere-simulator.exe

http://www.appsfilessafe.com/c?x=/5AfR3ZeCVHuOwJK1X4IwiV6oFV0h1oY/ALRFtDb0w8=&c=BmuWGm2F yfPUhx W63CcXEmhov3XKt3rR3zcKyDUYjWvJTkNKIYVLsGXwaWhbCvQ2yYHbalx3S0Y4MTBeZQZarveEo 04opPq/.../5 1yRvmEpR1Bjy4qVbCcbJah2FVbPmwLV5H6sw1FYKClVlaE0Wdiz4sogSXnBtnh X&e=0&downloadAs=yandere_simulator.exe&fallback_url=Fallback URL

https://tmpfile7549.s3.amazonaws.com/download77/ic_trackings/12836/.../yandere-simulator.exe

Latest 30 of 101 download URLs

Remove gamemanageryandere.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.