gfpresetup.exe

Golden Filter Premium

Gsi Technologies

This is a setup and installation application. The file has been seen being downloaded from 192.168.1.3 and multiple other hosts.
Publisher:
Gsi Technologies

Product:
Golden Filter Premium

Description:
TIN Setup

Version:
2011.11.19.2342

MD5:
7efe8a22ee257b092933ff496ff11f31

SHA-1:
838846cb03e093a2d94b3b5a5d0f2db56d83ddad

SHA-256:
b7cab97f8f38393fe50b511469bc5998c54a154058d014a4fd5cde0be5bbb515

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/27/2024 12:53:00 AM UTC  (today)

File size:
3.1 MB (3,252,612 bytes)

Product version:
3.1

Copyright:
Copyright (c) 2011

Original file name:
SETUPPRO.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\gfpresetup.exe

File PE Metadata
Compilation timestamp:
6/5/2005 9:44:13 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:wIisH8fV6rG5JLsbSSnhD4Iz/323L0tAX9Z:Tig8fV6cZSn14Iz/IomX9Z

Entry address:
0x27FB0

Entry point:
60, BE, 00, 90, 41, 00, 8D, BE, 00, 80, FE, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75...
 
[+]

Code size:
64 KB (65,536 bytes)

The file gfpresetup.exe has been seen being distributed by the following 10 URLs.

http://192.168.1.3/GFPreSetup.exe

http://ne1.attach.mail.ymail.com/us.f1257.mail.yahoo.com/ya/securedownload?clean=0&fid=Inbox&mid=2_0_0_1_159882_AG9XimIAAWjuT/BudAGZn2YXqjY&pid=2&tnef=&prefFilename=GFPreSetup.exe&redirectURL=http://us.mc1257.mail.yahoo.com/.../showMessage?cmd=download.failure&fid=Inbox&mid=2_0_0_1_159882_AG9XimIAAWjuT/BudAGZn2YXqjY&pid=2&tnef=&prefFilename=GFPreSetup.exe&view=none&cb=parent.attachmentFail&cred=PMtquMOj2JFch2.KtvVn5o4WaslBGgVD5L0yyaHK0NHEDxn2TO8fpAX1ktJAQ619CZwTRu8gn_hQ1FeIgGzQR.4A423ZW7XRN6fwBGLh3Y9ziSU-&ts=1341157269&partner=ymail&sig=rvIvLRw.bal0GuoQhX3CUA--

Scan gfpresetup.exe - Powered by Reason Core Security