ginoplayer_setup.exe

JDX Tech, LLC

The application ginoplayer_setup.exe by JDX Tech has been detected as a potentially unwanted program by 13 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. The file has been seen being downloaded from www.ginotrack.com.
Publisher:
JDX Tech, LLC  (signed and verified)

MD5:
2ab38c554477f5f0ea4c4137510c80ae

SHA-1:
cf1cf4cec12470605c8e2ca9d9c7703fd9424614

SHA-256:
96980e1b0c4e49ee8585624671352a854c224bac6af02dda18895a4c2223839c

Scanner detections:
13 / 68

Status:
Potentially unwanted

Explanation:
The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:
12/26/2024 6:56:07 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Toolbar.Babylon
7.1.1

avast!
Win32:PUP-gen [PUP]
2014.9-160609

AVG
Toolbar.Babylon
2017.0.2718

Baidu Antivirus
Adware.Win32.Bbylon
4.0.3.1669

Clam AntiVirus
Win.Trojan.Agent-588910
0.98/21511

Dr.Web
Adware.Downware.2478
9.0.1.0161

ESET NOD32
Win32/Toolbar.Babylon
10.10808

Fortinet FortiGate
W32/Toolbar.BABYLON
6/9/2016

Malwarebytes
PUP.Adware.Ginoplayer.ScamLotto
v2016.06.09.12

McAfee
Artemis!2AB38C554477
5600.6374

NANO AntiVirus
Riskware.Nsis.Babylon.cwhyhv
0.28.6.63850

Trend Micro House Call
Suspicious_GEN.F47V1113
7.2.161

VIPRE Antivirus
Babylon
35316

File size:
1.2 MB (1,265,704 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\ginoplayer_setup.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
2/21/2012 2:00:00 AM

Valid to:
2/21/2013 1:59:59 AM

Subject:
CN="JDX Tech, LLC", O="JDX Tech, LLC", L=Westland, S=Michigan, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
5D333FBE9DB1BBAB973C99045EBEF746

File PE Metadata
Compilation timestamp:
12/6/2009 12:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:0/1YKSdeF1dATT8lAbwO8RR0GLuuP4kSKrayaRgYmJRsQLW9Ezc:KLLNAT6YE5yuPpSKrayCBmJRHL3A

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file ginoplayer_setup.exe has been seen being distributed by the following URL.

Remove ginoplayer_setup.exe - Powered by Reason Core Security