gboxapp.exe

DownloaderFF

Web Pick - Internet Holdings Ltd

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application gboxapp.exe by Web Pick - Internet Holdings has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Web Pick - Internet Holdings Ltd  (signed and verified)

Product:
DownloaderFF

Version:
1.0.0.0

MD5:
f17a32a35edf846e475e353122acf195

SHA-1:
7dadb1cfa52a3aa558b30b427d96d27137c3d00d

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/25/2024 2:25:58 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.WebPick.WebPickI (M)
16.5.23.15

File size:
11.8 KB (12,120 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2015

Original file name:
DownloaderFF.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Documents and Settings\{user}\Local settings\temp\{random}.tmp\gboxapp.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
8/4/2013 4:00:00 PM

Valid to:
8/25/2015 3:59:59 PM

Subject:
CN=Web Pick - Internet Holdings Ltd, O=Web Pick - Internet Holdings Ltd, L=Ramat Hasharon, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
3A2CC4F26C8E3CCEC344182538F0AF2D

File PE Metadata
Compilation timestamp:
4/14/2015 7:06:48 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
192:5Lvoh82xIRaI2iXi9Rhajq9ph657KEKWjRP7Wok8oiou7+wg/:hX2xIaI2QiXhuq3hiRKWjRSoIu2/

Entry address:
0x38DE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.7329

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
6.5 KB (6,656 bytes)

Remove gboxapp.exe - Powered by Reason Core Security