gomplayerensetup.exe

GOM Player

GRETECH

The application gomplayerensetup.exe, “GOM Player Setup File (2011-09-08 13:47:27)” by GRETECH has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. Additionally, the file is typically installed by a number of programs including CDRWIN 8 by Engelmann Media GmbH and muvee Reveal by muvee Technologies. The file has been seen being downloaded from www.ex.ua and multiple other hosts.
Publisher:
Gretech Corporation  (signed by GRETECH)

Product:
GOM Player

Description:
GOM Player Setup File (2011-09-08 13:47:27)

Version:
2.1

MD5:
2635881f71c50b7331dd470ca579b74c

SHA-1:
5f4485615c870b5ec03f0aa7591a04f330b3a2f6

SHA-256:
a82ae562c7b0367ed4af2ac8995ebc0877d8612471d8fc0bf84ed834dbac36bd

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 2:44:11 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.GRETECH.GretechC.Installer.Meta (L)
16.6.10.10

File size:
8.7 MB (9,168,552 bytes)

Product version:
2.1.33.5071

Copyright:
Copyright(C) 2003-2011

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
4/1/2011 3:00:00 AM

Valid to:
4/1/2012 2:59:59 AM

Subject:
CN=GRETECH, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=GRETECH, L=Gangnam-gu, S=Seoul, C=KR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1472BF5317E0965C879EF989EB6864AD

File PE Metadata
Compilation timestamp:
12/6/2009 1:50:46 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
196608:4tYjk1cDMvyIJPcsVDCnodrfqhOa+Kx1Qn4iWyne5ciFqxUoY8yuMLppqvMOIVfS:+PbNVDXfqZ+Kx1Q43cHazZMvMOgK

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9993

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file gomplayerensetup.exe has been discovered within the following programs.

CDRWIN 8  by Engelmann Media GmbH
CDRWIN is a CD/DVD burning software for Microsoft Windows developed by Golden Hawk Technology company. It bundles limited versions of other software packages, such as Nero Burning ROM and Roxio Easy CD Creator, with new computers and optical drives.
www.engelmann.com
About 7% of users remove it
muvee Reveal  by muvee Technologies
Publisher's description - “In a few clicks, pump up your home video to awesome movies. It’s that easy and YOU can look like a Pro! Select your photos, videos, and Style. Preview, then Save. Share anywhere in a click. Burn a DVD, upload to YouTube, Facebook.”
www.muvee.com/website
About 8% of users remove it
 
Powered by Should I Remove It?

The file gomplayerensetup.exe has been seen being distributed by the following 4 URLs.

Remove gomplayerensetup.exe - Powered by Reason Core Security