gbooks.exe

Google Books Downloader

GBOOKSDOWNLOADER.COM

The application gbooks.exe, “Google Books Downloader Setup ” has been detected as a potentially unwanted program by 3 anti-malware scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. The file has been seen being downloaded from dw1.uptodown.com and multiple other hosts.
Publisher:
GBOOKSDOWNLOADER.COM

Product:
Google Books Downloader

Description:
Google Books Downloader Setup

MD5:
afb1d8c9dadc3a8e63814790c7ef84c5

SHA-1:
5257a2e56e63c2d8abccd9e574c8955fa76904e3

SHA-256:
8c2c67ce1034420047990a51b304819a28b9b4bdd1ef86bfa29cdc4ca34f6431

Scanner detections:
3 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:
11/25/2024 3:53:08 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/InstallMonetizer.AF
8.9238

Reason Heuristics
PUP.InstallMonetizer.Bundle (M)
16.3.10.15

ViRobot
Trojan.Win32.A.Zbot.656443
2011.4.7.4223

File size:
641.1 KB (656,443 bytes)

Product version:
2.3

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\gbooks.exe

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:5na9w4L8+iDNdRwKMer0tveZuhLix9q9zkqsajCiGF4O2DnM2xk/O2C:5naKk8DduSQtveMdix9q1k32CiGQJxkm

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, E8, CD, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E8, CD...
 
[+]

Entropy:
7.9611

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file gbooks.exe has been seen being distributed by the following 8 URLs.

Remove gbooks.exe - Powered by Reason Core Security