home

geplugin.exe

Google Earth

Google

It runs as a scheduled task under the Windows Task Scheduler. This is installed with Google Earth. The file has been seen being downloaded from docs.google.com and multiple other hosts.
Publisher:
Google

Product:
Google Earth

Version:
7.1.2.2041

MD5:
479d8c124562f49c83fc9150635962e9

SHA-1:
66bcaa97e310016230485002bd12b9cff18c0ba7

SHA-256:
efc900f367bed8dd5fde08830432859ca226e56ea378424ae1bfed237605d3d7

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
1/12/2025 9:43:49 PM UTC  (today)

File size:
203.5 KB (208,384 bytes)

Copyright:
Copyright 2013

Original file name:
GoogleEarth.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\Program Files\google\google earth\plugin\geplugin.exe

File PE Metadata
Compilation timestamp:
10/7/2013 2:52:17 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:5hLZt+IeQM9fWhQKyTB5l1cOyaKwfzac1M:HX+IeQMMhQKyT/jN1M

Entry address:
0x130DE

Entry point:
E8, 36, 06, 00, 00, E9, 63, FD, FF, FF, 6A, 14, 68, F0, D3, 41, 00, E8, 7C, 05, 00, 00, FF, 35, 60, 3D, 42, 00, 8B, 35, 48, 52, 41, 00, FF, D6, 89, 45, E4, 83, F8, FF, 75, 0C, FF, 75, 08, FF, 15, D0, 53, 41, 00, 59, EB, 64, 6A, 08, E8, A3, 06, 00, 00, 59, 83, 65, FC, 00, FF, 35, 60, 3D, 42, 00, FF, D6, 89, 45, E4, FF, 35, 5C, 3D, 42, 00, FF, D6, 89, 45, E0, 8D, 45, E0, 50, 8D, 45, E4, 50, FF, 75, 08, 8B, 35, 4C, 52, 41, 00, FF, D6, 50, E8, 69, 06, 00, 00, 83, C4, 0C, 89, 45, DC, FF, 75, E4, FF, D6, A3, 60...
 
[+]

Entropy:
6.3021

Code size:
77.5 KB (79,360 bytes)

Scheduled Task
Task name:
{1DF58C7F-FF19-4063-B62A-9724A0B5866A}

Trigger:
Registration (Runs on registration)


2 Windows Firewall Allowed Programs
Name:
C:\Program Files\Google\Google Earth\plugin\geplugin.exe

Name:
C:\Program Files\Google\Google Earth\client\googleearth.exe


The file geplugin.exe has been discovered within the following programs.

Google Earth  by Google Inc
Google Earth is a virtual globe, map and geographical information program. Google Earth is simply based on 3D maps, with the capability to show 3D buildings and structures (such as bridges), which consist of users' submissions using SketchUp, a 3D modeling program software.
earth.google.com
3% remove it
Google Earth Plug-in  by Google Inc
The Google Earth plug-in allows you to navigate and explore geographic data on a 3D globe using a web browser. Google Earth is a virtual globe, map and geographical information program.
www.google.com/earth/explore/products/plugin.html
8% remove it
Google Zemlja  by Google Inc
Publisher's description - “Podajte se na virtualno popotovanje kamor koli po svetu. Razišcite 3D-stavbe, posnetke in relief. Poišcite mesta, zgradbe in lokalna podjetja. Poletite nad 3D-mesti brez pilotske licence. Novi turisticni vodnik vam bo predstavil znamenitosti in naravna cudesa.”
3% remove it
Google Earth  by Google Inc
Publisher's description - “Take a virtual journey to any location in the world. Explore 3D buildings, imagery, and terrain. Find cities, places and local businesses. Google Earth is fully-featured for desktop users with three different versions: Google Earth, Google Earth Pro and Google Earth Enterprise.”
4% remove it
 
Powered by Should I Remove It?

The file geplugin.exe has been seen being distributed by the following 3 URLs.

https://docs.google.com/a/.../uc?authuser=0&id=0B6C4WPBbmjQiTE9ETXJEWEdmRTQ&export=download

https://mg.mail.yahoo.com/.../download?m=YaDownload&mid=2_0_0_3_462449_AHN2w0MAABJFVEgNLgifCI9cYxk&fid=Draft&pid=2&clean=0&appid=YahooMailNeo

file:///C:/Documents and Settings/All Users/.../Google Earth.lnk

Scan geplugin.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.