GamePlayLabs

By ESGI Advisor in Adware

Threat Scorecard

Ranking:	10,674
Threat Level:	20 % (Normal)
Infected Computers:	1,874

First Seen:	April 29, 2011
Last Seen:	September 13, 2023
OS(es) Affected:	Windows

GamePlayLabs is a malignant adware application that is distributed through a network of websites that offer shopping discounts and web search help. GamePlayLabs will try to proliferate by sending a link that includes a malicious download to all user's email contacts. GamePlayLabs invades the affected computers through illegitimate browser-hijacking methods or via trojan infections using backdoor techniques to make damage undetected. If you install GamePlayLabs, it will slow down your browser and display lots of irritating advertisements. Meanwhile, the browser add-on will lead you to suspicious websites. GamePlayLabs may lead to unauthorized access to confidential data and hard drive information with a serious possibility of irretrievable data loss and unstable computer performance.

Table of Contents

Aliases

15 security vendors flagged this file as malicious.

Anti-Virus Software	Detection
AVG	Generic4.BKYU
AntiVir	Adware/GamePlayLabs.A.331
BitDefender	Adware.Generic.181197
Ikarus	AdWare.Win32.GamePlayLabs
AhnLab-V3	Trojan/Win32.ADH
AntiVir	Adware/GamePlayLabs.A.272
DrWeb	Adware.GamePlayLabs.2
Comodo	UnclassifiedMalware
BitDefender	Adware.Generic.169231
Kaspersky	not-a-virus:AdWare.Win32.GamePlayLabs.d
Avast	Win32:GamePlayLabs [PUP]
F-Prot	W32/GamePlay.B
McAfee	Artemis!08450716B70F
Panda	Adware/GamePlayLabs
Ikarus	Trojan-Spy

