go_player.exe

eDownload Module

Beijing ELEX Technology Co.,Ltd

The application go_player.exe by Beijing ELEX Technology Co.,Ltd has been detected as a potentially unwanted program by 12 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.freeappstools.com.
Publisher:
Beijing ELEX Technology Co.,Ltd  (signed and verified)

Product:
eDownload Module

Version:
5.1.9.2613

MD5:
533441054245ac3e89b5376c2b0b6ac1

SHA-1:
501b5efc770b45b032e65b45f7e53e5485b3c118

SHA-256:
063dfaa7b9f0e1b9f41060021e762b533e8da8a27c5d9d69c94607d46d4b9e50

Scanner detections:
12 / 68

Status:
Potentially unwanted

Analysis date:
12/23/2024 11:49:49 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.170.208

Baidu Antivirus
Adware.Win32.ELEX
4.0.3.14914

Dr.Web
Adware.Mutabaha.52
9.0.1.0257

ESET NOD32
Win32/ELEX (variant)
8.10363

Fortinet FortiGate
Riskware/Elex
9/14/2014

G Data
Win32.Adware.Elex
14.9.24

Malwarebytes
PUP.Optional.Elex.A
v2014.09.14.05

McAfee
RDN/Generic PUP.x!cg3
5600.7007

Reason Heuristics
PUP.BeijingELEXTechnologyCoLtd.J
14.9.14.17

Sophos
Generic PUA FA
4.98

VIPRE Antivirus
Trojan.Win32.Generic
32792

File size:
942.6 KB (965,240 bytes)

Product version:
5.1.9.2613

Copyright:
Copyright 2013

Original file name:
eDownload.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\go_player.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
7/26/2013 7:54:20 AM

Valid to:
7/27/2014 7:54:20 AM

Subject:
CN="Beijing ELEX Technology Co.,Ltd", O="Beijing ELEX Technology Co.,Ltd", L=Beijing, S=Beijing, C=CN

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112131F67BDEA1D6D12E11D656C8BE509ECE

File PE Metadata
Compilation timestamp:
3/14/2014 10:15:28 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:JiB/UtLIKdIZIrK6lH1qAb8PoHMac6Wsrw9h4K6:cMtsfWuWMU8gsac63876

Entry address:
0x1AB040

Entry point:
60, BE, 00, 60, 4E, 00, 8D, BE, 00, B0, F1, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Packer / compiler:
UPX 2.90LZMA

Code size:
792 KB (811,008 bytes)

The file go_player.exe has been seen being distributed by the following URL.

Remove go_player.exe - Powered by Reason Core Security