home

garrys_mod.exe

Strogino CS Portal

The executable garrys_mod.exe, “Garry's Mod Launcher ” has been detected as malware by 16 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from w3g3a5v6.ssl.hwcdn.net and multiple other hosts.
Publisher:
Strogino CS Portal

Description:
Garry's Mod Launcher

Version:
0.0.0.1

MD5:
3f13ea0edea4c1e2971cdc9c37c64c02

SHA-1:
44b30d73c361c4bc4e4171901610ab832abcc137

SHA-256:
542d656217c286d03d129b00deca31d183aad356d7460d5b36496713f5fe961f

Scanner detections:
16 / 68

Status:
Malware

Analysis date:
4/16/2024 9:48:50 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.10368514
1058

Baidu Antivirus
Trojan.Win32.GameHack
4.0.3.14313

Bitdefender
Trojan.Generic.10368514
1.0.20.360

Bkav FE
W32.Clod0d3.Trojan
1.3.0.4959

Comodo Security
UnclassifiedMalware
17861

Emsisoft Anti-Malware
Trojan.Generic.10368514
8.14.03.13.04

ESET NOD32
Win32/GameHack.B potentially unsafe application
6.3.12010.0

F-Secure
Trojan.Generic.10368514
11.2014-13-03_5

G Data
Trojan.Generic.10368514
14.3.24

IKARUS anti.virus
Trojan-Downloader.Win32.Genome
t3scan.2.2.29

K7 AntiVirus
Trojan
13.176.11302

McAfee
RDN/Generic Downloader.x!ig
5600.7192

MicroWorld eScan
Trojan.Generic.10368514
15.0.0.216

nProtect
Trojan.Generic.10368514
14.02.28.01

Trend Micro House Call
TROJ_GEN.R0CBH06B614
7.2.72

VIPRE Antivirus
BehavesLike.Win32.Malware.eah (mx-v)
26932

File size:
212 KB (217,088 bytes)

Copyright:
dURka[iT2]

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\strogino cs portal\garrys mod\garrys_mod.exe

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
3072:7aWvUnoRyS6AgJvVR/p4p0OkK/1o8TBziXMjvgXCCHYnfsb7Khwk8G:ukUnObwq5ak

Entry address:
0x439C

Entry point:
55, 8B, EC, 83, C4, E0, 33, C0, 89, 45, E8, 89, 45, E4, 89, 45, E0, 89, 45, EC, B8, 74, 43, 40, 00, E8, 86, F9, FF, FF, 33, C0, 55, 68, 5A, 44, 40, 00, 64, FF, 30, 64, 89, 20, 8D, 45, EC, E8, 74, FE, FF, FF, 8B, 45, EC, E8, E8, E1, FF, FF, B8, 70, 44, 40, 00, E8, 6A, FA, FF, FF, 84, C0, 74, 4B, 6A, 01, 6A, FF, 6A, 00, 8D, 45, E0, E8, D4, FE, FF, FF, 8B, 4D, E0, 8D, 45, E4, BA, 88, 44, 40, 00, E8, F0, F3, FF, FF, 8B, 45, E4, E8, F8, F4, FF, FF, 8B, D0, 8D, 45, E8, E8, 4A, F3, FF, FF, 8B, 55, E8, 33, C9, B8...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
13.5 KB (13,824 bytes)

The file garrys_mod.exe has been seen being distributed by the following 8 URLs.

https://w3g3a5v6.ssl.hwcdn.net/upload2/game/118749/390616?GoogleAccessId=507810471102@developer.gserviceaccount.com&Expires=1486852252&Signature=cz nbtXmRRyjGpJ9ka6MeLNK7nA/XXi/nrH9sXbUqxtU5/Hwp0iSdtuIGBPsSPVWo4DEVnmY5Z97OZrvnRYDkEozUe7VnfHS3KVXhuq6 FBa3lvKRorzDd6/S mxHz61jkk5ZEuOEshlf0rH/.../Jq0=&hwexp=1486852552&hwsig=b267c25ef8e7857dc9561b0d400546f4

https://mega.nz/temporary/.../GpFEkbxR

http://d-cdn.gamejolt.net/data/games/2/32/164282/protected-files-cdn/.../Garrys_Mod.exe

http://d-cdn.gamejolt.net/data/games/2/126/146376/protected-files-cdn/.../Garrys_Mod.exe

https://mega.nz/temporary/.../mU1VXYYQ

https://mega.nz/persistent/.../GpFEkbxR

https://mega.nz/persistent/.../7ZpC2LiQ

https://mega.nz/temporary/.../7ZpC2LiQ

Remove garrys_mod.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.