goldlarry.exe

Sice Xing

The application goldlarry.exe by Sice Xing has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Protect Service(GoldlarryP)”.
Publisher:
Sice Xing  (signed and verified)

MD5:
11d7f72110273ad8f3058811ea8b5c08

SHA-1:
9a049654569bf9be2b7ff0937ff57d87b31dd789

SHA-256:
cdb9093e230195958f7d58b0ba1c1aaf8793cf60eed0eaa6bcf5862cd380672b

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/16/2024 2:46:56 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Elex (M)
16.7.27.4

File size:
427.9 KB (438,144 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\goldlarry\goldlarry.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
7/25/2016 7:00:00 AM

Valid to:
4/2/2017 6:59:59 AM

Subject:
CN=Sice Xing, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
5FB10B3C2DCC4CD783B4781D55429D7C

File PE Metadata
Compilation timestamp:
7/26/2016 3:07:38 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
12288:iEvnLKNHiBKmTZ4UVywiyVSElBY5CSDXp4Hr62VJCk:iEvLx3HuMnm5LDXp4HrRJCk

Entry address:
0x2E911

Entry point:
D8, AE, 57, 00, 00, 9B, E3, 96, A7, AB, AA, 4F, 29, 83, 75, 00, C7, 1D, BE, 01, FB, 6E, 00, 00, 00, 00, 33, 2A, 2F, 6F, 6B, C7, B5, 17, 34, 80, A0, 38, 3C, AB, 60, 00, 00, 00, 00, BD, 08, 74, 46, 4E, 16, 47, 64, 0B, 02, 02, E3, 5D, FB, D9, 91, F0, 01, 0C, 00, 41, A6, 38, A7, 21, A9, AD, 30, 8C, CE, CF, B3, AF, C7, 20, 86, 07, CB, 00, 00, 00, 00, 87, B3, 61, 54, B3, 65, 00, 00, 00, 00, E5, 1C, 70, 59, 41, 11, 54, 3D, 63, 1A, 07, C3, 4D, F9, 8B, C9, E4, 05, 13, 00, 46, B5, 61, B9, 29, A0, B5, 10, 8E, A4, 2D...
 
[+]

Entropy:
7.0267

Code size:
310 KB (317,440 bytes)

Service
Display name:
Protect Service(GoldlarryP)

Service name:
GoldlarryP

Description:
To ensure your Goldlarry software integrity. If this service is disabled or stopped, your Goldlarry software will not be kept integrity check. This service uninstalls itself when there is no Goldlarry

Type:
Win32OwnProcess

Depends on:
RpcSs


Remove goldlarry.exe - Powered by Reason Core Security