home

GoTiengViet.exe

Gõ Tiếng Việt

Kỳ Nam

This is a setup program which is used to install the application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘GoTiengViet’. The file has been seen being downloaded from f51.x8top.net and multiple other hosts.
Publisher:
Kỳ Nam

Product:
Gõ Tiếng Việt

Version:
1.7.6.0

MD5:
308cc69935c2aeaf1607f2b1a596966e

SHA-1:
d601782064d7d1a0dc2541500d1fee5c367df4bf

SHA-256:
6b9fda8bbd66b1a5c0deda282724817e788968f54ae7b1c448d508aafef8ce23

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/27/2024 1:21:44 PM UTC  (today)

File size:
916 KB (937,984 bytes)

Product version:
1.7.6.0

Copyright:
(c)2009 Kỳ Nam

Original file name:
GoTiengViet.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\go tieng viet\gotiengviet.exe

File PE Metadata
Compilation timestamp:
5/10/2010 7:45:05 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:4iOhd3seCsIhsPP+F/7ZsIFq0IBFyvh2oLjv/HtZ/CaeNAu:4vhd3seCsIhhZsIFTIBFyZ2oHvfn/CaS

Entry address:
0x79F0B

Entry point:
E8, 7F, 71, 00, 00, E9, 79, FE, FF, FF, 3B, 0D, 30, A7, 4C, 00, 75, 02, F3, C3, E9, 01, 72, 00, 00, 8B, FF, 51, C7, 01, A4, A0, 4A, 00, E8, F9, 72, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, F1, E8, E3, FF, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, DE, FE, FD, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 83, C1, 09, 51, 83, C0, 09, 50, E8, 36, 73, 00, 00, F7, D8, 59, 1B, C0, 59, 40, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 8B, 75, 14, 57, 33, FF, 3B, F7, 75, 04, 33, C0, EB, 65, 39, 7D...
 
[+]

Code size:
653.5 KB (669,184 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
GoTiengViet

Command:
"C:\Program Files\go tieng viet\gotiengviet.exe" \runatlogin


The file GoTiengViet.exe has been seen being distributed by the following 6 URLs.

http://f51.x8top.net/2107tmp/cf/ngv/2015/.../gotiengviet_1760_32bit.exe

http://c236.y8top.net/2107tmp/cf/ngv/2015/.../gotiengviet_1760_32bit.exe

http://c36.softwaretop.net/2107tmp/cf/ngv/2015/.../gotiengviet_1760_32bit.exe

http://fa.azfreetips.com/2015/2/.../gotiengviet_1760_32bit.exe

http://f30.softwaretop.net/2107tmp/cf/ngv/2015/.../gotiengviet_1760_32bit.exe

http://f70.softwaretop.net/2107tmp/cf/ngv/2015/.../gotiengviet_1760_32bit.exe

Scan GoTiengViet.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.