home

siteunlocker.exe

Game Play Labs

This is the installer application for a 50onRed advertising supported software package (displays ads in the browser and may hijack the home and search pages of the web browser). The application siteunlocker.exe by Game Play Labs has been detected as adware by 29 anti-malware scanners. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links.
Publisher:
Game Play Labs  (signed and verified)

MD5:
0e56f33b2ced62e7abf0788b5bd78f1e

SHA-1:
14e350229abf9fe6ca4de6c2393f79992bfc1b80

SHA-256:
209187bcf44aaee8646121ec39fc6af21b0312d23226eb322a8304b5129df861

Scanner detections:
29 / 68

Status:
Adware

Explanation:
Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:
4/18/2024 9:18:05 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Graftor.50779
450

Agnitum Outpost
Trojan.Jolise
7.1.1

AhnLab V3 Security
Adware/Win32.GamePlayLabs
2014.01.13

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.124.236

avast!
Win32:Malware-gen
2014.9-151112

AVG
Hook.DL.dropper
2016.0.2928

Bitdefender
Gen:Variant.Graftor.50779
1.0.20.1580

Bkav FE
W32.Clod9de.Trojan
1.3.0.4613

Comodo Security
Heur.Suspicious
17602

Dr.Web
Trojan.DownLoader.origin
9.0.1.0316

Emsisoft Anti-Malware
Gen:Variant.Graftor.50779
8.15.11.12.11

ESET NOD32
Win32/Jolise (variant)
9.9281

Fortinet FortiGate
W32/GamePlayLabs
11/12/2015

G Data
Gen:Variant.Graftor.50779
15.11.22

IKARUS anti.virus
Trojan-Spy
t3scan.2.2.29

K7 AntiVirus
Trojan
13.175.10814

Kaspersky
not-a-virus:AdWare.Win32.GamePlayLabs
14.0.0.1133

McAfee
Artemis!0E56F33B2CED
5600.6584

MicroWorld eScan
Gen:Variant.Graftor.50779
16.0.0.948

NANO AntiVirus
Trojan.Win32.Monder.dsjtz
0.28.0.57029

Norman
Suspicious_Gen2.RMBBY
11.20151112

Panda Antivirus
Adware/GamePlayLabs
15.11.12.11

Reason Heuristics
PUP.50OnRed.GamePlayLabs.Installer (M)
15.11.12.11

Rising Antivirus
PE:Trojan.Win32.Generic.129417B6!311695286
23.00.65.151110

Sophos
Mal/Generic-S
4.96

Trend Micro House Call
TROJ_GEN.R47CEDD
7.2.316

Trend Micro
TROJ_GEN.R47CEDD
10.465.12

Vba32 AntiVirus
Adware.GamePlayLabs
3.12.24.3

VIPRE Antivirus
GamePlayLabs
25382

File size:
778.1 KB (796,744 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\siteunlocker.exe

Digital Signature
Signed by:
Game Play Labs

Authority:
VeriSign, Inc.

Valid from:
11/3/2010 5:00:00 PM

Valid to:
11/4/2011 4:59:59 PM

Subject:
CN=Game Play Labs, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Game Play Labs, L=Philadelphia, S=Pennsylvania, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6ACCE23BF8176B4E2BFCFFAB8FB3BB19

File PE Metadata
Compilation timestamp:
3/14/2010 11:27:50 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:9utr5OUtLvpY4jDewyaKVBo0KTX9aqtU1cNx1BVI:9uXTjDenlKTX9htecP7e

Entry address:
0xA7B1

Entry point:
E8, E3, FE, FF, FF, 33, C0, 50, 50, 50, 50, E8, BE, 2B, 00, 00, C3, 56, 57, 8B, 7C, 24, 0C, 8B, F1, 8B, CF, 89, 3E, E8, D0, A7, FF, FF, 89, 46, 08, 89, 56, 0C, 8B, 87, 1C, 0C, 00, 00, 89, 46, 10, 5F, 8B, C6, 5E, C2, 04, 00, 8B, C1, 8B, 08, 8B, 50, 10, 3B, 91, 1C, 0C, 00, 00, 75, 0D, 6A, 00, FF, 70, 0C, FF, 70, 08, E8, AF, AC, FF, FF, C3, 55, 8B, EC, 83, EC, 1C, 56, 33, F6, 56, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 40, 22, 41, 00, 85, C0, 74, 21, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 44, 22, 41, 00, 8D, 45, E4...
 
[+]

Entropy:
7.6811

Code size:
66 KB (67,584 bytes)

Remove siteunlocker.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.