Adware.GameVance

By Sumo3000 in Adware

Translate To:

Threat Scorecard

Popularity Rank:	11,749
Threat Level:	20 % (Normal)
Infected Computers:	3,593

First Seen:	July 24, 2009
Last Seen:	December 26, 2025
OS(es) Affected:	Windows

GameVance is a free online gaming software which can be downloaded from the website 'gamevance.com'. The GameVance online games are offered in exchange for users' agreement to display pop-up, pop-under and other types of advertisements to users based on the information GameVance collects from those users.

GameVance does not pose a threat to your system. GameVvance does not store users' surfing history and it has an eTrust certificate. It is advised you read GameVvance 'Terms of Use' and 'Privacy Policy' to learn more on how they use your web usage activity. It is a violation of the Gamevance 'Terms of Use' if a person under 18 years of age opens a GameVance account. Therefore, if someone (such as your children) installed GameVance on your computer without your knowledge you may want to uninstall it.

If you wish to uninstall GameVance, because the pop-up, pop-under or other types of advertisements are objectionable, or for other reasons, you can uninstall GameVance using the Add/Remove Programs applet in your Windows Control Panel. If you're experiencing any problems uninstalling GameVance, you have the option of using SpyHunter to remove it.

Table of Contents

Aliases

15 security vendors flagged this file as malicious.

Antivirus Vendor	Detection
AVG	Skodna.Gamevance.ET
AntiVir	Adware/Adware.132608.1
Kaspersky	not-a-virus:AdWare.Win32.Gamevance.hrvb
Avast	Win32:Adware-gen [Adw]
McAfee	Artemis!B51196BC19FA
BitDefender	Gen:Adware.Heur.ly5@fr2ToVgi
Kaspersky	not-a-virus:AdWare.Win32.Gamevance.dyu
Symantec	Spyware.ADH
Ikarus	Net-Worm.Win32.Kolab
AntiVir	Adware/GameVance.A.119
Kaspersky	not-a-virus:AdWare.Win32.Gamevance.hnbc
McAfee	GameVance.gen.v
AVG	Skodna.Gamevance.AK
AntiVir	Adware/GameVA.C.276
Kaspersky	not-a-virus:AdWare.Win32.Gamevance.fte

