home

ogpsteam.exe

Gamefactory, Inc

The application ogpsteam.exe by Gamefactory, Inc has been detected as a potentially unwanted program by 3 anti-malware scanners. This file is typically installed with the program Tales Runner by Rhaon Entertainment. While running, it connects to the Internet address 149.126.74.238.ip.incapdns.net on port 80 using the HTTP protocol.
Publisher:
Gamefactory, Inc  (signed and verified)

MD5:
254fe0bff5f1f3a7b7f4865747b0f495

SHA-1:
3420af561e5c3a91f3f6bd1cded48d2e243f4b8a

SHA-256:
76aa4503f5f0c2357a95101ea6b930f298c4d2352e83cd7daa4898e32664990d

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 12:54:58 AM UTC  (today)

Scan engine
Detection
Engine version

F-Prot
W32/Banker.T.gen
v6.4.6.5.141

Reason Heuristics
PUP.Gamefactory
15.4.14.20

Trend Micro House Call
Suspicious_GEN.F47V0218
7.2.105

File size:
3.4 MB (3,555,904 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\steam\steamapps\common\tales runner\ogpsteam.exe

Digital Signature
Signed by:
Gamefactory, Inc

Authority:
GoDaddy.com, Inc.

Valid from:
10/26/2011 8:37:19 PM

Valid to:
10/25/2014 11:13:42 AM

Subject:
CN="Gamefactory, Inc", OU=OGPlanet, O="Gamefactory, Inc", L=Torrance, S=CA, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
4E865D9503B8C3

File PE Metadata
Compilation timestamp:
10/16/2014 9:24:01 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:5WNhja+WtMS2ddddddd7NccccccccccccccccccccccccccccccccccccccccccE:EPI32ddddddd7NcccccccccccccccccL

Entry address:
0x1C1574

Entry point:
55, 8B, EC, 83, C4, E4, 33, C0, 89, 45, E8, 89, 45, E4, 89, 45, EC, B8, EC, 61, 5B, 00, E8, 6D, 94, E4, FF, 33, C0, 55, 68, 5B, 16, 5C, 00, 64, FF, 30, 64, 89, 20, 8D, 55, EC, B8, 01, 00, 00, 00, E8, 3E, 30, E4, FF, 8B, 45, EC, BA, 74, 16, 5C, 00, E8, 79, 60, E4, FF, 75, 49, 6A, 40, 68, 8C, 16, 5C, 00, 8D, 55, E4, B8, 1E, 00, 00, 00, E8, FF, 26, E5, FF, FF, 75, E4, 68, 24, 18, 5C, 00, 8D, 45, E8, BA, 03, 00, 00, 00, E8, 2E, 5F, E4, FF, 8B, 45, E8, E8, EA, 59, E4, FF, 8B, D0, B9, 2C, 18, 5C, 00, A1, E0, 95...
 
[+]

Entropy:
5.2236

Developed / compiled with:
Microsoft Visual C++

Code size:
1.7 MB (1,834,496 bytes)

The file ogpsteam.exe has been discovered within the following program.

Tales Runner  by Rhaon Entertainment
tr.ogplanet.com/en/main.og
About 5% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to s3-1.amazonaws.com  (52.216.65.227:443)

TCP (HTTP SSL):
Connects to mpsnare.iesnare.com  (52.129.70.14:443)

TCP (HTTP):
Connects to 149.126.74.238.ip.incapdns.net  (149.126.74.238:80)

TCP (HTTP):
Connects to 149.126.73.238.ip.incapdns.net  (149.126.73.238:80)

TCP (HTTP):
Connects to 103.28.249.238.ip.incapdns.net  (103.28.249.238:80)

TCP (HTTP SSL):
Connects to 199.83.135.238.ip.incapdns.net  (199.83.135.238:443)

Remove ogpsteam.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.