GoRadio.exe

RP

gogogoradio

This is part of the Sendori web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application GoRadio.exe by gogogoradio has been detected as adware by 2 anti-malware scanners. This file is typically installed with the program GoGoGoRadio. While running, it connects to the Internet address server-52-85-94-158.jfk5.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
Resilion  (signed by gogogoradio)

Product:
RP

Version:
4.0.1.0

MD5:
a72b649dfe18956ed33b08047269f91e

SHA-1:
fe9a52a8af623ed7b3dafea57aab7851773bbff2

SHA-256:
869c4dc6af140d9ff2d56e594139a14b89cb61bb42dcf4f43ac66eb86c848d10

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
11/22/2024 8:24:36 PM UTC  (today)

Scan engine
Detection
Engine version

Malwarebytes
PUP.Optional.GoGoGoRadio.C
v2015.06.30.10

Reason Heuristics
PUP.Sendori.gogogoradio (M)
15.6.30.18

File size:
246.7 KB (252,656 bytes)

Product version:
4.0.1.0

Copyright:
Copyright © RP 2014

Original file name:
GoRadio.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\gogogoradio\goradio.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
9/14/2014 7:00:00 PM

Valid to:
9/14/2017 6:59:59 PM

Subject:
CN=gogogoradio, O=gogogoradio, L=San Leandro, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2E4E52FE2A8CBC43AE36B704CC702908

File PE Metadata
Compilation timestamp:
6/1/2015 12:56:11 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:2V1U1BYovBwX+d/7P4zZyXRhh+vSulVSbU1BYV:llvqXw7P0ZyhhhKVWWE

Entry address:
0x3267E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.0996

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
194 KB (198,656 bytes)

The file GoRadio.exe has been discovered within the following program.

GoGoGoRadio  by GoGoGoRadio
gogogoradio.com
About 4% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-192-19-146.iad12.r.cloudfront.net  (54.192.19.146:80)

TCP (HTTP):
Connects to server-52-85-94-200.jfk5.r.cloudfront.net  (52.85.94.200:80)

TCP (HTTP):
Connects to server-52-85-94-158.jfk5.r.cloudfront.net  (52.85.94.158:80)

Remove GoRadio.exe - Powered by Reason Core Security