» gdfr flo rida ft. sage the gemini and lookas lancamento 2014.exe
Overview
Analysis
File Details

gdfr flo rida ft. sage the gemini and lookas lancamento 2014.exe

STARGLOBE LLC

The application gdfr flo rida ft. sage the gemini and lookas lancamento 2014.exe by STARGLOBE has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer.

File name:

Publisher:

STARGLOBE LLC (signed and verified)

MD5:

b06b1c113931d96f753eebb07c5eeb1e

SHA-1:

22d914bec10fed4a5b72b8449ff48fa1c2659f7d

SHA-256:

077964d315c4b667cfaa938afa4cab899477b7c613abbb2de094788e3f60d69d

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/23/2024 2:22:07 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.STARGLOB.Installer (M)

16.6.2.17

File size:

49.2 KB (50,368 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\gdfr flo rida ft. sage the gemini and lookas lancamento 2014.exe

Digital Signature

Signed by:

STARGLOBE LLC

Authority:

Starfield Technologies, Inc.

Valid from:

10/6/2015 6:10:40 PM

Valid to:

4/2/2016 12:48:38 PM

Subject:

CN=STARGLOBE LLC, O=STARGLOBE LLC, L=Lewes, S=Delaware, C=US

Issuer:

CN=Starfield Secure Certificate Authority - G2, OU=http://certs.starfieldtech.com/repository/, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

00AF454D0F54B44CC6

File PE Metadata

Compilation timestamp:

12/5/2009 7:50:35 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

768:JMGnYmtcLDs/saQRy7rnzrKHgccoGv8uS08p44vGmjXO3XJo5EPlJbBvDKZ7L:hoLDYsacy7mHMowHjXJo5EPlJV7i7L

Entry address:

0x323F

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 98, 27, 7A, 00, E8, 09, 2C, 00, 00, A3, E4, 26, 7A, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, DC, 79, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, E0, 1E, 7A, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 80, 7A, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

Remove gdfr flo rida ft. sage the gemini and lookas lancamento 2014.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.