» grandautoadventure.exe
Overview
Analysis
File Details
Network (19)

grandautoadventure.exe

Gamehitzone Inc.

The application grandautoadventure.exe by Gamehitzone has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address 94.31.29.128.IPYX-077437-ZYO.above.net on port 80 using the HTTP protocol.

File name:

Publisher:

Gamehitzone Inc. (signed and verified)

MD5:

8b8708a050ecf7e7ac4b91c9dbde1b95

SHA-1:

b7d9415fda9d2ecb19361e3a5a3d1de8998ce3e7

SHA-256:

cc73411e452804afb7b5af7cb5104fcaceaa9c114a0472d1438006b19f9ab3a6

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/27/2024 2:46:33 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Gamehitzone (M)

15.7.11.15

File size:

204.7 KB (209,616 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\gamehitzone.com\grandautoadventure\grandautoadventure.exe

Digital Signature

Signed by:

Gamehitzone Inc.

Authority:

GlobalSign nv-sa

Valid from:

10/3/2014 4:33:05 PM

Valid to:

1/3/2018 4:33:05 PM

Subject:

E=abuse@gamehitzone.com, CN=Gamehitzone Inc., O=Gamehitzone Inc., L=Belize City, S=Belize, C=BZ

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11212DA109C716E14D8F300F2D8DD9ACEBA0

File PE Metadata

Compilation timestamp:

6/26/2015 2:52:19 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:j2vo5rvPqg0/dtX9pcZ36f7CuVNjSO/l0QIPx2JcNui1eg830fpLBUU+oTNUfsA1:TrP7sTX9/Luui1T8+vrADZ

Entry address:

0x19F73

Entry point:

55, 8B, EC, 6A, FF, 68, 20, 43, 42, 00, 68, 08, CC, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 3C, 30, 42, 00, 33, D2, 8A, D4, 89, 15, 3C, B7, 42, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 38, B7, 42, 00, C1, E1, 08, 03, CA, 89, 0D, 34, B7, 42, 00, C1, E8, 10, A3, 30, B7, 42, 00, 33, F6, 56, E8, 26, 16, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, B0, 00, 00, 00, 59, 89, 75, FC, E8, 6B, 2A, 00, 00, FF, 15, 38, 30, 42, 00, A3, 30, CE, 42, 00, E8... 
[+]

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

136 KB (139,264 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to mpdedicated.com (173.192.48.97:80)

TCP (HTTP):

Connects to 94.31.29.128.IPYX-077437-ZYO.above.net (94.31.29.128:80)

TCP (HTTP):

Connects to h88-150-240-195.host.redstation.co.uk (88.150.240.195:80)

TCP (HTTP):

Connects to amung.us (67.202.94.86:80)

TCP (HTTP SSL):

Connects to wb-in-f154.1e100.net (66.102.1.154:443)

TCP (HTTP):

Connects to a23-43-139-27.deploy.static.akamaitechnologies.com (23.43.139.27:80)

TCP (HTTP):

Connects to a23-43-133-163.deploy.static.akamaitechnologies.com (23.43.133.163:80)

TCP (HTTP SSL):

Connects to wb-in-f157.1e100.net (66.102.1.157:443)

TCP (HTTP SSL):

Connects to wb-in-f156.1e100.net (66.102.1.156:443)

TCP (HTTP SSL):

Connects to wb-in-f155.1e100.net (66.102.1.155:443)

TCP (HTTP):

Connects to wb-in-f100.1e100.net (66.102.1.100:80)

TCP (HTTP):

Connects to cache.google.com (84.15.64.17:80)

TCP (HTTP):

Connects to a23-51-229-163.deploy.static.akamaitechnologies.com (23.51.229.163:80)

TCP (HTTP):

Connects to a23-50-197-163.deploy.static.akamaitechnologies.com (23.50.197.163:80)

Remove grandautoadventure.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.