home

gbx90iv2.exe

Orange Room Interactive

The file gbx90iv2.exe by Orange Room Interactive has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Orange Room Interactive  (signed and verified)

MD5:
e9ff46f599b54c48e80c1867ef6bcbe4

SHA-1:
d9b288b86dfe7217f76aff02179c5b19433d46b2

SHA-256:
b46a1937266603ceec989ed3a0bb48fae3d5e5ccd123df2f344f5e4417cff3ef

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 4:08:21 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.OrangeRoom (M)
17.2.13.16

File size:
113.8 KB (116,512 bytes)

Common path:
C:\users\{user}\appdata\local\temp\gbx90iv2.exe.part

Digital Signature
Signed by:
Orange Room Interactive

Authority:
GoDaddy.com, Inc.

Valid from:
5/19/2016 4:51:38 PM

Valid to:
5/19/2017 4:51:38 PM

Subject:
CN=Orange Room Interactive, O=Orange Room Interactive, L=San Francisco, S=California, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
6807B9DA74814348

File PE Metadata
Compilation timestamp:
11/14/2016 6:54:32 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x6D33

Entry point:
E8, BE, 36, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, AC, B4, 41, 00, FF, 15, 84, 40, 41, 00, 85, C0, 75, 18, 56, E8, 10, 10, 00, 00, 8B, F0, FF, 15, 64, 40, 41, 00, 50, E8, 15, 10, 00, 00, 59, 89, 06, 5E, 5D, C3, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A1, CC, A8, 41, 00, 33, C5, 89, 45, FC, 83, 7D, 08, FF, 57, 74, 09, FF, 75, 08, E8, BD, 3D, 00, 00, 59, 83, A5, E0, FC, FF, FF, 00, 8D, 85, E4, FC, FF, FF, 6A, 4C, 6A, 00, 50, E8, B1, 3D, 00, 00, 8D, 85, E0, FC...
 
[+]

Code size:
74 KB (75,776 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-52-6-18-250.compute-1.amazonaws.com  (52.6.18.250:80)

TCP (HTTP):
Connects to post.securestudies.com  (165.193.78.234:80)

TCP (HTTP):
Connects to freeroms.com  (216.108.234.132:80)

TCP (HTTP):
Connects to a184-51-115-24.deploy.static.akamaitechnologies.com  (184.51.115.24:80)

TCP (HTTP):
Connects to a184-51-114-250.deploy.static.akamaitechnologies.com  (184.51.114.250:80)

TCP (HTTP):
Connects to a96-16-7-80.deploy.akamaitechnologies.com  (96.16.7.80:80)

TCP (HTTP):
Connects to a96-16-7-43.deploy.akamaitechnologies.com  (96.16.7.43:80)

TCP (HTTP SSL):
Connects to a23-204-158-102.deploy.static.akamaitechnologies.com  (23.204.158.102:443)

TCP (HTTP):
Connects to host-213.158.175.90.tedata.net  (213.158.175.90:80)

TCP (HTTP):
Connects to a23-34-63-137.deploy.static.akamaitechnologies.com  (23.34.63.137:80)

TCP (HTTP):
Connects to a23-34-63-129.deploy.static.akamaitechnologies.com  (23.34.63.129:80)

TCP (HTTP SSL):
Connects to a104-81-88-7.deploy.static.akamaitechnologies.com  (104.81.88.7:443)

Remove gbx90iv2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.