ggtranslate.exe

Google Translate Desktop

XimuSoft

This is a setup program which is used to install the application. The file has been seen being downloaded from www.bulkstockupdate.com and multiple other hosts.
Publisher:
XimuSoft

Product:
Google Translate Desktop

Description:
Google Translator

Version:
2.01.0092

MD5:
b4f7385428999a75ffb20ed10442367c

SHA-1:
73b638e5c9c0c923c7db1e9adfb7b365b10ffccf

SHA-256:
5045945bb47904744090afbe3ada9f9bf96e7aed3ba122ddc2ea51d25b363d25

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
11/24/2024 2:36:53 AM UTC  (today)

Scan engine
Detection
Engine version

K7 AntiVirus
Trojan
13.178.12257

Trend Micro House Call
TROJ_GEN.F47V0504
7.2.151

File size:
333.5 KB (341,504 bytes)

Product version:
2.01.0092

Copyright:
Copyright 2010 for XimuSoft.

Original file name:
Google Translate Desktop2.1.92.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese

Common path:
C:\users\{user}\downloads\ggtranslate.exe

File PE Metadata
Compilation timestamp:
5/4/2014 2:11:25 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:lPwz7hq4An/ZFrDE/oPhFQk0dM9hkyV1dAFWhU1WmmnGlcgTtmV1sePAdPEtoQY:lPwz9qnZs4FB0dCab15mWMLslJEt+

Entry address:
0x103DE0

Entry point:
60, BE, 00, 60, 4B, 00, 8D, BE, 00, B0, F4, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Packer / compiler:
UPX 2.90LZMA]

Code size:
312 KB (319,488 bytes)

The file ggtranslate.exe has been seen being distributed by the following 50 URLs.

http://www.bulkstockupdate.com/c?x=3QitbLR46u3UU3s1JQfaL/.../Kjf7RdJBOmIRcHgkONInXbhMCtAd ARlWrVB2C7tFE3WDwH7FTCp6N68C&downloadAs=TomsInstaller.exe

http://cdn.tomsguidefiles.com/c?x=WppSXsRA A1ilVRIPsHmhJA VyTGBSXb9b2TYAtWaB8=&c=4Q/r7Hoxj5dGtDVour r4vP3m7kNrXY4djxwywhhgEDXDt3ax5GWIPpE/euqWgHpW5qYyD2hIHVUfYhCdlNjMCAcIDu4sS4oKA9cLPprWo4FaaNRtKIgPf4XtU4tF6x2JFRNpxngKlVtXoxUzJzLcw==&downloadAs=TomsInstaller.exe&fallback_url=http://www.athtek.com/.../ggtranslate.exe

http://cdn.tomsguidefiles.com/c?x=DR4TVOS TZQzEIotmLIQ6X8mRjfXw nmWfY1yn8hjJw=&c=PKu0w4KaGb5DkvPikKI92HcRrtN785tGPXxFdaEoVFcEEpebv0JEFUzCA/VIfkDARPStID8uRH7WThi3pDJuACWQ2yDslomLQrc6BrIGmm6BZ4l fP63ZpATnE2nVyVBn298idzgHM4NaU 2aZJewA==&fallback_url=http://www.athtek.com/.../ggtranslate.exe&downloadAs=TomsInstaller.exe

http://www.bulkstockupdate.com/.../uWfenb5pb46oaMyz3UzS DPZ QgKbdKcr90F0CAvA AxFpUF2PzkvmxX iWmv&downloadAs=TomsInstaller.exe

http://cdn.tomsguidefiles.com/c?x=qO OTCvYccI UU/ NL7bbRwYYV1OLIhZqCvqK s/sbc=&c=ePLnrCIfCcsidYi1XZtgSr7epTxAA9NrmsbOJ9MucekAxbuLJWGIOnNqzNipuLGsMcCEQXbPxwPiuOHCbFgim7l3zUnmeaX2UNQAEyx0qHSG76BWEDljB4z5RBQ0sKhc&fallback_url=http://www.athtek.com/.../ggtranslate.exe&downloadAs=TomsInstaller.exe

http://www.bulkstockupdate.com/.../m6s=&c=QujTRctJ7wErLPzWat6t8DnMq5Xkiqnr8HkpWEu16IqGR7F2GJTWGdJHuPXrt7OMsbXogNVd4QV79NpNNXk2pUmVpZj6 h6erGNYmAWSY QvoshVOO7T1atLH eWfwCA&downloadAs=TomsInstaller.exe