SpyHunter Detects & Remove GamePlayLabs

File System Details

GamePlayLabs may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	BHO.dll	d7dc7dfe31fa56bbf486e947d89c68f3	1,260
Name: BHO.dll MD5: d7dc7dfe31fa56bbf486e947d89c68f3 Size: 432.64 KB (432640 bytes) Detections: 1,260 Type: Dynamic link library Path: %LOCALAPPDATA%\Browser Plugin Group: Malware file Last Updated: December 30, 2020
2.	BHO.dll	91c805b06dc170f3279af1cb7eecc011	35
Name: BHO.dll MD5: 91c805b06dc170f3279af1cb7eecc011 Size: 433.15 KB (433152 bytes) Detections: 35 Type: Dynamic link library Path: %LOCALAPPDATA%\GamePlayLabs Plugin Group: Malware file Last Updated: May 23, 2011
3.	BHOU.dll	8770670ecc483b8f182bd4cab56a9021	4
Name: BHOU.dll MD5: 8770670ecc483b8f182bd4cab56a9021 Size: 434.17 KB (434176 bytes) Detections: 4 Type: Dynamic link library Path: %LOCALAPPDATA%\GamePlayLabs Plugin Group: Malware file Last Updated: April 29, 2011
4.	BHO.dll	08450716b70ff3d40544601f8dce0500	4
Name: BHO.dll MD5: 08450716b70ff3d40544601f8dce0500 Size: 436.35 KB (436352 bytes) Detections: 4 Type: Dynamic link library Path: C:\Users\<username>\AppData\Local\GamePlayLabs Plugin\BHO.dll Group: Malware file Last Updated: May 18, 2022
5.	BHO.dll	f2de86812b0671ad008f4a7bce0139a4	2
Name: BHO.dll MD5: f2de86812b0671ad008f4a7bce0139a4 Size: 436.86 KB (436864 bytes) Detections: 2 Type: Dynamic link library Path: %USERPROFILE%\Local Settings\Application Data\GamePlayLabs Plugin Group: Malware file Last Updated: November 5, 2020
6.	%TEMP%\nst41.tmp\UAC.dll
Name: %TEMP%\nst41.tmp\UAC.dll Type: Dynamic link library Group: Malware file
7.	%TEMP%\nst41.tmp\nsisos.dll
Name: %TEMP%\nst41.tmp\nsisos.dll Type: Dynamic link library Group: Malware file
8.	%TEMP%\nst41.tmp\UserInfo.dll
Name: %TEMP%\nst41.tmp\UserInfo.dll Type: Dynamic link library Group: Malware file
9.	%USERPROFILE%\Local Settings\Application Data\GamePlayLabs Plugin\Uninstall.exe
Name: %USERPROFILE%\Local Settings\Application Data\GamePlayLabs Plugin\Uninstall.exe Type: Executable File Group: Malware file
10.	%TEMP%\nst41.tmp\inetc.dll
Name: %TEMP%\nst41.tmp\inetc.dll Type: Dynamic link library Group: Malware file
11.	%TEMP%\nst41.tmp\nsisXML.dll
Name: %TEMP%\nst41.tmp\nsisXML.dll Type: Dynamic link library Group: Malware file
12.	%USERPROFILE%\Local Settings\Application Data\GamePlayLabs Plugin\BHO.dll
Name: %USERPROFILE%\Local Settings\Application Data\GamePlayLabs Plugin\BHO.dll Type: Dynamic link library Group: Malware file
13.	%TEMP%\nst41.tmp\System.dll
Name: %TEMP%\nst41.tmp\System.dll Type: Dynamic link library Group: Malware file
14.	%TEMP%\nst41.tmp\md5dll.dll
Name: %TEMP%\nst41.tmp\md5dll.dll Type: Dynamic link library Group: Malware file
15.	%TEMP%\RarSFX0\GamePlayLabsInstaller.exe
Name: %TEMP%\RarSFX0\GamePlayLabsInstaller.exe Type: Executable File Group: Malware file
16.	%TEMP%\Cab50.tmp
Name: %TEMP%\Cab50.tmp Type: Temporary File Group: Malware file
17.	%TEMP%\Tar43.tmp
Name: %TEMP%\Tar43.tmp Type: Temporary File Group: Malware file
18.	%TEMP%\Tar47.tmp
Name: %TEMP%\Tar47.tmp Type: Temporary File Group: Malware file
19.	%TEMP%\Cab4E.tmp
Name: %TEMP%\Cab4E.tmp Type: Temporary File Group: Malware file
20.	%TEMP%\Tar4B.tmp
Name: %TEMP%\Tar4B.tmp Type: Temporary File Group: Malware file
21.	%TEMP%\Cab42.tmp
Name: %TEMP%\Cab42.tmp Type: Temporary File Group: Malware file
22.	%TEMP%\Tar51.tmp
Name: %TEMP%\Tar51.tmp Type: Temporary File Group: Malware file
23.	%TEMP%\nst41.tmp\install.xml
Name: %TEMP%\nst41.tmp\install.xml Group: Malware file
24.	%TEMP%\RarSFX0\Setup.ini
Name: %TEMP%\RarSFX0\Setup.ini Group: Malware file
25.	%USERPROFILE%\Local Settings\Application Data\GamePlayLabs Plugin\setup.ini
Name: %USERPROFILE%\Local Settings\Application Data\GamePlayLabs Plugin\setup.ini Group: Malware file
26.	%TEMP%\nst41.tmp
Name: %TEMP%\nst41.tmp Type: Temporary File Group: Malware file
27.	%TEMP%\Cab48.tmp
Name: %TEMP%\Cab48.tmp Type: Temporary File Group: Malware file
28.	%TEMP%\Cab52.tmp
Name: %TEMP%\Cab52.tmp Type: Temporary File Group: Malware file
29.	%TEMP%\Tar49.tmp
Name: %TEMP%\Tar49.tmp Type: Temporary File Group: Malware file
30.	%TEMP%\Tar4D.tmp
Name: %TEMP%\Tar4D.tmp Type: Temporary File Group: Malware file
31.	%TEMP%\Cab44.tmp
Name: %TEMP%\Cab44.tmp Type: Temporary File Group: Malware file
32.	%TEMP%\nst41.tmp\tmp
Name: %TEMP%\nst41.tmp\tmp Group: Malware file
33.	%TEMP%\Tar53.tmp
Name: %TEMP%\Tar53.tmp Type: Temporary File Group: Malware file
34.	%USERPROFILE%\Local Settings\Application Data\GamePlayLabs Plugin\gplplugin.crx
Name: %USERPROFILE%\Local Settings\Application Data\GamePlayLabs Plugin\gplplugin.crx Group: Malware file
35.	%TEMP%\nsd3F.tmp
Name: %TEMP%\nsd3F.tmp Type: Temporary File Group: Malware file
36.	%TEMP%\Cab46.tmp
Name: %TEMP%\Cab46.tmp Type: Temporary File Group: Malware file
37.	%TEMP%\nsi40.tmp
Name: %TEMP%\nsi40.tmp Type: Temporary File Group: Malware file
38.	%TEMP%\Cab4A.tmp
Name: %TEMP%\Cab4A.tmp Type: Temporary File Group: Malware file
39.	%TEMP%\Tar45.tmp
Name: %TEMP%\Tar45.tmp Type: Temporary File Group: Malware file
40.	%TEMP%\Cab4C.tmp
Name: %TEMP%\Cab4C.tmp Type: Temporary File Group: Malware file
41.	%TEMP%\Tar4F.tmp
Name: %TEMP%\Tar4F.tmp Type: Temporary File Group: Malware file
42.	%TEMP%\nst41.tmp\modern-wizard.bmp
Name: %TEMP%\nst41.tmp\modern-wizard.bmp Group: Malware file
43.	%TEMP%\RarSFX0\__tmp_rar_sfx_access_check_2092171
Name: %TEMP%\RarSFX0\__tmp_rar_sfx_access_check_2092171 Group: Malware file

Registry Details

GamePlayLabs may create the following registry entry or registry entries:

HKEY..\..\..\..{RegistryKeys}

HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\{65C994A2-C65A-4A20-BA92-AADAFC0DCE49}\

HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\BHO.GAMEPLAYLABSBHO\

HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{984A9162-8891-4D19-8CFE-17648BB4E1EC}\INPROCSERVER32\

HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{984A9162-8891-4D19-8CFE-17648BB4E1EC}\PROGRAMMABLE\

HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{8E7AD93B-3E87-423D-947F-A321FA7E31C4}\PROXYSTUBCLSID\

HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{8E7AD93B-3E87-423D-947F-A321FA7E31C4}\PROXYSTUBCLSID32\

HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{199C34A4-5436-403F-A250-219E16672570}\

HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{199C34A4-5436-403F-A250-219E16672570}\1.0\0\WIN32\

HKEY_LOCAL_MACHINE\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{984A9162-8891-4D19-8CFE-17648BB4E1EC}\

HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\CMDMAPPING\NEXTID = 8194

HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\LOCKED = 1

HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{8E7AD93B-3E87-423D-947F-A321FA7E31C4}\TYPELIB\VERSION = 1.0

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\DIRECTDRAW\MOSTRECENTAPPLICATION\ID = [PRIVATE SUBNET]

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\GAMEPLAYLABS PLUGIN\UNINSTALLSTRING = "%USERPROFILE%\Local Settings\Application Data\GamePlayLabs Plugin\Uninstall.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\BHO.DLL\

HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\BHO.GAMEPLAYLABSBHO.1\CLSID\

HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\BHO.GAMEPLAYLABSBHO\CLSID\

HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{984A9162-8891-4D19-8CFE-17648BB4E1EC}\PROGID\

HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{984A9162-8891-4D19-8CFE-17648BB4E1EC}\VERSIONINDEPENDENTPROGID\

HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{8E7AD93B-3E87-423D-947F-A321FA7E31C4}\TYPELIB\

HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{199C34A4-5436-403F-A250-219E16672570}\1.0\HELPDIR\

HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{199C34A4-5436-403F-A250-219E16672570}\1.0\0\

HKEY_LOCAL_MACHINE\SOFTWARE\GOOGLE\CHROME\

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\GAMEPLAYLABS PLUGIN\

HKEY_CURRENT_USER\SOFTWARE\GAMEPLAYLABS\RULE_/ = 127191511

HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\WINDOW_PLACEMENT = [BINARY DATA]

HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\BHO.DLL\APPID = {65C994A2-C65A-4A20-BA92-AADAFC0DCE49}

HKEY_LOCAL_MACHINE\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\OCPHOBFCFAFPCLIBOLPJDAFGAFFKAOCI\PATH = %USERPROFILE%\Local Settings\Application Data\GamePlayLabs Plugin\gplplugin.crx

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{984A9162-8891-4D19-8CFE-17648BB4E1EC}\NOEXPLORER = 1

HKEY_CURRENT_USER\SOFTWARE\GAMEPLAYLABS\

HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\BHO.GAMEPLAYLABSBHO.1\

HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\BHO.GAMEPLAYLABSBHO\CURVER\

HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{984A9162-8891-4D19-8CFE-17648BB4E1EC}\

HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{984A9162-8891-4D19-8CFE-17648BB4E1EC}\TYPELIB\

HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{8E7AD93B-3E87-423D-947F-A321FA7E31C4}\

HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{199C34A4-5436-403F-A250-219E16672570}\1.0\FLAGS\

HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{199C34A4-5436-403F-A250-219E16672570}\1.0\

HKEY_LOCAL_MACHINE\SOFTWARE\GOOGLE\

HKEY_LOCAL_MACHINE\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\OCPHOBFCFAFPCLIBOLPJDAFGAFFKAOCI\

HKEY_CURRENT_USER\SOFTWARE\GAMEPLAYLABS\FR = 1271914896

HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\CMDMAPPING\{92780B25-18CC-41C8-B9BE-3C9C571A8263} = 8193

HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{984A9162-8891-4D19-8CFE-17648BB4E1EC}\INPROCSERVER32\THREADINGMODEL = Apartment

HKEY_LOCAL_MACHINE\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\OCPHOBFCFAFPCLIBOLPJDAFGAFFKAOCI\VERSION = 1.0

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\DIRECTDRAW\MOSTRECENTAPPLICATION\NAME = iexplore.exe

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\GAMEPLAYLABS PLUGIN\DISPLAYNAME = GamePlayLabs Plugin

URLs

GamePlayLabs may call the following URLs:

174.129.215.***:80

174.129.245.**:80

208.187.212.***:80

216.137.35.***:443

69.171.224.**:80

hxxp://d.gameplaylabs.com/ce9237be57719933386c8a88b67bf7a5/*****

hxxp://www.gameplaylabs.com/newuser/584cabc6b3f04d52b7e23ffbf17c3258/*****

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

GamePlayLabs

Threat Scorecard

EnigmaSoft Threat Scorecard

Aliases

SpyHunter Detects & Remove GamePlayLabs

File System Details

Registry Details

URLs

Submit Comment

Trending

Rzfu Ransomware

'YouPorn' Email Scam

Rzkd Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen