home

ogpinst.exe

Gamefactory, Inc

The application ogpinst.exe by Gamefactory, Inc has been detected as a potentially unwanted program by 3 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This file is typically installed with the program Chibi Kart by OGPlanet, Inc. The file has been seen being downloaded from ogplanet.en.softonic.com and multiple other hosts.
Publisher:
Gamefactory, Inc  (signed and verified)

MD5:
782092e6b51e806ece72d8b829a02ad5

SHA-1:
3b896bc1e7296c9d6c95fd6dc66affdb446b8fd8

SHA-256:
f0808f1820bf2f0dc4e11516222687aca1fc3d849f884db3077359bc3d2b797e

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 5:38:37 AM UTC  (today)

Scan engine
Detection
Engine version

F-Prot
W32/Banker.T.gen
4.6.5.141

Reason Heuristics
PUP.Gamefactory.H
14.6.11.18

Trend Micro House Call
TROJ_GE.388F1079
7.2.162

File size:
5.6 MB (5,916,528 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\ogpinst.exe

Digital Signature
Signed by:
Gamefactory, Inc

Authority:
GoDaddy.com, Inc.

Valid from:
10/26/2011 11:37:19 PM

Valid to:
10/25/2014 2:13:42 PM

Subject:
CN="Gamefactory, Inc", OU=OGPlanet, O="Gamefactory, Inc", L=Torrance, S=CA, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
4E865D9503B8C3

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:dc11/G0oFpWYGCXXPNW69ZYua2PEghHoxUN0Ih3Y6zJhYBUjMMkg5ktDpLClM:dc10pWYdXfN39CZ1xUuIJblWyDkh3Ll

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.8913

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file ogpinst.exe has been discovered within the following program.

Chibi Kart  by OGPlanet, Inc
ck.ogplanet.com
About 9% of users remove it
 
Powered by Should I Remove It?

The file ogpinst.exe has been seen being distributed by the following 3 URLs.

http://ogplanet.en.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAOGMtfd GVMLvQsHqQHA2XCZXoJmcm4DvJOIFcT5yn6SULp5m9yEEycs7dEUTMsRKpAozApDtB2h9zVllJolkILRuWCKIPnpqcvfavxgIIq/.../Xjg8wk=

http://static.ogplanet.com/static/.../ogpinst_us.exe

http://static.ogplanet.com/static/.../ogpinst.exe

Remove ogpinst.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.