Gamevance

By ZulaZuza in Adware

Translate To:

Threat Scorecard

Threat Level:	20 % (Normal)
Infected Computers:	45,819

First Seen:	July 24, 2009
Last Seen:	October 24, 2025
OS(es) Affected:	Windows

Gamevance is a service that provides online games in exchange for a user's agreement that anonymous information will be collected and used to display pop-up ads. More specifically, Gamevance's EULA provides:

"In exchange for offering you free games, we collect anonymous usage information from your computer that we and our partners may use to select and display pop-up and other kinds of ads to you and to perform and publish research about how people use the Internet." Based on this functionality, SpyHunter classifies Gamevance as "low risk adware."

Table of Contents

Aliases

15 security vendors flagged this file as malicious.

Antivirus Vendor	Detection
Ikarus	Win32.SuspectCrc
eSafe	Win32.Trojan
McAfee	Artemis!DED8D0005121
Avast	Win32:Gamevance-ED [PUP]
AntiVir	Adware/Gamevance.hfvd
BitDefender	Gen:Variant.Graftor.4235
Kaspersky	not-a-virus:AdWare.Win32.Gamevance.hfvd
Avast	Win32:PUP-gen [PUP]
McAfee	Artemis!17B0F868E25C
BitDefender	Trojan.Generic.KDV.519814
McAfee	GameVance.gen.w
Fortinet	Riskware/GameVance
AntiVir	Adware/Gamevance.hfrw
NOD32	Win32/Adware.Gamevance.BE
AntiVir	Adware/Gamevance.kae.7

SpyHunter Detects & Remove Gamevance

File System Details

Gamevance may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	catwsw864.sys	d996ff95e3eba312dd7afc0150b2f5d8	707
Name: catwsw864.sys MD5: d996ff95e3eba312dd7afc0150b2f5d8 Size: 42.6 KB (42600 bytes) Detections: 707 Type: System file Path: c:\windows\system32\drivers\catwsw864.sys Group: Malware file Last Updated: November 19, 2021
2.	VirusShare_17b0f868e25cfc41e78c01dff3b4f06c	17b0f868e25cfc41e78c01dff3b4f06c	94
Name: VirusShare_17b0f868e25cfc41e78c01dff3b4f06c MD5: 17b0f868e25cfc41e78c01dff3b4f06c Size: 108.03 KB (108032 bytes) Detections: 94 Path: E:\Folder 03\VirusShare_17b0f868e25cfc41e78c01dff3b4f06c Group: Malware file Last Updated: January 10, 2022
3.	playpicklelib32.dll	fb758d4431c0456649736695ee5846b4	11
Name: playpicklelib32.dll MD5: fb758d4431c0456649736695ee5846b4 Size: 257.02 KB (257024 bytes) Detections: 11 Type: Dynamic link library Path: %PROGRAMFILES%\Play Pickle Group: Malware file Last Updated: March 6, 2013
4.	gamevancelib32.dll	29fa01a3aedd1785f5d8230838059cda	10
Name: gamevancelib32.dll MD5: 29fa01a3aedd1785f5d8230838059cda Size: 108.03 KB (108032 bytes) Detections: 10 Type: Dynamic link library Path: %PROGRAMFILES%\Gamevance Group: Malware file Last Updated: February 22, 2013
5.	gvtl.dll	38db2075daff8e75050d489807545b21	10
Name: gvtl.dll MD5: 38db2075daff8e75050d489807545b21 Size: 283.13 KB (283136 bytes) Detections: 10 Type: Dynamic link library Path: %PROGRAMFILES%\Gamevance Group: Malware file Last Updated: April 22, 2013
6.	playpickle32.exe	a43e1877d964c710443684b73adae404	10
Name: playpickle32.exe MD5: a43e1877d964c710443684b73adae404 Size: 243.71 KB (243712 bytes) Detections: 10 Type: Executable File Path: %PROGRAMFILES%\Play Pickle Group: Malware file Last Updated: May 15, 2013
7.	ppun.exe	9db4c41ff05fdfe8edd3ea3db05eef72	8
Name: ppun.exe MD5: 9db4c41ff05fdfe8edd3ea3db05eef72 Size: 231.93 KB (231936 bytes) Detections: 8 Type: Executable File Path: %TEMP% Group: Malware file Last Updated: September 19, 2011
8.	Updater.exe	ded8d0005121dd1454ef0e5a08cbbf42	8
Name: Updater.exe MD5: ded8d0005121dd1454ef0e5a08cbbf42 Size: 117.42 KB (117424 bytes) Detections: 8 Type: Executable File Path: %SystemDrive%\Users\<username>\AppData\Local\RivalGaming Group: Malware file Last Updated: March 2, 2020
9.	pptl.dll	6c218921c43b316237e9b093d9a3a9d9	5
Name: pptl.dll MD5: 6c218921c43b316237e9b093d9a3a9d9 Size: 181.24 KB (181248 bytes) Detections: 5 Type: Dynamic link library Path: %PROGRAMFILES%\Play Pickle Group: Malware file Last Updated: November 19, 2018
10.	arcaderockstar32.exe	86cd7f9e0343654a6c874a12f7ad77bb	4
Name: arcaderockstar32.exe MD5: 86cd7f9e0343654a6c874a12f7ad77bb Size: 51.2 KB (51200 bytes) Detections: 4 Type: Executable File Path: %PROGRAMFILES%\ArcadeRockstar Group: Malware file Last Updated: February 28, 2011
11.	pptl.dll.tmp	50d84ef114e49cf10aa9f5e490f5b7b2	2
Name: pptl.dll.tmp MD5: 50d84ef114e49cf10aa9f5e490f5b7b2 Size: 181.24 KB (181248 bytes) Detections: 2 Type: Temporary File Path: %PROGRAMFILES%\Play Pickle Group: Malware file Last Updated: October 29, 2012
12.	mightymagoolib302.dll	44d5ab700fce62b28134961e62676348	1
Name: mightymagoolib302.dll MD5: 44d5ab700fce62b28134961e62676348 Size: 147.45 KB (147456 bytes) Detections: 1 Type: Dynamic link library Path: %PROGRAMFILES%\Mighty Magoossse Group: Malware file Last Updated: August 22, 2011
13.	gamevance32.exe	4307c43ac76ff1ddc942b27790fb9707	0
Name: gamevance32.exe MD5: 4307c43ac76ff1ddc942b27790fb9707 Size: 77.82 KB (77824 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009

