» gbiehcef.dll
Overview
Analysis
File Details
Behaviors (1)

gbiehcef.dll

Caixa Economica Federal Gbieh

CAIXA ECONÔMICA FEDERAL

File name:

gbiehcef.dll

Publisher:

Caixa Economica Federal (signed by CAIXA ECONÔMICA FEDERAL)

Product:

Caixa Economica Federal Gbieh

Description:

Gbieh Module

Version:

3.6.39.16

MD5:

0ca49c0a6b509660bdc207ac5fb8ed5a

SHA-1:

5abf7bbd21fffa79a70518e492b5a3f9f4f5d960

SHA-256:

69863b4f8f7ee664335c5ccf7798b2b611001b394ead82720a7189fc63454d06

Scanner detections:

1 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

1/14/2025 10:40:33 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Trojan.PWS.Banker.28793

9.0.1.0205

File size:

366.1 KB (374,856 bytes)

Product version:

3.6.39.16

Trademarks:

Cef, Gbieh

Original file name:

Gbieh.dll

File type:

Dynamic link library (Win32 DLL)

Language:

Brazilian Portuguese

Common path:

C:\Program Files\gbplugin\gbiehcef.dll

Digital Signature

Signed by:

CAIXA ECONÔMICA FEDERAL

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

7/21/2008 9:08:43 PM

Valid to:

7/21/2010 9:08:43 PM

Subject:

CN=CAIXA ECONÔMICA FEDERAL, OU=GESIN - GN SEGURANÇA DA INFORMAÇÃO, O=CAIXA ECONÔMICA FEDERAL, L=BRASILIA, S=DF, C=BR

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

2469DB2213039A47B1DE2B0F126EBF79

Registration

CLSIDs:

{C41A1C0E-EA6C-11D4-B1B8-444553540003}, {E37CB5F0-51F5-4395-A808-5FA49E399003}

ProgIDs:

GbiehCef.GbIehObj.1, GbiehCef.GbPluginObj.1

COM registered:

Yes

File PE Metadata

Compilation timestamp:

8/14/2008 9:15:54 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:KhFQQ2jdBxtnJ9PXf+rIeDmjGnqddaAO53QiaMM1DjF:KFUBjnJ9PQDmSnWOC2sPF

Entry address:

0xBB001

Entry point:

60, E8, 03, 00, 00, 00, E9, EB, 04, 5D, 45, 55, C3, E8, 01, 00, 00, 00, EB, 5D, BB, ED, FF, FF, FF, 03, DD, 81, EB, 00, B0, 0B, 00, 83, BD, 22, 04, 00, 00, 00, 89, 9D, 22, 04, 00, 00, 0F, 85, 65, 03, 00, 00, 8D, 85, 2E, 04, 00, 00, 50, FF, 95, 4D, 0F, 00, 00, 89, 85, 26, 04, 00, 00, 8B, F8, 8D, 5D, 5E, 53, 50, FF, 95, 49, 0F, 00, 00, 89, 85, 4D, 05, 00, 00, 8D, 5D, 6B, 53, 57, FF, 95, 49, 0F, 00, 00, 89, 85, 51, 05, 00, 00, 8D, 45, 77, FF, E0, 56, 69, 72, 74, 75, 61, 6C, 41, 6C, 6C, 6F, 63, 00, 56, 69, 72... 
[+]

Packer / compiler:

ASPack v2.12

Code size:

496 KB (507,904 bytes)

Approved Shell Extension

Name:

GbPlugin ShlObj

CLSID:

{E37CB5F0-51F5-4395-A808-5FA49E399003}

CLSID name:

GbPluginObj Class

Scan gbiehcef.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.