home

goldlarry.exe

Sice Xing

The application goldlarry.exe by Sice Xing has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Protect Service(GoldlarryP)”.
Publisher:
Sice Xing  (signed and verified)

MD5:
11d7f72110273ad8f3058811ea8b5c08

SHA-1:
1f329a7b00d7997b29f99b464e8231ceafb5778d

SHA-256:
cdb9093e230195958f7d58b0ba1c1aaf8793cf60eed0eaa6bcf5862cd380672b

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/16/2024 2:34:05 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Elex (M)
16.7.26.10

File size:
427.9 KB (438,144 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\ProgramData\goldlarry\goldlarry.exe

Digital Signature
Signed by:
Sice Xing

Authority:
thawte, Inc.

Valid from:
7/25/2016 7:00:00 AM

Valid to:
4/2/2017 6:59:59 AM

Subject:
CN=Sice Xing, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
5FB10B3C2DCC4CD783B4781D55429D7C

File PE Metadata
Compilation timestamp:
7/26/2016 3:07:38 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
12288:iEvnLKNHiBKmTZ4UVywiyVSElBY5CSDXp4Hr62VJCk:iEvLx3HuMnm5LDXp4HrRJCk

Entry address:
0x2E911

Entry point:
D8, AE, 57, 00, 00, 9B, E3, 96, A7, AB, AA, 4F, 29, 83, 75, 00, C7, 1D, BE, 01, FB, 6E, 00, 00, 00, 00, 33, 2A, 2F, 6F, 6B, C7, B5, 17, 34, 80, A0, 38, 3C, AB, 60, 00, 00, 00, 00, BD, 08, 74, 46, 4E, 16, 47, 64, 0B, 02, 02, E3, 5D, FB, D9, 91, F0, 01, 0C, 00, 41, A6, 38, A7, 21, A9, AD, 30, 8C, CE, CF, B3, AF, C7, 20, 86, 07, CB, 00, 00, 00, 00, 87, B3, 61, 54, B3, 65, 00, 00, 00, 00, E5, 1C, 70, 59, 41, 11, 54, 3D, 63, 1A, 07, C3, 4D, F9, 8B, C9, E4, 05, 13, 00, 46, B5, 61, B9, 29, A0, B5, 10, 8E, A4, 2D...
 
[+]

Entropy:
7.0267

Code size:
310 KB (317,440 bytes)

Service
Display name:
Protect Service(GoldlarryP)

Service name:
GoldlarryP

Description:
To ensure your Goldlarry software integrity. If this service is disabled or stopped, your Goldlarry software will not be kept integrity check. This service uninstalls itself when there is no Goldlarry

Type:
Win32OwnProcess

Depends on:
RpcSs


Remove goldlarry.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.