gjlsetup.exe

This is a self-extracting archive and installer. The file has been seen being downloaded from www.google.com and multiple other hosts.
MD5:
86c50661b16bd328e421403cb06f58e5

SHA-1:
56700f9fa0afd96890a0c991f6180236a9772d51

SHA-256:
8f1c47e56250d76edcc4389642d6fd2727ce66b912927ccdd280472293c2675b

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/25/2024 1:42:44 PM UTC  (today)

File size:
11.4 MB (11,976,086 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\gjlsetup.exe

File PE Metadata
Compilation timestamp:
4/3/2016 10:18:59 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
196608:SB9jg3E/yCtHlUgmcMKZpIW13aRti9D6V+PLnyj45RFv3tu4lYzpG9yIcTTmzA:Sjjt/RtHl7vLZV13l93LR93J8gyI8IA

Entry address:
0x310F

Entry point:
81, EC, 84, 01, 00, 00, 53, 56, 57, 33, DB, 68, 01, 80, 00, 00, 89, 5C, 24, 18, C7, 44, 24, 10, 98, 91, 40, 00, 89, 5C, 24, 20, C6, 44, 24, 14, 20, FF, 15, A8, 70, 40, 00, FF, 15, A4, 70, 40, 00, 66, 3D, 06, 00, 74, 11, 53, E8, 7C, 2F, 00, 00, 3B, C3, 74, 07, 68, 00, 0C, 00, 00, FF, D0, BE, 98, 72, 40, 00, 56, E8, F8, 2E, 00, 00, 56, FF, 15, A0, 70, 40, 00, 8D, 74, 06, 01, 38, 1E, 75, EB, 55, 6A, 09, E8, 4F, 2F, 00, 00, 6A, 07, E8, 48, 2F, 00, 00, A3, 04, E4, 42, 00, FF, 15, 44, 70, 40, 00, 53, FF, 15, 88...
 
[+]

Code size:
24 KB (24,576 bytes)

The file gjlsetup.exe has been seen being distributed by the following 17 URLs.

https://www.google.com/url?hl=pl&q=http://email.pixelfederation.com/.../click?upn=EJfNXwGNtqTkE2t2t41P9HKgfJfwTLLKN21Igkefo-2BDwPEbN6vVWUBJoc9HL4PJQIUqhDpfhTPJ2kKxNmwVwFUvpXeT9Izwtum-2Fd-2BgpySBOCVmhHKDrLHZCKzr2tKK-2FjbuG08nup9saqVfsSdUiqVvJKFxMHdZt2L9YRmZ9KMOI-3D_6b-2BMqPX0wLlryDaYhMepoLWbb-2BW3ApirPe3XB4LKOhg2yL2FTopRHrYWwW8sq-2F7pZ3cwYUGanHgjTq6-2Fbn0oX0Kr1J8XVFoXGEtpXXTqP7oTvW1n1Rw6s0oJ6kKgpwqK-2BFt1BjB6MVhZEUDYcKlVIpTiyVKI5C90XNCbAS6ffLGbmYk2CpbRLTj0cCuVkL5um67gN-2FiQnV6e-2BHNcYcJS6g-3D-3D&source=gmail&ust=1466859832699000&usg=AFQjCNHJgX1mTAdtNzoFvjBp9TICyqK8Ag

https://zasobygwp.pl/redirect?sig=e07d2bbe4fdc87c2c8fb86544cb97db46d5de223195c210a88a16083fb767182&url=aHR0cDovL2VtYWlsLnBpeGVsZmVkZXJhdGlvbi5jb20vd2YvY2xpY2s_dXBuPUVKZk5Yd0dOdHFUa0UydDJ0NDFQOUhLZ2ZKZndUTExLTjIxSWdrZWZvLTJCRHdQRWJONnZWV1VCSm9jOUhMNFBKUUlVcWhEcGZoVFBKMmtLeE5td1Z3RlV2cFhlVDlJend0dW0tMkZkLTJCZ3B5U0JPQ1ZtaEhLRHJMSFpDS3pyMnRLSy0yRmpidUcwOG51cDlzYXFWZnNTZFVpcVZ2SktGeE1IZFp0Mkw5WVJtWjlLTU9JLTNEXy0yQjk2cjVqaEhodnlMeDJydy0yQnQ4U0VrZWtkaTZYUlllQ3F6TVdvNVhENFNhRlNzU1BkOVg5RUNJMEZQelVETGlWNEVTeW1HZXBCV2hjeW5EWTk3dy0yRjRTLTJGaEFTdDlucG5wck95M25ZTWdERkFEMm04QnF6SkluTmZHeG16UlZNTlF3RVhMS1UxVXEtMkJTUnFNaG4tMkZQNE1FbTRWMHktMkJBT3FYOHA2ZHUwNTBUUkNzakY4QjZncWVreW0yQ1pjQldTaDJ5dnJKRFNGdmRXYlN1LTJGTFlGZzA5SWdRLTNELTNE

