home

GarenaMessenger.exe

Garena Plus

Garena Online Pte Ltd

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘GarenaPlus’. This is installed with multiple programs including Garena Messenger and Garena+.
Publisher:
Garena Online Pte Ltd  (signed and verified)

Product:
Garena Plus

Version:
1, 2, 44, 2

MD5:
1f0d8d705d665e943f1966e5f103beca

SHA-1:
5dafbe1ff1a7857fe1f5111f676fb7f59ac487b7

SHA-256:
408fd673999232181a5579f9077ff9fb7854dc7730f62c740be4f1bfd2382e84

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 11:53:33 AM UTC  (today)

File size:
9.5 MB (9,940,272 bytes)

Product version:
1, 2, 44, 2

Copyright:
Copyright (C) 2010-2012 Garena Online Pte Ltd

Original file name:
GarenaMessenger.exe

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:
Garena Online Pte Ltd

Authority:
VeriSign, Inc.

Valid from:
10/18/2011 8:00:00 AM

Valid to:
11/3/2014 7:59:59 AM

Subject:
CN=Garena Online Pte Ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Garena Online Pte Ltd, L=Singapore, S=Singapore, C=SG

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2880A7F7FF2D334AA08744A8754FAB2C

File PE Metadata
Compilation timestamp:
7/22/2014 10:17:15 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
196608:a6sfOtiEKC89t2EZLFt3wPACDu0LRVP41dHsTjAmOGpkUlfSI2j1EB2iNIiwlM6S:wV1EB2iNxYaT

Entry address:
0x2C950

Entry point:
55, 8B, EC, 6A, FE, 68, 50, EA, C2, 00, 68, 3E, C7, B0, 00, 64, A1, 00, 00, 00, 00, 50, 83, C4, B0, 53, 56, 57, A1, 8C, 70, D0, 00, 31, 45, F8, 33, C5, 50, 8D, 45, F0, 64, A3, 00, 00, 00, 00, 89, 65, E8, C7, 45, FC, 00, 00, 00, 00, E8, 44, 01, 6E, 00, 89, 45, A0, C7, 45, FC, FE, FF, FF, FF, 8B, 45, A0, EB, 3B, C7, 45, FC, FE, FF, FF, FF, EB, 32, B8, 01, 00, 00, 00, C3, 8B, 65, E8, 6A, FF, FF, 15, 34, D3, BC, 00, 50, FF, 15, 24, D3, BC, 00, C7, 45, A4, FF, FF, FF, FF, C7, 45, FC, FE, FF, FF, FF, 8B, 45, A4...
 
[+]

Entropy:
6.2849

Developed / compiled with:
Microsoft Visual C++

Code size:
7.8 MB (8,174,080 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
GarenaPlus

Command:
"C:\garena plus\garenamessenger.exe" -autolaunch


The file GarenaMessenger.exe has been discovered within the following programs.

Garena Messenger  by Garena Online Pte Ltd.
Publisher's description - “Garena Messenger features many of your favorite games like League of Legends, Heroes of Newerth, BlackShot or GoKart. It auto-updates to give you the newest features to play with as soon as they become available.”
www.garena.com
About 5% of users remove it
Garena Plus  by Garena Online Pte Ltd.
The Garena Plus application developed for various games distributed by the comapny allows gamers to develop buddy lists, chat with friends online and check on game progress and achievements.
About 2% of users remove it
Garena+  by Garena Online Pte Ltd.
Publisher's description - “Garena+ is an online social gaming platform which you can download for free and use to connect with millions of other gamers around the world. Using the Garena+, you can play various titles such as BlackShot, Heroes of Newerth, League of Legends and many other great titles.”
20% remove it
 
Powered by Should I Remove It?

Scan GarenaMessenger.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.