File name:

GameRangerSetup.exe

Full analysis: https://app.any.run/tasks/1e7b4720-4421-455e-a8ef-22e1cfc59c77
Verdict: Malicious activity
Analysis date: March 14, 2024, 22:07:28
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

7F4C3472EFCBE0D231DD5C5305FE6DB6

SHA1:

EB6F1798792B4CEAF3AFF9468A7378EC7196676F

SHA256:

F4BE971E242923DEC1E22995EB1907FE45A90A617E738EFFF001085B1FFB27D6

SSDEEP:

1536:YgkNPnEO0brG38GI/cqTzcD6U2qBpjuBrq2qBXWXxXOE8L:DNFG8h/cmcBpjuBrq/BmBGL

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • GameRangerSetup.exe (PID: 3672)
      • GameRanger.exe (PID: 2044)

    • Create files in the Startup directory

      • GameRangerSetup.exe (PID: 3672)

  • SUSPICIOUS

    • Connects to unusual port

      • GameRangerSetup.exe (PID: 3672)

    • Creates a software uninstall entry

      • GameRanger.exe (PID: 2044)
      • GameRangerSetup.exe (PID: 3672)

    • Searches for installed software

      • GameRanger.exe (PID: 2044)

    • Executable content was dropped or overwritten

      • GameRangerSetup.exe (PID: 3672)
      • GameRanger.exe (PID: 2044)

    • Process drops legitimate windows executable

      • GameRanger.exe (PID: 2044)

    • Application launched itself

      • GameRanger.exe (PID: 2044)

  • INFO

    • Checks supported languages

      • GameRangerSetup.exe (PID: 3672)
      • GameRanger.exe (PID: 2044)
      • wmpnscfg.exe (PID: 3228)
      • GameRanger.exe (PID: 3936)

    • Reads the computer name

      • GameRangerSetup.exe (PID: 3672)
      • GameRanger.exe (PID: 2044)
      • wmpnscfg.exe (PID: 3228)

    • Reads the machine GUID from the registry

      • GameRangerSetup.exe (PID: 3672)
      • GameRanger.exe (PID: 2044)

    • Creates files or folders in the user directory

      • GameRanger.exe (PID: 2044)
      • GameRangerSetup.exe (PID: 3672)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 3228)

    • Create files in a temporary directory

      • GameRanger.exe (PID: 2044)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2009:07:08 01:52:54+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 45056
InitializedDataSize: 65536
UninitializedDataSize: -
EntryPoint: 0xa3d2
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (Australian)
CharacterSet: Unicode
Comments: -
CompanyName: GameRanger Technologies
FileDescription: GameRanger
FileVersion: 1, 0, 0, 0
InternalName: GameRanger
LegalCopyright: Copyright © 1997-2009 GameRanger Technologies. All Rights Reserved.
LegalTrademarks: -
OriginalFileName: -
PrivateBuild: -
ProductName: GameRanger
ProductVersion: 1, 0, 0, 0
SpecialBuild: -
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
40
Monitored processes
4
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start gamerangersetup.exe gameranger.exe wmpnscfg.exe no specs gameranger.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2044"C:\Users\admin\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe"C:\Users\admin\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
GameRangerSetup.exe
User:
admin
Company:
GameRanger Pty Ltd
Integrity Level:
MEDIUM
Description:
GameRanger
Exit code:
0
Version:
1, 0, 0, 0
Modules
Images
c:\users\admin\appdata\roaming\gameranger\gameranger\gameranger.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mfc42.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
3228"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
3672"C:\Users\admin\AppData\Local\Temp\GameRangerSetup.exe" C:\Users\admin\AppData\Local\Temp\GameRangerSetup.exe
explorer.exe
User:
admin
Company:
GameRanger Technologies
Integrity Level:
MEDIUM
Description:
GameRanger
Exit code:
0
Version:
1, 0, 0, 0
Modules
Images
c:\users\admin\appdata\local\temp\gamerangersetup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mfc42.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
3936"C:\Users\admin\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe" --lang=en-US --locales-dir-path="C:\Users\admin\AppData\Roaming\GameRanger\GameRanger Prefs\Components\c1\Resources\locales\\" --log-file="C:\Users\admin\AppData\Roaming\GameRanger\GameRanger\debug.log" --log-severity=disable --resources-dir-path="C:\Users\admin\AppData\Roaming\GameRanger\GameRanger Prefs\Components\c1\Resources\\" --type=renderer --ns=1 --ppid=2044 --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="2044.0.1921185038\124908774" /prefetch:673131151C:\Users\admin\AppData\Roaming\GameRanger\GameRanger\GameRanger.exeGameRanger.exe
User:
admin
Company:
GameRanger Pty Ltd
Integrity Level:
MEDIUM
Description:
GameRanger
Exit code:
0
Version:
1, 0, 0, 0
Modules
Images
c:\users\admin\appdata\roaming\gameranger\gameranger\gameranger.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mfc42.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
Total events
3 162
Read events
3 139
Write events
23
Delete events
0

