gjlsetup.exe

PIXEL FEDERATION s.r.o.

This is a self-extracting archive and installer. The file has been seen being downloaded from www.google.com and multiple other hosts.
Publisher:
PIXEL FEDERATION s.r.o.  (signed and verified)

MD5:
52bf8cb9efe68ba7a7ed8ba669ef56db

SHA-1:
587a6366e6b02479ab168c9a52a4fe661af4c0a3

SHA-256:
392e361009e5bf09b5c0595f228b9f5e7e6246865f75bee2ec0ab96dfb42d9d5

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/25/2024 2:07:44 PM UTC  (today)

File size:
44.7 MB (46,900,352 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\gjlsetup.exe

Digital Signature
Authority:
thawte, Inc.

Valid from:
6/28/2016 2:00:00 AM

Valid to:
6/29/2018 1:59:59 AM

Subject:
CN=PIXEL FEDERATION s.r.o., OU=IT Division, O=PIXEL FEDERATION s.r.o., L=Bratislava, S=Slovakia, C=SK

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
467DA34402605D5C6D2335D62A2BAADB

File PE Metadata
Compilation timestamp:
4/3/2016 10:18:59 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
786432:Pt954qsS0mWn00mU9H+CKmwLJsbyECGQemscjsOcETah9HT77nkkfEhJQI8In:1Zsf88efmwLHLkmLoO3mzPk4EhJQItn

Entry address:
0x310F

Entry point:
81, EC, 84, 01, 00, 00, 53, 56, 57, 33, DB, 68, 01, 80, 00, 00, 89, 5C, 24, 18, C7, 44, 24, 10, 98, 91, 40, 00, 89, 5C, 24, 20, C6, 44, 24, 14, 20, FF, 15, A8, 70, 40, 00, FF, 15, A4, 70, 40, 00, 66, 3D, 06, 00, 74, 11, 53, E8, 7C, 2F, 00, 00, 3B, C3, 74, 07, 68, 00, 0C, 00, 00, FF, D0, BE, 98, 72, 40, 00, 56, E8, F8, 2E, 00, 00, 56, FF, 15, A0, 70, 40, 00, 8D, 74, 06, 01, 38, 1E, 75, EB, 55, 6A, 09, E8, 4F, 2F, 00, 00, 6A, 07, E8, 48, 2F, 00, 00, A3, 04, E4, 42, 00, FF, 15, 44, 70, 40, 00, 53, FF, 15, 88...
 
[+]

Code size:
24 KB (24,576 bytes)

The file gjlsetup.exe has been seen being distributed by the following 7 URLs.

https://www.google.com/url?hl=lt&q=http://email.pixelfederation.com/.../click?upn=EJfNXwGNtqTkE2t2t41P9HKgfJfwTLLKN21Igkefo-2BDwPEbN6vVWUBJoc9HL4PJQIUqhDpfhTPJ2kKxNmwVwFUvpXeT9Izwtum-2Fd-2BgpySBOCVmhHKDrLHZCKzr2tKK-2FjbuG08nup9saqVfsSdUiqVvJKFxMHdZt2L9YRmZ9KMOI-3D_1RVyfVdJnEhQqtelcbxYouGNl9v4-2BJpS6IutdEz4CkuXvIksvdo8ob13sto1Xr9-2Bi3HUhJNdEj2oEdz4vQynjAlG9-2FRaMkae6wzyqv1zrThOyro7neOzTNMWkObonlvxQXaYXc-2FDw-2FG5aIo9ITzafkvcoiOxvKi8DgQ2DYsWhBSr-2BunkAdJsIFsXHN3wMVKa9i-2Bih8bjG6nyyFnnnONJiQ-3D-3D&source=gmail&ust=1467650116033000&usg=AFQjCNFzEKWdEPQNty1K2eVzX14NFT0OPg

http://email.pixelfederation.com/.../click?upn=EJfNXwGNtqTkE2t2t41P9HKgfJfwTLLKN21Igkefo-2BDwPEbN6vVWUBJoc9HL4PJQIUqhDpfhTPJ2kKxNmwVwFUvpXeT9Izwtum-2Fd-2BgpySBOCVmhHKDrLHZCKzr2tKK-2FjbuG08nup9saqVfsSdUiqVvJKFxMHdZt2L9YRmZ9KMOI-3D_oFDQagPlbqEVF17kWunMi6cZBQDZH1iQtozMQ4qxnH8vVzmjm8R6AMHwdFtRGf0eG-2Fcc70-2B3aEegAx9b1YrrZtI0I3DyoKv9cxfjOxBuo8j-2F8dHzY1z2TzWsOSXIE3kqM3j4VR4-2FQPnepW8nqG3v4kuHu2eWb9sEdxkwed-2BdLUGjZ5lqzQrhjDBUgQd02jFc78NAw2iwU2n5w2TxVM54WA-3D-3D

