home

GarenaMessenger.exe

Garena Plus

Garena Online Pte Ltd

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘GarenaPlus’. This is installed with multiple programs including Garena - Mstar and Garena Plus.
Publisher:
Garena Online Pte Ltd  (signed and verified)

Product:
Garena Plus

Version:
1, 2, 38, 2

MD5:
2be5a08628802f3e4ad7d43ff3927045

SHA-1:
6d0c8e42f30253abcd0f59437da6fdef1e85c996

SHA-256:
7d6789e3e0a88e1eb54d2668a61cb9ff97394e8243fba0d29cbfaa7f96e4c882

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/19/2024 9:28:58 AM UTC  (today)

File size:
9.5 MB (9,936,176 bytes)

Product version:
1, 2, 38, 2

Copyright:
Copyright (C) 2010-2012 Garena Online Pte Ltd

Original file name:
GarenaMessenger.exe

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:
Garena Online Pte Ltd

Authority:
VeriSign, Inc.

Valid from:
10/18/2011 8:00:00 AM

Valid to:
11/3/2014 7:59:59 AM

Subject:
CN=Garena Online Pte Ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Garena Online Pte Ltd, L=Singapore, S=Singapore, C=SG

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2880A7F7FF2D334AA08744A8754FAB2C

File PE Metadata
Compilation timestamp:
4/23/2014 6:16:45 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
196608:J6sS21ECfk07NrKXGfw/Q9ogIlYmHQKq8muBAbOTTnKXFd+r8j+uV3ZLzVJxpgxe:4uVpLJVLh

Entry address:
0x2C950

Entry point:
55, 8B, EC, 6A, FE, 68, 00, E6, C2, 00, 68, 6E, C3, B0, 00, 64, A1, 00, 00, 00, 00, 50, 83, C4, B0, 53, 56, 57, A1, 54, 6F, D0, 00, 31, 45, F8, 33, C5, 50, 8D, 45, F0, 64, A3, 00, 00, 00, 00, 89, 65, E8, C7, 45, FC, 00, 00, 00, 00, E8, 74, FD, 6D, 00, 89, 45, A0, C7, 45, FC, FE, FF, FF, FF, 8B, 45, A0, EB, 3B, C7, 45, FC, FE, FF, FF, FF, EB, 32, B8, 01, 00, 00, 00, C3, 8B, 65, E8, 6A, FF, FF, 15, 34, D3, BC, 00, 50, FF, 15, 24, D3, BC, 00, C7, 45, A4, FF, FF, FF, FF, C7, 45, FC, FE, FF, FF, FF, 8B, 45, A4...
 
[+]

Entropy:
6.2849

Developed / compiled with:
Microsoft Visual C++

Code size:
7.8 MB (8,172,032 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
GarenaPlus

Command:
"C:\e\game\garena plus\garenamessenger.exe" -autolaunch


The file GarenaMessenger.exe has been discovered within the following programs.

Garena - FIFA ONLINE 3(English)  by Garena Online Pte Ltd.
FIFA ONLINE 3 is a video game distributed through the Garena platform.
www.garena.com
About 7% of users remove it
Garena - Heroes of Newerth  by Garena Online Pte Ltd.
Heroes of Newerth is a video game distributed through the Garena platform.
hon.garena.com
About 7% of users remove it
Garena - League of Legends  by Garena Online Pte Ltd.
League of Legends is a multiplayer online battle arena video game where players are formed into two teams of five Champions. League of Legends is a session-based game. Matchmaking creates teams with even average MMR (Matchmaking Rating) of the constituent players.
lol.garena.com
About 1% of users remove it
Garena - Mstar  by Garena Online Pte Ltd.
Mstar is a video game distributed through the Garena platform.
About 3% of users remove it
Garena Plus  by Garena Online Pte Ltd.
The Garena Plus application developed for various games distributed by the comapny allows gamers to develop buddy lists, chat with friends online and check on game progress and achievements.
About 2% of users remove it
 
Powered by Should I Remove It?

Scan GarenaMessenger.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.