Multi-License Discount Quote

Change Region

English
Threat Database Adware Adware.Free Games

Adware.Free Games

By CagedTech in Adware

Threat Scorecard

Popularity Rank: 6,571
Threat Level: 20 % (Normal)
Infected Computers: 44,075
First Seen: December 3, 2013
Last Seen: May 16, 2026
OS(es) Affected: Windows

File System Details

Adware.Free Games may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. A0095801.dll c22adee6cbbb6e8004675551311b0873 10,651
2. A0102793.dll 2277a03acf6e7e9713155e840b9d57f7 7,443
3. ScriptHost64.dll aa03383520bb9277760de011667a0ccc 3,990
4. ScriptHost.dll 95b6d6694a16363f0857accffd743387 3,278
5. freegames115SetupW.exe ec64ee867767e43570e2e6824968210d 1
More files

Registry Details

Adware.Free Games may create the following registry entry or registry entries:
CLSID
{045F91B3-695F-423A-98C7-8DE3C47AA020}
{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
{16F7ED3A-ECD8-46C7-8FD3-E4A8C79884D7}
{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
{19975B78-1907-4DD6-A437-4C48120F46A4}
{1C1CAA5E-399B-4226-997D-DB55DE412FB1}
{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
{562B9317-C08A-444A-9482-62080DD851AE}
{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
{A1440EC3-F0FA-407A-B811-DE6668C06D29}
{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
{C120A687-EFD3-408B-BCB4-7A44E9932B28}
{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
{C45EC9F0-8333-465D-9728-074BD41985C9}
{C815E3DA-0823-49B0-9270-D1771D58B317}
{E1B14679-BD01-4491-BF53-4C873B2E5CEB}
{E4A994B0-5550-4680-A4C6-B9470B888069}
{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
{F9EB11AB-9384-4736-9B33-993940F88895}
HKEY..\..\..\..{RegistryKeys}
SOFTWARE\Classes\Free Games 111.BackgroundHostObject
SOFTWARE\Classes\Free Games 111.BackgroundHostObject.1
SOFTWARE\Classes\Free Games 111.Navbar
SOFTWARE\Classes\Free Games 111.Navbar.1
SOFTWARE\Classes\Free Games 111.ScriptHostObject
SOFTWARE\Classes\Free Games 111.ScriptHostObject.1
SOFTWARE\Classes\Free Games 111.Tool
SOFTWARE\Classes\Free Games 111.Tool.1
SOFTWARE\Classes\Free Games 115.BackgroundHostObject
SOFTWARE\Classes\Free Games 115.BackgroundHostObject.1
SOFTWARE\Classes\Free Games 115.Navbar
SOFTWARE\Classes\Free Games 115.Navbar.1
SOFTWARE\Classes\Free Games 115.ScriptHostObject
SOFTWARE\Classes\Free Games 115.ScriptHostObject.1
SOFTWARE\Classes\Free Games 115.Tool
SOFTWARE\Classes\Free Games 115.Tool.1
SOFTWARE\Google\Chrome\Extensions\abckmpjbfjfoabjhefcbpdckdfikghpp
Software\Microsoft\Internet Explorer\Approved Extensions\{C45EC9F0-8333-465D-9728-074BD41985C9}
Software\Microsoft\Internet Explorer\Approved Extensions\{F4BD3468-8241-488D-B013-953D090FADCE}
Software\Microsoft\Internet Explorer\Approved Extensions\{FB39D4AB-27D9-4713-9942-910644E663E3}
Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\zulagames.com
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C45EC9F0-8333-465D-9728-074BD41985C9}
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4BD3468-8241-488D-B013-953D090FADCE}
Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C45EC9F0-8333-465D-9728-074BD41985C9}
Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F4BD3468-8241-488D-B013-953D090FADCE}
Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C45EC9F0-8333-465D-9728-074BD41985C9}
Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4BD3468-8241-488D-B013-953D090FADCE}
SOFTWARE\Wow6432Node\Google\Chrome\Extensions\abckmpjbfjfoabjhefcbpdckdfikghpp
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{F4BD3468-8241-488D-B013-953D090FADCE}
HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}
Free Games 111
Free Games 115

Directories

Adware.Free Games may create the following directory or directories:

%APPDATA%\freegames111
%APPDATA%\freegames115
%APPDATA%\freegames119
%LocalAppData%\Google\Chrome\User Data\Default\Extensions\abckmpjbfjfoabjhefcbpdckdfikghpp
%PROGRAMFILES%\Free Games 111
%PROGRAMFILES%\Free Games 115
%PROGRAMFILES(X86)%\Free Games 111
%PROGRAMFILES(X86)%\Free Games 115

URLs

Adware.Free Games may call the following URLs:

@ZulaGames
Free Games 111
Free Games 115

Analysis Report

General information

Family Name: Adware.Free Games
Signature status: Root Not Trusted

Known Samples

MD5: e4269f5633182e1fd61da014ef8f670d
SHA1: 9d1b13268f38f89d8adda542fd19857c7c965e5c
SHA256: 70C6E9FF8316DCFC34468E86A05CA6EC2A37848D4FD34249D38C466068293FAB
File Size: 1.27 MB, 1271560 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name CodecPerformer
File Description CodecPerformer
File Version 14.9.12.8
Internal Name CodecPerformer
Legal Copyright Copyright 2014
Original Filename CodecPerformerSetup.exe
Product Name CodecPerformer
Product Version 14.9.12.8

Digital Signatures

Signer Root Status
PurpleTech Software Inc Go Daddy Class 2 Certification Authority Root Not Trusted

Block Information

Total Blocks: 1,186
Potentially Malicious Blocks: 63
Whitelisted Blocks: 1,123
Unknown Blocks: 0

Visual Map

0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 2 0 0 1 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 1 0 0 0 1 0 0 0 0 0 0 1 1 0 0 0 1 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 1 0 0 0 0 0 0 x 0 0 0 0 0 1 0 0 0 0 0 0 x 0 0 0 0 0 0 0 1 1 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 x 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 1 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 2 2 0 1 0 x 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 x 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 2 1 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 0 1 0 0 0 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 x x 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 3 0 0 0 0 0 0 0 0 0 3 x 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1 0 1 1 0 x x x x 0 0 0 x 0 x x x x x x 0 x x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 x 0 0 x 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 x 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x 0 x x x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 1 0 1 0 1 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • InstallBrain.A

Files Modified

File Attributes
c:\users\user\appdata\local\temp\wrfgovemnsact\tmppack.exe Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 쮿ݪǜ RegNtPreCreateKey

Windows API Usage

Category API
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
Show More
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • UNKNOWN
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation
Process Terminate
  • TerminateProcess

Shell Command Execution

C:\Users\Nnrlmrjl\AppData\Local\Temp\WRFGOVEMNSACT\tmppack.exe -y

Trending

Most Viewed

Loading...