home

gbmzh_cef.dll

GBBD Caixa Economica Federal

Caixa Economica Federal

The module gbmzh_cef.dll, “Interceptador de eventos” by Caixa Economica Federal has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the Mozilla Firefox web browser as part of an addin/plugin. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
GAS Tecnologia  (signed by Caixa Economica Federal)

Product:
GBBD Caixa Economica Federal

Description:
Interceptador de eventos

Version:
2.12.0

MD5:
57f5c64c30338019796095e5d046e654

SHA-1:
e47aefcd22aa8a9ab915ca68d7f2f95e647d39be

SHA-256:
0f0a74be76c96a05ae964a1842a644877b34adee55ed4838887fd568808cdf93

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/24/2024 6:25:22 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore (L)
16.12.12.17

File size:
1.9 MB (1,973,056 bytes)

Product version:
2.12.0

Copyright:
Copyright 2011 GAS Tecnologia.

Original file name:
gbmzh.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\mozilla\firefox\profiles\{user}.default\extensions\{87f8774f-b485-47e2-a755-a40a8a5e886d}\components\gbmzh_cef.dll

Digital Signature
Signed by:
Caixa Economica Federal

Authority:
The USERTRUST Network

Valid from:
7/18/2010 9:00:00 PM

Valid to:
7/18/2012 8:59:59 PM

Subject:
CN=Caixa Economica Federal, OU=GISUT/BR, O=Caixa Economica Federal, STREET=SEPN 507 BLOCO A 3º Andar - Asa Norte, L=Brasília, S=Distrito Federal, PostalCode=70740-521, C=BR

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
18471E6B12B1A09DE7D5AA6814AEF186

File PE Metadata
Compilation timestamp:
4/4/2012 4:01:18 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:7VI/yRYDOi7j8bzMDto78FY4rwxLDfmqOQOkipM65:7e/l7j8c68FCLDerXkix

Entry address:
0x375D46

Entry point:
60, C7, 44, 24, 1C, 36, AE, C7, 5A, FF, 34, 24, 66, C7, 44, 24, 08, 6A, 5D, 60, 9C, C7, 44, 24, 40, 76, 8A, 22, A3, C6, 44, 24, 10, 28, 68, B2, 7A, 99, 64, FF, 34, 24, 8D, 64, 24, 48, E9, 05, 36, 19, 00, 23, 3B, F4, B5, 51, 0B, 52, 41, 31, DB, 8B, 43, EF, AA, 68, 14, CC, 83, 32, EA, A7, 58, 0E, AF, 50, 6A, 85, F7, 8D, 6C, 35, 6D, 63, 19, BA, E2, 1F, EF, 97, 26, DC, F9, C9, E4, E1, 78, 95, E3, A5, 3C, CD, E9, C5, 69, 75, 97, 0B, 27, 13, 51, 71, 10, AF, 0B, 8D, 6C, 34, C7, 77, D2, 4F, D3, EC, 4A, 96, 32, CB...
 
[+]

Code size:
1.6 MB (1,711,616 bytes)

Remove gbmzh_cef.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.