gbrvoejx.exe

Share This

Data Protection Solutions

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser. Part of the Injekt brand of unwanted programs. The application gbrvoejx.exe, “ShareThis Service” by Data Protection Solutions has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “GbRVoejX”.
Publisher:
Data Protection Solutions  (signed and verified)

Product:
Share This

Description:
ShareThis Service

Version:
1.0.0.0

MD5:
3bed08027c196f9e559b44890a2f6d75

SHA-1:
f0e106e47b964ccf521c61516c9eaa47d62730d5

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
12/25/2024 12:01:01 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Injekt (M)
17.1.31.3

File size:
2.2 MB (2,319,728 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © Data Protection Solutions 2014

Original file name:
ShareThisService.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Documents and Settings\{user}\Application data\duttvjbam\gbrvoejx.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
3/10/2014 1:00:00 AM

Valid to:
3/11/2015 12:59:59 AM

Subject:
CN=Data Protection Solutions, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Data Protection Solutions, L=St. James, S=St. James, C=BB

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6FA5269C2FC95B961427D4FD1474CDC5

File PE Metadata
Compilation timestamp:
8/28/2014 9:12:16 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

Entry address:
0x2360FE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
2.2 MB (2,310,656 bytes)

Service
Display name:
GbRVoejX

Type:
Win32OwnProcess

Depends on:
Winmgmt CryptSvc


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ec2-54-76-91-10.eu-west-1.compute.amazonaws.com  (54.76.91.10:80)

Remove gbrvoejx.exe - Powered by Reason Core Security