http://cdn.tomsguidefiles.com/c?x=gYpKg1Ee8Dk9lU839bClLXAnWqIPrTh6mHdb 3UZuf8=&c=mkQKL3TNBlGO hYbYGc9GGth/ Jwnby1CwTAIUCsAp8jIMVje9GXhi7CNrDol3J613oSeM3U4e1EQXFjcdN2rTKa3ugiVJMMr9vL oqvTZaNlGJ6NMi0jwM4PCu6rztqK44F/aQW5zbquflyaOz1xQ==&fallback_url=http://www.athtek.com/.../ggtranslate.exe&downloadAs=TomsInstaller.exe

http://www.bulkstockupdate.com/c?x=5OToDZN3CaOFtk1sek26UEk0PLjeg19vSXCX/.../jfLDphW7MOJZx03qEOLbQatPrND9nH4OVIl0cInO67OPs&downloadAs=TomsInstaller.exe

http://www.bulkstockupdate.com/c?x=1Y51/Oj6IvXAx78SDa4e10L38yHjLpOuWhpYYlGiSUI=&c=XBfFIU8xi3zl3AW1dg4pdxwLUNZ/.../idcyiWWkQggHbQ9OTBaQRaoQe6o6Pt&downloadAs=TomsInstaller.exe

http://download.s32cdn.com/36/357061/.../ggtranslate.exe

http://www.bulkstockupdate.com/c?x=F8eoK2UrMvREWSnU 3G40BwitXkdXzpSz8jk0QSwZ5I=&c=tiOjyYfgPLFov6yuLy7eIECbCnYiW/UOVV6FZSBlMxcl5bOgCNnyvVUPgxTsMkpZ8150SSZD 7hOiW9Eum7yvspxMwJ9UpUSFxV/.../TW&downloadAs=TomsInstaller.exe

http://www.conecptquickrepository.com/c?x=X4gNFZvQt/jfpAC/GjnshC7GliO9FUz7qwi8mB3Qk4E=&c=mbDOuQOQS4EvuYxAkaT6uygyLzbCqRCLT1l2q8RHTRcJvLYpwvmDQU88m3J2hqusu35r7D oE4GIZ3mxyx2mvgEfWoVni0HHtoh3/.../x33 NJYQkUr dT&downloadAs=TomsInstaller.exe

http://www.bitssigncurrent.com/c?x=xGajaT4me/zMsTtutvm9ELOySoTJZy29TPntzJ794g4=&c=RbE9Lf/.../BcGG1EadccwUmhx5uH2WFCiPAiOoG7dAJ5T4mP5oCQkGRaosULGa&downloadAs=TomsInstaller.exe

http://www.packagesafenew.com/WVl6OTRQVmRFZURsVmJWRnJTR2MyVlUwNVVtUTJjRzQ0UjJJMVlUUk9VemxCZWtSWFp5VXlRbEJ4WkZKT1lVRXlRU1V6UkNaalBUYzRObmd4YjJjemEydHJPVFJpV2xSMVMwTmhkVk5WWTNneU5HRXhObWxJVDJkalRWTnRTakpJZW5GT2R6TlhjVzF5VkdaWFVqUnZOVEp2TkVSRU5HOW9kVzFyYUZodVRucFhSRE5tTUVscVduSndhRkJKYUNVeVFsWkxNVFZ5VFRkb1pXbzRTR0pFVlROSU9HazFRazlXWW05M01tSlFUelJyVjNCRldqZEVUWHBPWVZkelRuQTBkVUl3YXpGMlJVUlBVVGhvYjJOQkpUTkVKVE5FSm1SdmQyNXNiMkZrUVhNOVZHOXRjMGx1YzNSaGJHeGxjaTVsZUdVbVptRnNiR0poWTJ0ZmRYSnNQV2gwZEhBbE0wRWxNa1lsTWtaM2QzY3VZWFJvZEdWckxtTnZiU1V5Um1SdmQyNXNiMkZrSlRKR1oyZDBjbUZ1YzJ4aGRHVXVaWGhs

http://www.bulkstockupdate.com/.../d0&downloadAs=TomsInstaller.exe

https://d1ob5g40gc5b6g.cloudfront.net/36/357061/.../ggtranslate.exe

http://google-translate-desktop.soft32.com/download-my-file/.../

http://www.downloadcrew.com/?act=software.download&id=17659&t=1472262211&c=99fffa8ba74ae7c39d8d799a17a4bae2478830c6

Latest 30 of 71 download URLs

Scan ggtranslate.exe - Powered by Reason Core Security