gdpanalytics.exe

GdpAnalutics

337 Technology Limited

The application gdpanalytics.exe by 337 Technology Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. Additionally, the file is typically installed by a number of programs including Central de Jogo by ELEX Technology and Foxit Reader by Foxit Software Inc.. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address a7.c8.24ae.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Publisher:
Soft365  (signed by 337 Technology Limited)

Product:
GdpAnalutics

Description:
Analytics

Version:
1.0.3.1832

MD5:
614a0a8fb6696a4b76baf92dd45ac67c

SHA-1:
fb6c4931e987d26839ce39108e611e67f31a7aae

SHA-256:
f3d963be9ffbcb935d4be333d0e7f3d492e3c962a9397c1b3967ccb64b4e47af

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/23/2024 12:15:06 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.337TechnologyLimited.M
14.8.7.20

File size:
107.1 KB (109,672 bytes)

Product version:
1.0.3.1832

Copyright:
Copyright (C) Soft365 2012

Original file name:
GdpAnalutics.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\gdpanalytics.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
6/25/2012 12:04:18 PM

Valid to:
6/26/2015 12:04:18 PM

Subject:
CN=337 Technology Limited, O=337 Technology Limited, L=香港, S=香港, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121A511A565DC1022CCD7BA41E2E418FE65

File PE Metadata
Compilation timestamp:
11/2/2012 8:47:02 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:PwIp50ElB48TPJEc7q6K2K+n2jlL1c3Fm0PYn+i+lA9T:PwI34ePJEaJ2jfcQ0PYE2B

Entry address:
0x41860

Entry point:
60, BE, 00, 90, 42, 00, 8D, BE, 00, 80, FD, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75...
 
[+]

Entropy:
7.8652

Packer / compiler:
UPX 2.90LZMA]

Code size:
100 KB (102,400 bytes)

The file gdpanalytics.exe has been discovered within the following programs.

Central de Jogo  by ELEX Technology
gamecenter.v9.com
About 1% of users remove it
Foxit Reader  by Foxit Software Inc.
www.foxitsoftware.com
About 9% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a7.c8.24ae.ip4.static.sl-reverse.com  (174.36.200.167:80)

TCP (HTTP):
Connects to 1a.2d.6132.ip4.static.sl-reverse.com  (50.97.45.26:80)

Remove gdpanalytics.exe - Powered by Reason Core Security