gbxnbhjar.exe

Share This

Data Protection Solutions

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser. Part of the Injekt brand of unwanted programs. The application gbxnbhjar.exe, “ShareThis Service” by Data Protection Solutions has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “GbXnBhjaR”.
Publisher:
Data Protection Solutions  (signed and verified)

Product:
Share This

Description:
ShareThis Service

Version:
1.0.0.0

MD5:
33e1c64204657f27985a147d107c7a69

SHA-1:
d0c56f6ee7c83f153a57109b16bb436a23be0970

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
12/25/2024 12:23:04 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Injekt (M)
16.12.27.20

File size:
2.2 MB (2,319,728 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © Data Protection Solutions 2014

Original file name:
ShareThisService.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Documents and Settings\{user}\Application data\jlbsez\gbxnbhjar.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
3/9/2014 5:00:00 PM

Valid to:
3/10/2015 4:59:59 PM

Subject:
CN=Data Protection Solutions, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Data Protection Solutions, L=St. James, S=St. James, C=BB

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6FA5269C2FC95B961427D4FD1474CDC5

File PE Metadata
Compilation timestamp:
9/18/2014 12:05:43 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

Entry address:
0x2360FE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.9994

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
2.2 MB (2,310,656 bytes)

Service
Display name:
GbXnBhjaR

Type:
Win32OwnProcess

Depends on:
Winmgmt CryptSvc


Remove gbxnbhjar.exe - Powered by Reason Core Security