» gfpresetup.exe
Overview
Analysis
File Details
Downloads (10)

gfpresetup.exe

Golden Filter Premium

Gsi Technologies

This is a setup and installation application. The file has been seen being downloaded from 192.168.1.3 and multiple other hosts.

File name:

gfpresetup.exe

Publisher:

Gsi Technologies

Product:

Golden Filter Premium

Description:

TIN Setup

Version:

2011.11.19.2342

MD5:

7efe8a22ee257b092933ff496ff11f31

SHA-1:

838846cb03e093a2d94b3b5a5d0f2db56d83ddad

SHA-256:

b7cab97f8f38393fe50b511469bc5998c54a154058d014a4fd5cde0be5bbb515

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/5/2024 2:24:40 PM UTC (today)

File size:

3.1 MB (3,252,612 bytes)

Product version:

3.1

Original file name:

SETUPPRO.EXE

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\gfpresetup.exe

File PE Metadata

Compilation timestamp:

6/5/2005 9:44:13 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

98304:wIisH8fV6rG5JLsbSSnhD4Iz/323L0tAX9Z:Tig8fV6cZSn14Iz/IomX9Z

Entry address:

0x27FB0

Entry point:

60, BE, 00, 90, 41, 00, 8D, BE, 00, 80, FE, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75... 
[+]

Code size:

64 KB (65,536 bytes)

The file gfpresetup.exe has been seen being distributed by the following 10 URLs.

http://192.168.1.3/GFPreSetup.exe

http://ne1.attach.mail.ymail.com/us.f1257.mail.yahoo.com/ya/securedownload?clean=0&fid=Inbox&mid=2_0_0_1_159882_AG9XimIAAWjuT/BudAGZn2YXqjY&pid=2&tnef=&prefFilename=GFPreSetup.exe&redirectURL=http://us.mc1257.mail.yahoo.com/.../showMessage?cmd=download.failure&fid=Inbox&mid=2_0_0_1_159882_AG9XimIAAWjuT/BudAGZn2YXqjY&pid=2&tnef=&prefFilename=GFPreSetup.exe&view=none&cb=parent.attachmentFail&cred=PMtquMOj2JFch2.KtvVn5o4WaslBGgVD5L0yyaHK0NHEDxn2TO8fpAX1ktJAQ619CZwTRu8gn_hQ1FeIgGzQR.4A423ZW7XRN6fwBGLh3Y9ziSU-&ts=1341157269&partner=ymail&sig=rvIvLRw.bal0GuoQhX3CUA--

http://files.downloadnow.com/s/software/14/49/21/.../antiporn233.exe

http://download1391.mediafire.com/jizb1gigwhrg/.../gfpresetup.exe

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-pkQhoxdQSQAO0FQMN635AzfT9GLrFv5uTw4gAz5cEW2uAh8-kH8wla4fWQ-DV0s7GH4nkLovJSeSm65J69qU1w/messages/@.id==AHtL2kIAACGBVn1FNw2I2CILoe4/content/parts/@.id==3/raw?appid=YahooMailNeo&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBZTxOuc22fmm41l_4MBNMPf_tmbZU_QP6bd5QzJLzvu9w&error=https://us-mg6.mail.yahoo.com/.../iframemsg?id=12c81579-a12d-0143-eeb8-c69f93ff7364&ymreqid=41eaccce-dfda-41d1-011b-1f002c010000

http://www.computer-e-technologies.co.uk/.../GFPreSetup 3.10MB.exe

http://files.downloadnow.com/s/software/12/29/54/.../GFPreSetup.exe

http://www.gsiegypt.com/.../gfpresetup.exe

http://software-files-a.cnet.com/s/software/12/29/54/.../GFPreSetup.exe

Scan gfpresetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.