home

GPlayer.exe

EXETender Client

Exent Technologies Ltd.

The application GPlayer.exe by Exent Technologies has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Exetender’. While running, it connects to the Internet address a.tribalfusion.com on port 80 using the HTTP protocol.
Publisher:
Exent Technologies Ltd.  (signed and verified)

Product:
EXETender™ Client

Description:
EXETender Player

Version:
07.04.10.00

MD5:
eb157205162de69acc96766e2a0cb2a3

SHA-1:
d0b2c6fef333d21e9aff00764b8d6b813a1251b8

SHA-256:
a10779ff73c1a7ae761d2a6e7ce8ce30273b8e3666412162d4aeb47c80da1308

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/19/2024 8:33:53 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.FreeRideGames.ExentTec.Meta (L)
16.6.29.21

File size:
4.7 MB (4,932,288 bytes)

Product version:
07.04.10.00

Copyright:
Copyright © 1996-2016 Exent Technologies Ltd. All rights reserved.

Original file name:
GPlayer.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\free ride games\gplayer.exe

Digital Signature
Signed by:
Exent Technologies Ltd.

Authority:
Symantec Corporation

Valid from:
12/29/2015 4:00:00 AM

Valid to:
8/20/2016 3:59:59 AM

Subject:
CN=Exent Technologies Ltd., O=Exent Technologies Ltd., L=Petah-Tikva, S=Israel, C=IL

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
05A4B8516871B7EE97B26A109895E16A

File PE Metadata
Compilation timestamp:
3/15/2016 7:04:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:G+VFl/LFVFL0U1XExy+hPhqdilUgFRICToVkz:GelhVOj8ww

Entry address:
0x2105B9

Entry point:
55, 8B, EC, 6A, FF, 68, 48, 82, 7A, 00, 68, 3C, 26, 61, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 54, 44, 79, 00, 33, D2, 8A, D4, 89, 15, 20, E1, 87, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 1C, E1, 87, 00, C1, E1, 08, 03, CA, 89, 0D, 18, E1, 87, 00, C1, E8, 10, A3, 14, E1, 87, 00, 6A, 01, E8, 2C, 63, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, C2, 00, 00, 00, 59, E8, D7, 60, 00, 00, 85, C0, 75, 08, 6A, 10, E8, B1, 00, 00, 00, 59, 33, F6, 89, 75...
 
[+]

Entropy:
6.5600

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
3.6 MB (3,747,840 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Exetender

Command:
"C:\Program Files\free ride games\gplayer.exe" \runonstartup


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a104-122-141-49.deploy.static.akamaitechnologies.com  (104.122.141.49:80)

TCP (HTTP):
Connects to tags.expo9.exponential.com  (204.11.109.76:80)

TCP (HTTP):
Connects to a.tribalfusion.com  (204.11.109.67:80)

TCP (HTTP):
Connects to 174.bm-nginx-loadbalancer.mgmt.sin1.adnexus.net  (103.243.221.109:80)

TCP (HTTP):
Connects to 151.bm-nginx-loadbalancer.mgmt.sin1.adnexus.net  (103.243.221.87:80)

TCP (HTTP):
Connects to a104-75-120-206.deploy.static.akamaitechnologies.com  (104.75.120.206:80)

TCP (HTTP):
Connects to 197-84-130-64.cpt.mweb.co.za  (197.84.130.64:80)

TCP (HTTP):
Connects to host-213.158.175.88.tedata.net  (213.158.175.88:80)

TCP (HTTP):
Connects to host-213.158.175.83.tedata.net  (213.158.175.83:80)

TCP (HTTP):
Connects to host-213.158.175.81.tedata.net  (213.158.175.81:80)

TCP (HTTP):
Connects to host-213.158.175.80.tedata.net  (213.158.175.80:80)

TCP (HTTP):
Connects to ec2-54-246-119-134.eu-west-1.compute.amazonaws.com  (54.246.119.134:80)

TCP (HTTP):
Connects to ec2-52-50-240-166.eu-west-1.compute.amazonaws.com  (52.50.240.166:80)

TCP (HTTP):
Connects to ec2-107-20-231-223.compute-1.amazonaws.com  (107.20.231.223:80)

TCP (HTTP):
Connects to a88-221-112-162.deploy.akamaitechnologies.com  (88.221.112.162:80)

TCP (HTTP):
Connects to a23-52-54-105.deploy.static.akamaitechnologies.com  (23.52.54.105:80)

TCP (HTTP):
Connects to a23-50-179-28.deploy.static.akamaitechnologies.com  (23.50.179.28:80)

TCP (HTTP):
Connects to a23-33-182-105.deploy.static.akamaitechnologies.com  (23.33.182.105:80)

TCP (HTTP):
Connects to 265.bm-nginx-loadbalancer.mgmt.sin1.adnexus.net  (103.243.221.17:80)

TCP (HTTP):
Connects to unknown.telstraglobal.net  (210.176.156.45:80)

Remove GPlayer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.