home

gbooks_setup.exe

MD5:
738c6dd3df23084f6f78df00a2449a3e

SHA-1:
523a31071f1f1058030a55167bc9e1a2c433784d

SHA-256:
6df9a1fce27fdc6268e80452740dcfc0e95649cd275e7a7fc9912a8003683fdf

Scanner detections:
2 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/5/2024 10:36:33 PM UTC  (today)

Scan engine
Detection
Engine version

F-Prot
W32/Dadobra.A.gen
4.6.5.141

Zillya! Antivirus
Adware.BrowseFox.Win32.128832
2.0.0.2496

File size:
395 KB (404,480 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\programs\gbooks_setup.exe

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
6144:WdKUFaJP5wcpeJBHAqNoab0sspDuKH9DzKiJRdWMYyjYD/2A0Nz49Jql:oKUFmPbwyss0ENBJRdiOAqoA

Entry address:
0x51F84

Entry point:
55, 8B, EC, 83, C4, F0, B8, 9C, 1D, 45, 00, E8, 3C, 41, FB, FF, A1, E0, 2F, 45, 00, 8B, 00, E8, D4, E3, FF, FF, A1, E0, 2F, 45, 00, 8B, 00, BA, E4, 1F, 45, 00, E8, C3, DF, FF, FF, 8B, 0D, C0, 30, 45, 00, A1, E0, 2F, 45, 00, 8B, 00, 8B, 15, CC, 1A, 45, 00, E8, C3, E3, FF, FF, A1, E0, 2F, 45, 00, 8B, 00, E8, 37, E4, FF, FF, E8, 4A, 21, FB, FF, 00, 00, FF, FF, FF, FF, 05, 00, 00, 00, 53, 65, 74, 75, 70, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.5267

Developed / compiled with:
Microsoft Visual C++

Code size:
324 KB (331,776 bytes)

The file gbooks_setup.exe has been seen being distributed by the following URL.

http://www.gbooksdownloader.com/gbooks_setup.exe

Scan gbooks_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.