https://www.google.com/url?hl=hu&q=http://email.pixelfederation.com/.../click?upn=EJfNXwGNtqTkE2t2t41P9HKgfJfwTLLKN21Igkefo-2BDwPEbN6vVWUBJoc9HL4PJQIUqhDpfhTPJ2kKxNmwVwFUvpXeT9Izwtum-2Fd-2BgpySBOCVmhHKDrLHZCKzr2tKK-2FjbuG08nup9saqVfsSdUiqVvJKFxMHdZt2L9YRmZ9KMOI-3D_pppLUHS79S1wvpTFlgxVIWjrqeBVieRVZTSxg8ypNUqX5lOzcYxmfC-2FelyEPVxvdrtggT2TNBfPxnK5mEA96Q6burOZJWkQ9jwaV74l6evmYCksKC3eStEup53geb-2Bx4-2BiSn-2F9O8viDmvGQj5-2BpmleyzJbOjN4MjsXbRD-2BWQGqRjmXguw50qYxOWoFGwj2f515hirYTYdNpDoKEEnShYEw-3D-3D&source=gmail&ust=1467119247759000&usg=AFQjCNGTeXevVju2iImFYNQJWxoL9-c3bw

http://email.pixelfederation.com/.../click?upn=EJfNXwGNtqTkE2t2t41P9HKgfJfwTLLKN21Igkefo-2BDwPEbN6vVWUBJoc9HL4PJQIUqhDpfhTPJ2kKxNmwVwFUvpXeT9Izwtum-2Fd-2BgpySBOCVmhHKDrLHZCKzr2tKK-2FjbuG08nup9saqVfsSdUiqVvJKFxMHdZt2L9YRmZ9KMOI-3D_xmosDFP29XbbblKKq6x5hNRkBNYcCCmjIqUHgSyvNovcdZ6iNLgoDXTcJbD6kcmPskZFCdpaLZDexaGOeoC1-2B-2F-2FX4B1nKXaH44GXP867EpKoriqxidTlkPNfP7elwaaxEMTRPbUPDHiAvYh0YIMCq-2FvL9UGxVIE1DbI-2Bnj40jhyQdxYED-2FzR33K77wHoOnAqgyMchS1IRmRWp0NFjDP-2Fzw-3D-3D

https://www.google.com/url?hl=pl&q=http://email.pixelfederation.com/.../click?upn=EJfNXwGNtqTkE2t2t41P9HKgfJfwTLLKN21Igkefo-2BDwPEbN6vVWUBJoc9HL4PJQIUqhDpfhTPJ2kKxNmwVwFUvpXeT9Izwtum-2Fd-2BgpySBOCVmhHKDrLHZCKzr2tKK-2FjbuG08nup9saqVfsSdUiqVvJKFxMHdZt2L9YRmZ9KMOI-3D_F6Nym2r6IRd3UdW7p5Ptcf-2BeFJFX1qWV-2B1QcDpwSikRxH1BZ8rYEJI-2BTreTA1xrzKgVJJDr3ghdGFAhZREfiSnQccgSISN-2Fds-2FC-2BmauyHAROtEd2naPhYQKogFBY52Vj-2FDCAAkiQq-2BSl84Npoom8OBjcJtwKJx9oh2Fi5WS5vSxFdh0YBj4vdlTpP6mNwzR37DhSopzCqpgiOA0uc-2BNXda7CrhjpbK5mRDapRMebl-2Bk-3D&source=gmail&ust=1467043685512000&usg=AFQjCNEW618RuWZR3lXTxIuYY8yogXxHng

https://www.google.com/url?hl=lt&q=http://email.pixelfederation.com/.../click?upn=EJfNXwGNtqTkE2t2t41P9HKgfJfwTLLKN21Igkefo-2BDwPEbN6vVWUBJoc9HL4PJQIUqhDpfhTPJ2kKxNmwVwFUvpXeT9Izwtum-2Fd-2BgpySBOCVmhHKDrLHZCKzr2tKK-2FjbuG08nup9saqVfsSdUiqVvJKFxMHdZt2L9YRmZ9KMOI-3D_aiBeNql5aZ60qUzgGtFNr86E8GZIBK8ucYzbSgkMl4sDJGGIhHptlRNrNWhhaNaF1nYCjPFLYWrVVdalvWwSRB9961uHcaTMGho6q7Bn7i5JiYXnWnW4xBl7I-2FjM4Voox6n87LNLAckVvjI8bE8PC68kscIQ-2BlgtGdwqxhM4OYhSd7o2ED6GP53j-2FIvbZxMiKjkMs8NcamgHfqIvgVbrWw-3D-3D&source=gmail&ust=1467011521300000&usg=AFQjCNFON7mj_a2yeMR82a-I7D5GSh5qmw

