home

greengamesandham_unlockgames.exe

Installer

OpenInstall, Inc.

The application greengamesandham_unlockgames.exe by OpenInstall has been detected as adware by 10 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from c10891052.r52.cf2.rackcdn.com. While running, it connects to the Internet address www.ibbalance.com on port 443.
Publisher:
OpenInstall   (signed by OpenInstall, Inc.)

Product:
Installer

Version:
1,18,0,2210

MD5:
cb18544207a6f1567a20ec0181a9ecc7

SHA-1:
d712667648f30cb89ecea67e8373fd1044bf55d6

SHA-256:
7690da2d8b09d331e8674ed4148d0bbba8c8b00fdde110d7cee02e545a25c936

Scanner detections:
10 / 68

Status:
Adware

Explanation:
Includes Open Install, an installer which bundles legitimate programs with offers for additional 3rd-party applications that may be unwanted by the user.

Analysis date:
4/26/2024 10:25:54 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.OpenInstall
7.1.1

Comodo Security
UnclassifiedMalware
16786

Dr.Web
Adware.Downware.1348
9.0.1.06

ESET NOD32
Win32/OpenInstall (variant)
10.8700

Fortinet FortiGate
W32/OpenInstall
1/6/2016

MicroWorld eScan
Win32/OpenInstall
17.0.0.18

Reason Heuristics
PUP.OpenInstall.Installer (M)
16.1.6.10

Sophos
Open Install
4.91

SUPERAntiSpyware
Adware.InstallMate
9402

Trend Micro House Call
TROJ_GEN.R047H01FB13
7.2.6

File size:
333.1 KB (341,112 bytes)

Product version:
1,18,0,2210

Copyright:
Copyright © 2012

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\greengamesandham_unlockgames.exe

Digital Signature
Signed by:
OpenInstall, Inc.

Authority:
DigiCert Inc

Valid from:
11/20/2011 7:00:00 PM

Valid to:
1/24/2013 7:00:00 AM

Subject:
CN="OpenInstall, Inc.", O="OpenInstall, Inc.", L=San Francisco, S=California, C=US

Issuer:
CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
07AE9941492080181D2477353500DE05

File PE Metadata
Compilation timestamp:
3/10/2012 10:50:25 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
6144:pSQfhYCjILkOUvJyWRJFLnWOuqWGK7HneaUhKl24vCHD98YVyU7Fwmjl:MQfqwuUvJyWRf7WZLoh/1j+YVFFwol

Entry address:
0xDB570

Entry point:
60, BE, 00, D0, 49, 00, 8D, BE, 00, 40, F6, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.3723

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
252 KB (258,048 bytes)

The file greengamesandham_unlockgames.exe has been seen being distributed by the following URL.

http://c10891052.r52.cf2.rackcdn.com/.../GreenGamesAndHam_UnlockGames.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.softologic.com  (174.37.181.31:80)

TCP (HTTP SSL):
Connects to www.ibbalance.com  (173.192.190.227:443)

TCP (HTTP):
Connects to stats-182385724-1591972470.us-east-1.elb.amazonaws.com  (54.221.252.69:80)

Remove greengamesandham_unlockgames.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.