https://mail.inbox.lv/link/.../dXBuPUVKZk5Yd0dOdHFUa0UydDJ0NDFQOUhLZ2ZKZndUTExLTjIxSWdrZWZvLTJCRHdQRWJONnZWV1VCSm9jOUhMNFBKUUlVcWhEcGZoVFBKMmtLeE5td1Z3RlV2cFhlVDlJend0dW0tMkZkLTJCZ3B5U0JPQ1ZtaEhLRHJMSFpDS3pyMnRLSy0yRmpidUcwOG51cDlzYXFWZnNTZFVpcVZ2SktGeE1IZFp0Mkw5WVJtWjlLTU9JLTNEX3dZSDU1UHhTbmFITC0yQkZKdUhpejN2OFVIakdORS0yQnREaUhmMHk0MTVJeEVrLTJGWVlmZXZweXdmQWEtMkYtMkZJV1Bxb2NVcjRJWHItMkZQQ2REQ2FoLTJGdHNMcm1HQmhlVzZYeVpwbUlvSS0yQjRsbUNKN3diUmZlTnR2Umwzc0xZbWR6Wkk5OEQxcmNjREdhSEM4enVQOTl1MlF3SHhzZ29rQnhlMGdsVG1IR0tUcXhYMXFKMzJaLTJGOTc1YTNFVzlOWXh4R2pHYWU4Mko4d1QwYzR3UW05ZC0yQlYwSFlIUkxHdy0zRC0zRA==

http://email.pixelfederation.com/.../click?upn=EJfNXwGNtqTkE2t2t41P9HKgfJfwTLLKN21Igkefo-2BDwPEbN6vVWUBJoc9HL4PJQIUqhDpfhTPJ2kKxNmwVwFUvpXeT9Izwtum-2Fd-2BgpySBOCVmhHKDrLHZCKzr2tKK-2FjbuG08nup9saqVfsSdUiqVvJKFxMHdZt2L9YRmZ9KMOI-3D_Bj0XAFCyU9PbKbgX4xFV-2Bdow1TSg5va0m4TX5szvioRs18tI-2BCC2nEJeTxolin8E8UGKZIC8K8jlMFGBSvLSvhYwzRb-2FsyyIuR7-2FnOWWMPzKkVebPOeB7KvBn95JfBaqDCs6JNSgwER0abBHskRyEkm1wdxZYj-2BPcFZEP-2BvSTeF6g7i1wRrJpQ8MjckThpcW-2BY-2B45LcCJMIv7yxT5HYfXw-3D-3D

https://www.google.com/url?hl=en&q=http://email.pixelfederation.com/.../click?upn=EJfNXwGNtqTkE2t2t41P9HKgfJfwTLLKN21Igkefo-2BDwPEbN6vVWUBJoc9HL4PJQIUqhDpfhTPJ2kKxNmwVwFUvpXeT9Izwtum-2Fd-2BgpySBOCVmhHKDrLHZCKzr2tKK-2FjbuG08nup9saqVfsSdUiqVvJKFxMHdZt2L9YRmZ9KMOI-3D_R4LQ37wtO2GKIEcNcLcLywWQJkqtICR7bPB7962EoxdYsQnYpAfMGQ2YQp7h66YKtz4xjaIwAN-2FHQgKRRXhXrAmX84vGtoy-2BJS1GEz8ZT4JS8vHhI09T-2FK0Nq90759goo02kABIlOsbVWU4Z7uZlpv-2B3sYeCWXWEoJAvOLcj31PQ9zqLkL1xByE-2FewCp-2BafL3arOcl-2FoxcGJfUxAzu-2BN37sz1-2FFJ65VB6Jm2H7Q-2Fahs-3D&source=gmail&ust=1468797566600000&usg=AFQjCNFfgtF5dPAj4St7COHKCYSf-rt4GQ

Scan gjlsetup.exe - Powered by Reason Core Security