More files

Analysis Report

General information

Family Name:	Adware.GameVance
Signature status:	Root Not Trusted

Known Samples

MD5: 44dceaa0cc11acae73675c4225473f04

SHA1: ce92fe04e3a28953b604c97ba53d7269567c8338

SHA256: F67635DAB513A1263D16A3298982E86E08A1C5F48C66BE37D8E75C2844751F52

File Size: 2.08 MB, 2079696 bytes

MD5: c1e74d966531d533f6da6fd3f149c745

SHA1: fa71c55abdd0d42e84028d10c176654f31aa3d2a

SHA256: 9D80BC694C0E581B942DCE86EEE2A3F5213E7542BCB3E3A7474912E78F5A12DA

File Size: 2.26 MB, 2264016 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File is .NET application
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Assembly Version	1.12.1043.0 1.4.342.0
Company Name	ArcadeSafari
File Description	ArcadeSafariInstaller
File Version	1.12.1043 1.4.342
Internal Name	RegularInstaller.exe
Legal Copyright	Copyright © ArcadeSafari 2012
Original Filename	RegularInstaller.exe
Product Name	ArcadeSafariInstaller
Product Version	1.12.1043 1.4.342

Digital Signatures

Signer	Root	Status
ArcadeSafari	VeriSign Class 3 Public Primary Certification Authority - G5	Root Not Trusted

Block Information

Total Blocks:	262
Potentially Malicious Blocks:	0
Whitelisted Blocks:	96
Unknown Blocks:	166

Visual Map

? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? 0 ? ? ? ? ? ? 0 0 ? 0 0 ? ? 0 ? ? ? ? ? ? ? 0 ? ? ? ? 0 ? 0 ? ? ? ? ? ? ? ? ? 0 ? ? ? 0 ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? ? ? 0 0 0 ? ? ? 0 0 ? 0 ? ? ? ? 0 ? ? ? ? ? 0 0 0 0 0 ? ? ? ? ? 0 ? ? ? 0 ? ? ? ? 0 0 ? ? ? 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 ? 0 ? ? 0 0 ? ? ? ? ? 0 0 0 0 ? ? ? 0 ? ? ? ? 0 0 ? ? 0 ? 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File	Attributes
\device\namedpipe\gmdasllogger	Generic Write,Read Attributes
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\62b5af9be9adc1085c3c56ec07a82bf6	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\7b8944ba8ad0efdf0e01a43ef62becd0_4357b63423fe84a03d7281dcd45c2441	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\8dfdf057024880d7a081afbf6d26b92f	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\62b5af9be9adc1085c3c56ec07a82bf6	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\7b8944ba8ad0efdf0e01a43ef62becd0_4357b63423fe84a03d7281dcd45c2441	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\8dfdf057024880d7a081afbf6d26b92f	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\windows\appcompat\programs\amcache.hve	Read Data,Read Control,Write Data

c:\windows\appcompat\programs\amcache.hve

Write Attributes

Registry Modifications

Key::Value	Data	API Name
HKLM\software\microsoft\systemcertificates\authroot\certificates\4eb6d578499b1ccf5f581ead56be3d9b6744a5e5::blob	់㇤㹧ৢ䗾鍗૳ᳺứ霞輫穆轙⊩㢅즔Sc愰ℰଆ虠ňŅᜇ〆〒ؐ⬊ĆĄ㞂ļ́ダ؟怉䢆蘁泽ĂሰူਆثЁ舁㰷āȃ쀀ᬰԆ腧Č〃〒ؐ⬊ĆĄ㞂ļ́翀Ā⨀　ب⬈Ćԅ̇؂⬈Ćԅ̇؃⬈Ćԅ̇؄⬈Ćԅ̇ँĀ⨀　ب⬈Ćԅ̇؂⬈Ćԅ	RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\4eb6d578499b1ccf5f581ead56be3d9b6744a5e5::blob		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\system\software\microsoft\tip\aggregateresults::data		RegNtPreCreateKey

Windows API Usage

Category	API
User Data Access	GetUserObjectInformation
Anti Debug	IsDebuggerPresent NtQuerySystemInformation
Encryption Used	BCryptOpenAlgorithmProvider
Other Suspicious	AdjustTokenPrivileges
Process Manipulation Evasion	NtUnmapViewOfSection ReadProcessMemory
Process Shell Execute	CreateProcess

Shell Command Execution


							C:\Windows\Microsoft.NET\Framework\v2.0.50727\\dw20.exe dw20.exe -x -s 1528

1 Comment

hadon875 16 years ago Reply

Gamevance can be simply and easily removed from control panel, add/remove programs (xp) or Programs and Features (vista/win 7), after you click on uninstall button and the process finishes restart your computer and you wont have gamevance anymore. I tried that and it worked very well for me.

Gamevance

Threat Scorecard

EnigmaSoft Threat Scorecard

Aliases

SpyHunter Detects & Remove Gamevance

File System Details

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

Block Information

Block Information

Visual Map

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

1 Comment

Submit Comment

Related Posts

Trending

Most Viewed