home

GarenaMessenger.exe

Garena Plus

Garena Online Pte Ltd

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘GarenaPlus’. This is installed with Garena Plus.
Publisher:
Garena Online Pte Ltd  (signed and verified)

Product:
Garena Plus

Version:
1, 2, 37, 1

MD5:
4c492853031e9723c1da327137c74240

SHA-1:
d806c0781f1721b8c089f29b9d615cc0690a99ec

SHA-256:
576956349f760184f3977ec16e9e0175ea21bb8366d61806c996298244d18cb4

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/16/2024 8:43:42 PM UTC  (today)

File size:
9.4 MB (9,890,608 bytes)

Product version:
1, 2, 37, 1

Copyright:
Copyright (C) 2010-2012 Garena Online Pte Ltd

Original file name:
GarenaMessenger.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\garena plus\garenamessenger.exe

Digital Signature
Signed by:
Garena Online Pte Ltd

Authority:
VeriSign, Inc.

Valid from:
10/18/2011 8:00:00 AM

Valid to:
11/3/2014 7:59:59 AM

Subject:
CN=Garena Online Pte Ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Garena Online Pte Ltd, L=Singapore, S=Singapore, C=SG

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2880A7F7FF2D334AA08744A8754FAB2C

File PE Metadata
Compilation timestamp:
2/6/2014 4:23:43 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
196608:hW86AQZxTbDXezhido7nyBaIuI/UfRL5t78S0YjJeTtC0DKOWQ0CMlf1z23ZenUu:iZWQbMlwyM2

Entry address:
0x2C950

Entry point:
55, 8B, EC, 6A, FE, 68, B0, 41, C2, 00, 68, 6E, 43, B0, 00, 64, A1, 00, 00, 00, 00, 50, 83, C4, B0, 53, 56, 57, A1, DC, BB, CF, 00, 31, 45, F8, 33, C5, 50, 8D, 45, F0, 64, A3, 00, 00, 00, 00, 89, 65, E8, C7, 45, FC, 00, 00, 00, 00, E8, 74, 7D, 6D, 00, 89, 45, A0, C7, 45, FC, FE, FF, FF, FF, 8B, 45, A0, EB, 3B, C7, 45, FC, FE, FF, FF, FF, EB, 32, B8, 01, 00, 00, 00, C3, 8B, 65, E8, 6A, FF, FF, 15, 24, 33, BC, 00, 50, FF, 15, 14, 33, BC, 00, C7, 45, A4, FF, FF, FF, FF, C7, 45, FC, FE, FF, FF, FF, 8B, 45, A4...
 
[+]

Entropy:
6.2774

Developed / compiled with:
Microsoft Visual C++

Code size:
7.8 MB (8,134,144 bytes)

Scheduled Task
Task name:
{8C62D8B3-E87B-4B53-805D-62723B1F2A03}

Trigger:
Registration (Runs on registration)


Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
GarenaPlus

Command:
"C:\Program Files\garena plus\garenamessenger.exe" -autolaunch


The file GarenaMessenger.exe has been discovered within the following program.

Garena Plus  by Garena Online Pte Ltd.
The Garena Plus application developed for various games distributed by the comapny allows gamers to develop buddy lists, chat with friends online and check on game progress and achievements.
www.garena.com
About 2% of users remove it
 
Powered by Should I Remove It?

Scan GarenaMessenger.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.