home

GOLDLA~1.EXE

Shulan Hou

The application GOLDLA~1.EXE by Shulan Hou has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Shulan Hou  (signed and verified)

MD5:
cf7626601ee45165ae4d215ec734eca0

SHA-1:
d46c7ccc52288a609bab93cdc67bda3040ffd7a5

SHA-256:
534cbf421b9dd41ee591152e47a709bde7f1a62b62af13dbfde4e4f83ad1e3ef

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/27/2024 3:08:48 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ELEX (M)
16.7.31.19

File size:
469.9 KB (481,152 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\windows\temp\3582-490\goldla~1.exe

Digital Signature
Signed by:
Shulan Hou

Authority:
thawte, Inc.

Valid from:
7/24/2016 9:00:00 PM

Valid to:
6/13/2017 8:59:59 PM

Subject:
CN=Shulan Hou, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
2A5B578B2DA9A441D2C1AECD265EEFBF

File PE Metadata
Compilation timestamp:
7/27/2016 3:23:26 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
12288:Gct5A9Xq2N4ugwWo/JMQvU2wz36GJXlct+:GctGw28vELsKGBlct+

Entry address:
0x2EC31

Entry point:
DD, DA, 63, 00, 00, 90, CE, B2, A6, 93, 9B, 76, 18, B9, 01, 00, F3, 29, A1, 35, F0, 43, 00, 00, 00, 00, 0A, 1B, 15, 1B, 6E, F3, 81, 08, 51, 8B, 8D, 1C, 3D, 93, 51, 00, 00, 00, 00, B8, 3C, 40, 59, 7A, 1D, 6A, 40, 0A, 3A, 33, DA, 6C, C1, AD, 94, C4, 35, 13, 00, 4A, 8B, 1C, A6, 19, 98, 94, 01, B6, BA, CA, 87, 9B, D8, 14, 8D, 2A, EF, 00, 00, 00, 00, B6, 89, 15, 51, 87, 51, 00, 00, 00, 00, C1, 1D, 48, 68, 78, 20, 6E, 49, 66, 2E, 33, DC, 79, F2, A6, ED, E5, 3D, 22, 00, 77, 8F, 15, BC, 1D, 94, AA, 24, 85, 89, 09...
 
[+]

Code size:
311 KB (318,464 bytes)

Remove GOLDLA~1.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.