gp3w5.exe

Mega Boost

Cortez Com

The application gp3w5.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler triggered by a time event. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. The file has been seen being downloaded from www.kafiridovishness.site.
Publisher:
Cortez Com

Product:
Mega Boost

Description:
tiny install

Version:
155.122.28.160

MD5:
6d80f9eeb3f3e597523c7fb544897afd

SHA-1:
37e62be6b600f1e6852bc1db5b612a12199ce3c1

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:
12/25/2024 4:27:28 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.InstallMonetizer.CortezCo.Installer.Meta (M)
16.5.25.9

File size:
590 KB (604,160 bytes)

Product version:
155.122.28.160

Copyright:
LC 2015

Trademarks:
Trd Mark

Original file name:
build.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Documents and Settings\{user}\Local settings\temporary internet files\content.ie5\{random}\gp3w5.exe

File PE Metadata
Compilation timestamp:
5/25/2016 4:06:20 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:mlEUzz5EVt5ipCpPdz9uQpcd9/B0P/P4PxYNLR2F7tMDK7q5CIu:4Idz9RpcdBgXLR2F7KCq5CI

Entry address:
0x57A9

Entry point:
E8, A3, 35, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 45, 08, 56, 8B, F1, 83, 66, 04, 00, C7, 06, E4, E2, 40, 00, C6, 46, 08, 00, FF, 30, E8, A8, 00, 00, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 8B, 45, 08, C7, 01, E4, E2, 40, 00, 8B, 00, 89, 41, 04, C6, 41, 08, 00, 8B, C1, 5D, C2, 08, 00, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, 83, 66, 04, 00, C7, 06, E4, E2, 40, 00, C6, 46, 08, 00, E8, 12, 00, 00, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, E4, E2, 40, 00, E9, 96, 00, 00, 00, 55, 8B, EC, 56, 57, 8B, 7D, 08...
 
[+]

Entropy:
6.8030

Code size:
46 KB (47,104 bytes)

Scheduled Task
Task name:
{0C11E1B7-B6E1-474D-A148-B4D4E8473EB0}

Path:
C:\WINDOWS\Tasks\{0C11E1B7-B6E1-474D-A148-B4D4E8473EB0}.job

Trigger:
Time


The file gp3w5.exe has been seen being distributed by the following URL.

Remove gp3w5.exe - Powered by Reason Core Security