home

qGNA.exe

QGNA

Syncopate LLC

The application qGNA.exe, “GameNet Application” by Syncopate has been detected as a potentially unwanted program by 11 anti-malware scanners. While running, it connects to the Internet address relay.gamenet.ru on port 5222.
Publisher:
GGS  (signed by Syncopate LLC)

Product:
QGNA

Description:
GameNet Application

Version:
1,51,888,b605ca84e92a5a2d55db49437bb62fa010eaa65e

MD5:
7a83690fe590dbe4193ad0abe561cf2b

SHA-1:
9883e840917d757a1106ccffbc88e04b98e7f03d

SHA-256:
652d751f38a0b9ed78b2541f9cbe2241ce442f781eab62916292c66e4f8f9f0a

Scanner detections:
11 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 2:32:38 PM UTC  (today)

Scan engine
Detection
Engine version

Bitdefender
Gen:Variant.Strictor.79481
1.0.20.520

Bkav FE
W32.HfsAdware
1.3.0.6379

Emsisoft Anti-Malware
Gen:Variant.Strictor.79481
8.15.04.14.05

F-Secure
Gen:Variant.Strictor.79481
11.2015-14-04_3

G Data
Gen:Variant.Strictor.79481
15.4.25

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.8.6.0

McAfee
Artemis!ABDFB6E186F4
5600.6795

MicroWorld eScan
Gen:Variant.Strictor.79481
16.0.0.312

Qihoo 360 Security
Malware.QVM10.Gen
1.0.0.1015

Reason Heuristics
PUP.Syncopate
15.4.14.13

Trend Micro House Call
Suspicious_GEN.F47V0314
7.2.104

File size:
1.7 MB (1,800,048 bytes)

Product version:
1,51,888,b605ca84e92a5a2d55db49437bb62fa010eaa65e

Copyright:
Copyright(c) 2010 - 2013

Original file name:
qGNA.exe

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:
Syncopate LLC

Authority:
VeriSign, Inc.

Valid from:
8/14/2013 4:00:00 AM

Valid to:
11/14/2015 3:59:59 AM

Subject:
CN=Syncopate LLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Syncopate LLC, L=Moscow, S=Moscow, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
251831462EB15F30D8171D997EF0184B

File PE Metadata
Compilation timestamp:
4/30/2014 12:22:36 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:/jNr+KAWAQ+lY5POwAJEVezllDMI8P0F4C1KQb4vDB38m7ZyhGUkknGae8YAtxyZ:bNmWAXrWeRaIl46nmd1H8TzG

Entry address:
0x7B498

Entry point:
E8, 63, 07, 00, 00, E9, 1C, FD, FF, FF, FF, 25, 50, A5, 48, 00, CC, CC, CC, CC, CC, CC, CC, CC, 53, 57, 33, FF, 8B, 44, 24, 10, 0B, C0, 7D, 14, 47, 8B, 54, 24, 0C, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 10, 89, 54, 24, 0C, 8B, 44, 24, 18, 0B, C0, 7D, 13, 8B, 54, 24, 14, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 18, 89, 54, 24, 14, 0B, C0, 75, 1B, 8B, 4C, 24, 14, 8B, 44, 24, 10, 33, D2, F7, F1, 8B, 44, 24, 0C, F7, F1, 8B, C2, 33, D2, 4F, 79, 4E, EB, 53, 8B, D8, 8B, 4C, 24, 14, 8B, 54, 24, 10, 8B, 44, 24, 0C...
 
[+]

Code size:
541.5 KB (554,496 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP:
Connects to relay.gamenet.ru  (31.25.225.89:5222)

Remove qGNA.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.