home

monstertrucksafari.exe

Gamehitzone Inc.

The application monstertrucksafari.exe by Gamehitzone has been detected as a potentially unwanted program by 2 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. While running, it connects to the Internet address mpdedicated.com on port 80 using the HTTP protocol.
Publisher:
Gamehitzone Inc.  (signed and verified)

MD5:
e9436b55a6fc24286424952fad7db0a2

SHA-1:
7d6a106bdddf2b43b5f9e47da39ba74a115c6614

SHA-256:
ecdff3678d55c3b185edf720b9f66657fb685474cdee7eacd84af074a1309b06

Scanner detections:
2 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/25/2024 1:11:00 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.151031

Reason Heuristics
PUP.Gamehitzone (M)
15.10.31.20

File size:
204.7 KB (209,616 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\gamehitzone.com\monstertrucksafari\monstertrucksafari.exe

Digital Signature
Signed by:
Gamehitzone Inc.

Authority:
GlobalSign nv-sa

Valid from:
10/3/2014 5:33:05 PM

Valid to:
1/3/2018 4:33:05 PM

Subject:
E=abuse@gamehitzone.com, CN=Gamehitzone Inc., O=Gamehitzone Inc., L=Belize City, S=Belize, C=BZ

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11212DA109C716E14D8F300F2D8DD9ACEBA0

File PE Metadata
Compilation timestamp:
8/14/2015 9:31:04 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:DEY5rvPqg0/dtX9RcZ36fzCuVNjSO/l0QIPx2JcVmOFuwMXHXaBfU+oWiwYKevM:drP7sTX9frmmOFzMmiwHUM

Entry address:
0x19F73

Entry point:
55, 8B, EC, 6A, FF, 68, 20, 43, 42, 00, 68, 08, CC, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 3C, 30, 42, 00, 33, D2, 8A, D4, 89, 15, 4C, B7, 42, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 48, B7, 42, 00, C1, E1, 08, 03, CA, 89, 0D, 44, B7, 42, 00, C1, E8, 10, A3, 40, B7, 42, 00, 33, F6, 56, E8, 26, 16, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, B0, 00, 00, 00, 59, 89, 75, FC, E8, 6B, 2A, 00, 00, FF, 15, 38, 30, 42, 00, A3, 50, CE, 42, 00, E8...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
136 KB (139,264 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to mpdedicated.com  (173.192.48.97:80)

TCP (HTTP):
Connects to 94.31.29.128.IPYX-077437-ZYO.above.net  (94.31.29.128:80)

TCP (HTTP SSL):
Connects to wb-in-f155.1e100.net  (66.102.1.155:443)

TCP (HTTP SSL):
Connects to wb-in-f154.1e100.net  (66.102.1.154:443)

TCP (HTTP SSL):
Connects to server-54-192-159-248.sin3.r.cloudfront.net  (54.192.159.248:443)

TCP (HTTP):
Connects to rio01s21-in-f14.1e100.net  (172.217.29.78:80)

TCP (HTTP):
Connects to bom05s10-in-f142.1e100.net  (216.58.203.142:80)

TCP (HTTP):
Connects to 131.subnet180-250-66.speedy.telkom.net.id  (180.250.66.131:80)

Remove monstertrucksafari.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.