netGamer Start
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 1 |
| First Seen: | April 19, 2023 |
| Last Seen: | May 28, 2026 |
| OS(es) Affected: | Windows |
The netGamer Start software is developed by programmers associated with Medianetnow.com. The site is a platform where you can find various browser extensions for Google Chrome dedicated to music, videos, online games, radio, sports and news. As its name suggests, the netGamer Start extension is aimed at PC users who like to play online games. The netGamer Start app can be obtained from the Chrome Web Store via Chrome.google.com/webstore/detail/netgamer-start/nfkdcjgohmakdojfkjjobbmppjfonjom. You should take into consideration that the netGamer Start extension requires access to the data exchanged with their parties through your Web browser and it is tailored to change your new tab page to a custom HTML page that has shortcuts to popular Web services.
The netGamer Start extension from Medianetnow.com is an ad-supported product that is deemed as a Potentially Unwanted Program (PUP) by cybersecurity experts. The netGamer Start app is designed to change your Internet settings and read usage statistics to help marketers deliver optimized advertisements within the Yahoo platform. The netGamer Start extension is observed to perform browser redirects via play.eanswers.com to search.yahoo.com. The netGamer Start software has connections to Eanswers.com, which is a partner of Yahoo. The Eanswers.com domain is associated with a plethora of platforms that offer almost identical products. We have been tracking Medianetnow.com, Superappbox.com, Mixplugin.com, Ienjoyapps.com, Bettersearchtools.com, Theappjunkies.com, Bettersearchtools.com, Goamuze.com, Playmediacenter.com, Myappline.com, Searchalgo.com, Friendlyappz.com, Myappline.com, Getappsonline.com, Playmediacenter.com, and Cantstopplaying.com that welcome users to download clones of netGamer Start and similar tools. You may want to avoid the products promoted by the sites mentioned above. Eanswers.com is known for using proxy sites to collect Web usage data from PC users and earn ad revenue through Yahoo Ads. The practice is not illegal by any means. However, Web surfers may not be satisfied with how Eanswers.com is treating them and collecting their browsing history. We have found that netGamer Start has the following clones published by Njoyapps.com, Getappsonline.com, Medianetnow.com, Ienjoyapps.com, Mixplugin.com, Playmediacenter.com and Bettersearchtools.com:
- GamesHub Now by Mixplugin.com and Chrome.google.com/webstore/detail/gameshub-now/kkldhhkcedmlemmeioafpfccfnnhlhdi
- betterGames Home by Bettersearchtools.com and Chrome.google.com/webstore/detail/bettergames-home/gclieechnehlcjnjepdnmloclfcfmiba
- browserGamer Now by Njoyapps.com and Chrome.google.com/webstore/detail/browsergamer-now/gllnfhbnopmjpifodjcgcbfcandfkjoj
- browserGames Now by Njoyapps.com and Chrome.google.com/webstore/detail/browsergames-now/koadafnlijadikflcccnekcehikbdoej
- gamingZone Start by Medianetnow.com and Chrome.google.com/webstore/detail/gamingzone-start/nhhboodmfnbbdoibnnikbchlocibjhbh
- getGames Start by Getappsonline.com and Chrome.google.com/webstore/detail/getgames-start/koaejgofaegnifpbkeldkehnbnomldbd
- iGames Start by Ienjoyapps.com and Chrome.google.com/webstore/detail//bphpacmkampgoflghiahciljapjaneda
- playCenter Home by Playmediacenter.com and Chrome.google.com/webstore/detail/playcenter-home/kamdefopmcpnkpomihddfnelophmppej
Table of Contents
Analysis Report
General information
| Family Name: | Filecoder.FBC Ransomware |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
2ef5f44d4ae251d90d70efea78502aa6
SHA1:
3381593718bb723a0947ce619f9ac12e08f52246
SHA256:
6036757D1511F14276FD533982B90B705E352F1E2EE230AC3C76012082C3D71E
File Size:
5.71 MB, 5706144 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have security information
- File has TLS information
- File is 32-bit executable
- File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
- File is either console or GUI application
- File is Native application (NOT .NET application)
- File is not packed
Show More
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Company Name | BGEmpire |
| File Description | BGArmor: BGE and UPBGE game packer and launcher. |
| File Version | 0.1.1 |
| Legal Copyright | MIT |
| Original Filename | BGArmor.exe |
| Product Name | BGArmor |
| Product Version | 0.1.1 |
File Traits
- big overlay
- GetConsoleWindow
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 10,776 |
|---|---|
| Potentially Malicious Blocks: | 2,529 |
| Whitelisted Blocks: | 5,995 |
| Unknown Blocks: | 2,252 |
Visual Map
? - Unknown Block
x - Potentially Malicious Block
