home

gamesflightgames.exe

GamesFlight Installer

GamesFlight

The application gamesflightgames.exe by GamesFlight has been detected as a potentially unwanted program by 7 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs.
Publisher:
GamesFlight  (signed and verified)

Product:
GamesFlight Installer

Version:
4.0.4547.0

MD5:
d42f861770687faf343cbc7e28b25f59

SHA-1:
29b6d49f4db789ee73c89ef433b8af8182b06108

SHA-256:
b460ff649968c7a93e8e174c5e00abe57e57f52323c3e7c22d7a9f6bc8070c1e

Scanner detections:
7 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
4/26/2024 7:00:32 PM UTC  (today)

Scan engine
Detection
Engine version

Clam AntiVirus
Win.Adware.Agent-59160
0.98/21062

F-Secure
Gen:Variant.Adware.Graftor
11.2015-29-11_1

IKARUS anti.virus
PUA.GameBox
t3scan.1.9.5.0

Malwarebytes
PUP.Optional.ArcadeCandy
v2015.11.29.01

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1077

Reason Heuristics
PUP.GamesFlight.Installer (M)
15.11.29.13

Zillya! Antivirus
Adware.OutBrowseGen.Win32.1
2.0.0.2499

File size:
269.5 KB (275,944 bytes)

Product version:
4.0.4547.0

Copyright:
Copyright (C) 2015

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\gamesflightgames.exe

Digital Signature
Signed by:
GamesFlight

Authority:
thawte, Inc.

Valid from:
5/7/2015 8:00:00 PM

Valid to:
5/7/2016 7:59:59 PM

Subject:
CN=GamesFlight, O=GamesFlight, L=Tustin, S=California, C=US

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
09A9736F51933FA8D3DD4F46EAA23890

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:dsrs6Lsi36WW72W/U7EBz1qcuOUwE1wiE1LaQKf+:gs6V6nq4JBz1qcM12LJ1

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9154

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

Remove gamesflightgames.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.