» dcbraiegut_gutbl_setup.exe
Overview
Analysis
File Details

dcbraiegut_gutbl_setup.exe

BrowserAir (GOOBZO LTD)

The application dcbraiegut_gutbl_setup.exe by BrowserAir (GOOBZO) has been detected as adware by 12 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory.

File name:

Publisher:

BrowserAir (GOOBZO LTD) (signed and verified)

Version:

2.11.0.999

MD5:

dbe0b74822e3c3ac426151bfde177019

SHA-1:

1a0a5f5c43aee42755b9143b38930c0f27553369

SHA-256:

ea8a5f4f1e757bdcd2d6f0d8b97faa6d10888d8202db6fe262a8f16f52f7d913

Scanner detections:

12 / 68

Status:

Adware

Analysis date:

11/24/2024 5:51:07 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Symmi.54708

544

Arcabit

Trojan.Symmi.DD5B4

1.0.0.425

Bitdefender

Gen:Variant.Symmi.54708

1.0.20.1110

Bkav FE

HW32.Packed

1.3.0.7062

Emsisoft Anti-Malware

Gen:Variant.Symmi.54708

8.15.08.10.09

F-Secure

Gen:Variant.Symmi.54708

11.2015-10-08_2

G Data

Gen:Variant.Symmi.54708

15.8.25

Kaspersky

UDS:DangerousObject.Multi.Generic

14.0.0.1603

Malwarebytes

PUP.Optional.BrowserAir.C

v2015.08.10.09

MicroWorld eScan

Gen:Variant.Symmi.54708

16.0.0.666

Panda Antivirus

Adware/Goobzo

15.08.10.09

Reason Heuristics

PUP.Goobzo.Installer (M)

15.8.10.9

File size:

2.3 MB (2,400,664 bytes)

Product version:

2.11.0.999

File type:

Executable application (Win32 EXE)

Language:

English

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\dcbraiegut_gutbl_setup.exe

Digital Signature

Signed by:

BrowserAir (GOOBZO LTD)

Authority:

COMODO CA Limited

Valid from:

2/10/2015 7:00:00 PM

Valid to:

2/11/2016 6:59:59 PM

Subject:

CN=BrowserAir (GOOBZO LTD), O=BrowserAir (GOOBZO LTD), STREET="Bldg #15 Matam", L=Haifa, S=Haifa, PostalCode=31905, C=IL

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

3B4F9A8B40F303C8AAD1D77B2A2B4674

File PE Metadata

Compilation timestamp:

8/9/2015 2:56:58 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

49152:Sx5uIiyp297Vabu2BInqW878K3tQPS8tcPVCx44rvlQg6ezpQVjem5:Hdl9ZWu2KL878Kijt2s4Vjee

Entry address:

0x2BA29F

Entry point:

57, 68, 79, 82, 2D, 8B, C7, 44, 24, 04, 6C, A8, 32, A4, E9, 4A, 5A, 00, 00, 49, 16, 0B, B4, 27, 94, 64, 50, AF, 01, B4, 01, D8, 33, BF, 0E, 54, C9, 47, 82, 46, 8F, 4A, A9, 29, 66, DA, 3D, F7, 8C, 2D, 76, 0D, F5, D6, 17, 92, 35, C8, 83, FD, 5A, C8, 9D, B6, FE, E9, CA, 1C, 5B, 09, 7A, E4, 02, 4D, EB, 62, 59, 95, 2B, D0, 83, 76, D6, 23, 66, 35, 0E, A2, ED, 81, BA, A5, 0A, CA, A3, F0, E2, 08, E9, 33, DB, 5D, 30, C4, 24, 75, 71, 42, 87, 0D, 98, 0F, 7C, 32, 7D, 4B, 14, 40, 5A, D9, 01, 4E, 8F, 86, 6C, F4, 52, 42... 
[+]

Entropy:

7.8954 (probably packed)

Code size:

549.5 KB (562,688 bytes)

Remove dcbraiegut_gutbl_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.