home

GameMon.exe

Wico commnucations

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘GameMon.exe’.
Publisher:
GameMon  (signed by Wico commnucations)

Product:
GameMon

Version:
1.0.0.0

MD5:
10405b674bccea45d8bc1299ea8225e2

SHA-1:
b01a2eac28de6f4d82af9d41ec33bac91d36a376

SHA-256:
485a52dbc4bcbc5e39425e91b51f238b17db21d6937421762ad70e2301c1f4e1

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/24/2024 2:45:31 AM UTC  (today)

File size:
2.6 MB (2,724,440 bytes)

Product version:
1.0.0.0

Copyright:
GameMon

Original file name:
GameMon.exe

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:
Wico commnucations

Authority:
Thawte, Inc.

Valid from:
6/25/2013 9:00:00 AM

Valid to:
6/26/2015 8:59:59 AM

Subject:
CN=Wico commnucations, OU=Wico Dev., O=Wico commnucations, L=Buk-gu, S=Daegu, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
12573335B63A1D9B1964EBEBF03BDC10

File PE Metadata
Compilation timestamp:
12/8/2014 12:19:16 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:l0ik/Jp2mehJ8s1s+ltwgOrL2yhk/oRz0QpPdBBeSccx7GhGjiPnxQxUmCAO5v67:c/JbNkdAtC/GdBwSccKG6xn56mOoUR

Entry address:
0x2449BC

Entry point:
55, 8B, EC, 83, C4, F0, 53, B8, 98, A4, 63, 00, E8, AF, A0, DC, FF, 68, 38, 4A, 64, 00, 6A, FF, 6A, 00, E8, 4D, D5, DC, FF, 8B, D8, 85, DB, 74, 51, E8, 6A, D6, DC, FF, 85, C0, 75, 48, A1, 8C, E2, 64, 00, 8B, 00, E8, 46, 60, F7, FF, A1, 8C, E2, 64, 00, 8B, 00, 33, D2, E8, 84, 7D, F7, FF, 8B, 0D, D4, E5, 64, 00, A1, 8C, E2, 64, 00, 8B, 00, 8B, 15, E4, 8C, 63, 00, E8, 38, 60, F7, FF, A1, 8C, E2, 64, 00, 8B, 00, E8, 90, 61, F7, FF, 85, DB, 74, 06, 53, E8, B6, D4, DC, FF, 5B, E8, A0, 4F, DC, FF, 57, 00, 69, 00...
 
[+]

Entropy:
6.5583

Developed / compiled with:
Microsoft Visual C++

Code size:
2.3 MB (2,371,584 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
GameMon.exe

Command:
C:\nd\gamemon.exe


Scan GameMon.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.