SpyHunter Detects & Remove Adware.GameVance

File System Details

Adware.GameVance may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	mmagootl.dll	9919bc491e939e45919423a0669f249b	84
Name: mmagootl.dll MD5: 9919bc491e939e45919423a0669f249b Size: 167.93 KB (167936 bytes) Detections: 84 Type: Dynamic link library Path: %PROGRAMFILES%\Mighty Magoo Group: Malware file Last Updated: December 1, 2010
2.	SoapBox.exe	f0c4a1c3c5d64568822c494923996fc2	29
Name: SoapBox.exe MD5: f0c4a1c3c5d64568822c494923996fc2 Size: 1.01 MB (1017856 bytes) Detections: 29 Type: Executable File Path: C:\Program Files (x86)\SoapBox\SoapBox.exe Group: Malware file Last Updated: July 19, 2022
3.	pptl.dll	e0993cb664018ded1ee70e6b7152c2a8	4
Name: pptl.dll MD5: e0993cb664018ded1ee70e6b7152c2a8 Size: 301.05 KB (301056 bytes) Detections: 4 Type: Dynamic link library Path: %PROGRAMFILES%\Play Pickle Group: Malware file Last Updated: November 19, 2012
4.	mightymagoo32.exe	5f4b1f87973b23084913997bbfc63f26	4
Name: mightymagoo32.exe MD5: 5f4b1f87973b23084913997bbfc63f26 Size: 103.93 KB (103936 bytes) Detections: 4 Type: Executable File Path: %PROGRAMFILES(x86)%\Mighty Magoo Group: Malware file Last Updated: January 28, 2013
5.	playpicklelib32.dll	72469bc94d0b0eaf3cc580ba01359f2e	3
Name: playpicklelib32.dll MD5: 72469bc94d0b0eaf3cc580ba01359f2e Size: 137.72 KB (137728 bytes) Detections: 3 Type: Dynamic link library Path: %PROGRAMFILES%\Play Pickle Group: Malware file Last Updated: November 19, 2018
6.	livingplaylib32.dll	b51196bc19fa4148d4465035f7628b4b	2
Name: livingplaylib32.dll MD5: b51196bc19fa4148d4465035f7628b4b Size: 132.6 KB (132608 bytes) Detections: 2 Type: Dynamic link library Path: %PROGRAMFILES%\LivingPlay Group: Malware file Last Updated: May 13, 2013
7.	gamevance32.exe	40c8b32cc41b4500611bd31f81ed9177	1
Name: gamevance32.exe MD5: 40c8b32cc41b4500611bd31f81ed9177 Size: 311.29 KB (311296 bytes) Detections: 1 Type: Executable File Path: %PROGRAMFILES%\Gamevance Group: Malware file Last Updated: August 5, 2011
8.	playpicklelib32.dll.t.dll	3be1b45329eb5c2922d71f3b8d0362d7	1
Name: playpicklelib32.dll.t.dll MD5: 3be1b45329eb5c2922d71f3b8d0362d7 Size: 137.72 KB (137728 bytes) Detections: 1 Type: Dynamic link library Path: %PROGRAMFILES%\Play Pickle Group: Malware file Last Updated: November 1, 2011
9.	gamevancelib32.dll	b07617d2241ea05feedfed391c74746e	0
Name: gamevancelib32.dll MD5: b07617d2241ea05feedfed391c74746e Size: 165.88 KB (165888 bytes) Detections: 0 Type: Dynamic link library Path: C:\Program Files\Gamevance Group: Malware file Last Updated: January 16, 2018

More files

Registry Details

Adware.GameVance may create the following registry entry or registry entries:

CLSID

{BEAC7DC8-E106-4C6A-931E-5A42E7362883}

HKEY..\..\..\..{RegistryKeys}

SOFTWARE\Classes\AppID\GamevanceText.DLL

SOFTWARE\Classes\GamevanceText.Linker

SOFTWARE\Classes\GamevanceText.Linker.1

SOFTWARE\Classes\Wow6432Node\AppID\GamevanceText.DLL

Software\Microsoft\Internet Explorer\Approved Extensions\{02F0243C-2E71-4a1a-A790-6C30888119D0}

Software\Microsoft\Internet Explorer\Approved Extensions\{AEB04B5E-C981-47a9-B847-33EE4C92F6B9}

Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02F0243C-2E71-4a1a-A790-6C30888119D0}

Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEB04B5E-C981-47a9-B847-33EE4C92F6B9}

SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Play Pickle

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Play Pickle

HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}

Play Pickle

Directories

Adware.GameVance may create the following directory or directories:

%AppData%\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@plpickle.com

%LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\bllefkbpbefdodiiefpkcnigpicmhohe

%PROGRAMFILES%\Gamevance

%PROGRAMFILES%\Play Pickle

%PROGRAMFILES(x86)%\Gamevance

%PROGRAMFILES(x86)%\Play Pickle

URLs

Adware.GameVance may call the following URLs:

textlinks@gamevance.com

Analysis Report

General information

Family Name:	Adware.GameVance
Signature status:	Root Not Trusted

Known Samples

MD5: 44dceaa0cc11acae73675c4225473f04

SHA1: ce92fe04e3a28953b604c97ba53d7269567c8338

SHA256: F67635DAB513A1263D16A3298982E86E08A1C5F48C66BE37D8E75C2844751F52

File Size: 2.08 MB, 2079696 bytes

MD5: c1e74d966531d533f6da6fd3f149c745

SHA1: fa71c55abdd0d42e84028d10c176654f31aa3d2a

SHA256: 9D80BC694C0E581B942DCE86EEE2A3F5213E7542BCB3E3A7474912E78F5A12DA

File Size: 2.26 MB, 2264016 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File is .NET application
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Assembly Version	1.12.1043.0 1.4.342.0
Company Name	ArcadeSafari
File Description	ArcadeSafariInstaller
File Version	1.12.1043 1.4.342
Internal Name	RegularInstaller.exe
Legal Copyright	Copyright © ArcadeSafari 2012
Original Filename	RegularInstaller.exe
Product Name	ArcadeSafariInstaller
Product Version	1.12.1043 1.4.342

Digital Signatures

Signer	Root	Status
ArcadeSafari	VeriSign Class 3 Public Primary Certification Authority - G5	Root Not Trusted

Block Information

Total Blocks:	262
Potentially Malicious Blocks:	0
Whitelisted Blocks:	96
Unknown Blocks:	166

Visual Map

? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? 0 ? ? ? ? ? ? 0 0 ? 0 0 ? ? 0 ? ? ? ? ? ? ? 0 ? ? ? ? 0 ? 0 ? ? ? ? ? ? ? ? ? 0 ? ? ? 0 ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? ? ? 0 0 0 ? ? ? 0 0 ? 0 ? ? ? ? 0 ? ? ? ? ? 0 0 0 0 0 ? ? ? ? ? 0 ? ? ? 0 ? ? ? ? 0 0 ? ? ? 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 ? 0 ? ? 0 0 ? ? ? ? ? 0 0 0 0 ? ? ? 0 ? ? ? ? 0 0 ? ? 0 ? 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File	Attributes
\device\namedpipe\gmdasllogger	Generic Write,Read Attributes
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\62b5af9be9adc1085c3c56ec07a82bf6	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\7b8944ba8ad0efdf0e01a43ef62becd0_4357b63423fe84a03d7281dcd45c2441	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\8dfdf057024880d7a081afbf6d26b92f	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\62b5af9be9adc1085c3c56ec07a82bf6	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\7b8944ba8ad0efdf0e01a43ef62becd0_4357b63423fe84a03d7281dcd45c2441	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\8dfdf057024880d7a081afbf6d26b92f	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\windows\appcompat\programs\amcache.hve	Read Data,Read Control,Write Data

c:\windows\appcompat\programs\amcache.hve

Write Attributes

Registry Modifications

Key::Value	Data	API Name
HKLM\software\microsoft\systemcertificates\authroot\certificates\4eb6d578499b1ccf5f581ead56be3d9b6744a5e5::blob	់㇤㹧ৢ䗾鍗૳ᳺứ霞輫穆轙⊩㢅즔Sc愰ℰଆ虠ňŅᜇ〆〒ؐ⬊ĆĄ㞂ļ́ダ؟怉䢆蘁泽ĂሰူਆثЁ舁㰷āȃ쀀ᬰԆ腧Č〃〒ؐ⬊ĆĄ㞂ļ́翀Ā⨀　ب⬈Ćԅ̇؂⬈Ćԅ̇؃⬈Ćԅ̇؄⬈Ćԅ̇ँĀ⨀　ب⬈Ćԅ̇؂⬈Ćԅ	RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\4eb6d578499b1ccf5f581ead56be3d9b6744a5e5::blob		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\system\software\microsoft\tip\aggregateresults::data		RegNtPreCreateKey

Windows API Usage

Category	API
User Data Access	GetUserObjectInformation
Anti Debug	IsDebuggerPresent NtQuerySystemInformation
Encryption Used	BCryptOpenAlgorithmProvider
Other Suspicious	AdjustTokenPrivileges
Process Manipulation Evasion	NtUnmapViewOfSection ReadProcessMemory
Process Shell Execute	CreateProcess

Shell Command Execution


							C:\Windows\Microsoft.NET\Framework\v2.0.50727\\dw20.exe dw20.exe -x -s 1528

Adware.GameVance

Threat Scorecard

EnigmaSoft Threat Scorecard

Aliases

SpyHunter Detects & Remove Adware.GameVance

File System Details

Registry Details

Directories

URLs

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

Block Information

Block Information

Visual Map

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Related Posts

Trending

Most Viewed