Modification events

(PID) Process:(3672) GameRangerSetup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\GameRanger
Operation:writeName:Comments
Value:
GameRanger - play your friends online
(PID) Process:(3672) GameRangerSetup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\GameRanger
Operation:writeName:DisplayName
Value:
GameRanger
(PID) Process:(3672) GameRangerSetup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\GameRanger
Operation:writeName:DisplayIcon
Value:
C:\Users\admin\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
(PID) Process:(3672) GameRangerSetup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\GameRanger
Operation:writeName:HelpLink
Value:
http://www.GameRanger.com/support/
(PID) Process:(3672) GameRangerSetup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\GameRanger
Operation:writeName:InstallLocation
Value:
C:\Users\admin\AppData\Roaming\GameRanger\GameRanger
(PID) Process:(3672) GameRangerSetup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\GameRanger
Operation:writeName:Publisher
Value:
GameRanger Technologies
(PID) Process:(3672) GameRangerSetup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\GameRanger
Operation:writeName:URLInfoAbout
Value:
http://www.GameRanger.com/
(PID) Process:(3672) GameRangerSetup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\GameRanger
Operation:writeName:NoModify
Value:
1
(PID) Process:(3672) GameRangerSetup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\GameRanger
Operation:writeName:NoRemove
Value:
0
(PID) Process:(3672) GameRangerSetup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\GameRanger
Operation:writeName:NoRepair
Value:
1
Executable files
25
Suspicious files
7
Text files
0
Unknown types
58

Dropped files

PID
Process
Filename
Type
3672GameRangerSetup.exeC:\Users\admin\AppData\Roaming\GameRanger\GameRanger\Data\Plug-Ins\Archivebinary
MD5:ED79C80396FC905885C21C82D102D5BB
SHA256:0C2D8B3F9681D5DAF74BE2AA9384C2B3D9A98E2B9E2C2999B6F456398C407ED3
3672GameRangerSetup.exeC:\Users\admin\AppData\Roaming\GameRanger\GameRanger\Data\Plug-Ins\Quake III - Team Arena Demoexecutable
MD5:7C19D82A0A73598AF25FC56864B819B8
SHA256:A3C2BFBE8382556E8E925435C51E6A65B8962978278BD0FB38FB0757158AEF9C
3672GameRangerSetup.exeC:\Users\admin\AppData\Roaming\GameRanger\GameRanger\Data\Plug-Ins\Quake II Demoexecutable
MD5:71DCF1379C473C3EDE38D781361F6577
SHA256:204FB7EB088C5DCA7D9301F347F68933520B9F90AF636686EEE517A2CAF378DE
3672GameRangerSetup.exeC:\Users\admin\AppData\Roaming\GameRanger\GameRanger\Data\Plug-Ins\Quake 4 Demoexecutable
MD5:5EB74D5DC67341770FA3005B5CB5EC10
SHA256:7646694E05224954AF31F1191E79A190BCFDED272CF4F65D5250161CA615D74E
3672GameRangerSetup.exeC:\Users\admin\AppData\Roaming\GameRanger\GameRanger\Data\Plug-Ins\Quakeexecutable
MD5:DBD0F04BD251DC52C3605A41F8AE771F
SHA256:937B95632B0051813024692561E04634BC5BB9C47BD7A11DB9A815387FECF264
3672GameRangerSetup.exeC:\Users\admin\AppData\Roaming\GameRanger\GameRanger\Data\GameRangerLaunch.dllexecutable
MD5:2B60C8E873747BF0317DE7457E733283
SHA256:0E035BE8B32F55A91FBE2DAD33F04C19A10C9FB411380FC2F3066ADFF0E1FE77
3672GameRangerSetup.exeC:\Users\admin\AppData\Roaming\GameRanger\GameRanger\Data\Plug-Ins\Heretic II Demoexecutable
MD5:6905221F237FA67B05D36CA60ED79699
SHA256:77BEFAE8B14EC2FFC2CDC0A1E3A1194684BEB9F95193CEB83F531CF12CE9F18D
3672GameRangerSetup.exeC:\Users\admin\AppData\Roaming\GameRanger\GameRanger\Data\Plug-Ins\Doom 3executable
MD5:B6B18083D824585CD1E5587E73D9CA05
SHA256:E464D5197880488A0CFA8EB8576DD07C34A8B3A51B6F5B505E89E885AEA1AAED
3672GameRangerSetup.exeC:\Users\admin\AppData\Roaming\GameRanger\GameRanger\Data\Plug-Ins\Prey Demoexecutable
MD5:7685D30EDBBB57471937904C3CEBE170
SHA256:275D5524E85F21BAAB1A037497EAAE2B0E6B4923109F8D54D46558A0FAFC0D4E
2044GameRanger.exeC:\Users\admin\AppData\Roaming\GameRanger\GameRanger Prefs\Components\c1\icudtl.dat
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
3
TCP/UDP connections
8
DNS requests
4
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3672
GameRangerSetup.exe
GET
200
173.193.187.84:80
http://www.gameranger.com/download/Archive204X.gr_arc
unknown
binary
1.79 Mb
unknown
2044
GameRanger.exe
GET
302
173.193.187.84:80
http://www.GameRanger.com/download/component/c1.gr_arc
unknown
unknown
2044
GameRanger.exe
GET
200
173.193.187.84:80
http://dl1.GameRanger.com/c1.gr_arc
unknown
binary
22.0 Mb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
224.0.0.252:5355
unknown
1080
svchost.exe
224.0.0.252:5355
unknown
3672
GameRangerSetup.exe
173.193.187.87:16000
connect.gameranger.com
SOFTLAYER
US
unknown
3672
GameRangerSetup.exe
173.193.187.84:80
www.gameranger.com
SOFTLAYER
US
unknown
2044
GameRanger.exe
173.193.187.84:80
www.gameranger.com
SOFTLAYER
US
unknown

DNS requests

Domain
IP
Reputation
connect.gameranger.com
  • 173.193.187.87
unknown
www.gameranger.com
  • 173.193.187.84
unknown
www.GameRanger.com
  • 173.193.187.84
unknown
dl1.GameRanger.com
  • 173.193.187.84
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
GameRangerSetup.exe