http://email.pixelfederation.com/.../click?upn=EJfNXwGNtqTkE2t2t41P9HKgfJfwTLLKN21Igkefo-2BDwPEbN6vVWUBJoc9HL4PJQIUqhDpfhTPJ2kKxNmwVwFUvpXeT9Izwtum-2Fd-2BgpySBOCVmhHKDrLHZCKzr2tKK-2FjbuG08nup9saqVfsSdUiqVvJKFxMHdZt2L9YRmZ9KMOI-3D_PxwuHqI1orJmj3jj8h-2FbojtPRQlEmeE-2BghERteId8LB-2Bex89wq0Kft8z77AejHPomClhPL2i52dDAZccx1mmCNc1DZ3-2Fg0cLJB9NuBm9-2Fupe3KAolZ-2BQFxWrQlyGkAwcJqHChnGi9dycL8-2FhgsADAJjnz3uyQr01E9IyPIcTDGhLZMZYqrCYX33Ett5xi2gCD-2F2Ub1DDprreZqy3CATxFg-3D-3D

http://email.pixelfederation.com/.../click?upn=EJfNXwGNtqTkE2t2t41P9HKgfJfwTLLKN21Igkefo-2BDwPEbN6vVWUBJoc9HL4PJQIUqhDpfhTPJ2kKxNmwVwFUvpXeT9Izwtum-2Fd-2BgpySBOCVmhHKDrLHZCKzr2tKK-2FjbuG08nup9saqVfsSdUiqVvJKFxMHdZt2L9YRmZ9KMOI-3D_aKNbnPFBDXZxLU2xWQvv2QiGVQvmaatL8jh1L3pFEkZa8RMRe9Sp2LEzs6dnfUGynkZP0eV7OZlFn3TdWhTxYmwGBsVtM2gxnD6mx4dCpE-2F8YEnddDclm5qBXxrcCQLu3IWYdpQ3IqyfbDz2dJr0zoD-2FUhgdg2uOZAE6c-2F2M3CghCE1RUNNS4aCZqQJN8ZYZucTLjWiFCBa1qlw9rn7r9g-3D-3D

http://email.pixelfederation.com/.../click?upn=EJfNXwGNtqTkE2t2t41P9HKgfJfwTLLKN21Igkefo-2BDwPEbN6vVWUBJoc9HL4PJQIUqhDpfhTPJ2kKxNmwVwFUvpXeT9Izwtum-2Fd-2BgpySBOCVmhHKDrLHZCKzr2tKK-2FjbuG08nup9saqVfsSdUiqVvJKFxMHdZt2L9YRmZ9KMOI-3D_4ZBuB8tLBWgah1xas6ENgTLiV74cmaV-2FMXC-2FW-2BKNsvBy3hUWeC4Cg2xRtYU63ywrCPX5HO9H10iomaOd-2Fge5TKZIdtoBBbsaloOLAt2JnuKCpLhzW6K7eSZbat8dJyHssMAGv-2BcteyEbZnfddNsWqyynPzumk2vs-2FyH7TZ3UBSv-2B-2BIDinuEVuDfqOwuruEu04o-2Bn5bSFQraxE0AXJr29uA-3D-3D

http://email.pixelfederation.com/.../click?upn=EJfNXwGNtqTkE2t2t41P9HKgfJfwTLLKN21Igkefo-2BDwPEbN6vVWUBJoc9HL4PJQIUqhDpfhTPJ2kKxNmwVwFUvpXeT9Izwtum-2Fd-2BgpySBOCVmhHKDrLHZCKzr2tKK-2FjbuG08nup9saqVfsSdUiqVvJKFxMHdZt2L9YRmZ9KMOI-3D_Yrlhc-2FJ0CasOdpVsC5XpwhA46DckJj26s4IH5tI-2BuG9L-2Bw7l4HAO4WZ3PxfLoEzSJiikQe43ecko5ki6gNT-2Fp90DEyOT68-2B8WqcVc6ZL5aenP3P2v2lF7VZ06KjzCrK-2FY1rCfaB-2FPRZ-2BCHozc7GywNDLp9a6-2BTsNQq-2FgbG81mnGcDIp7pAa1oUKl04bQx6-2F4MKxrlR7UuvOPNZ8d-2FeGM6A-3D-3D

Scan gjlsetup.exe - Powered by Reason Core Security