gpcheck.exe

TorlingComp

The application gpcheck.exe by TorlingComp has been detected as a potentially unwanted program by 2 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘OurSoftUpdaterChecker’. This file is typically installed with the program gorillaprice by Torling Company which is a potentially unwanted software program. While running, it connects to the Internet address ca3.netalerts.org on port 80 using the HTTP protocol.
Publisher:
TorlingComp  (signed and verified)

MD5:
97e0a4ea3f659ce172398f78d9db8716

SHA-1:
b42d2332db98c7e63efc6bac8b7e77c853805b97

SHA-256:
92fa91e27973fc7317a08a7d9bba1779c6da31195a620b059de3aa5ba13a285f

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 3:29:41 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.TorlingComp (M)
16.2.1.18

Trend Micro House Call
TROJ_GEN.F47V0412
7.2.297

File size:
1.5 MB (1,580,152 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\netnucleous\gorillaprice\gpcheck.exe

Digital Signature
Signed by:

Authority:
TorlingComp

Valid from:
12/31/1999 1:00:00 PM

Valid to:
12/31/2098 1:00:00 PM

Subject:
CN=TorlingComp, E=Supporters@TorlingComp.com

Issuer:
CN=TorlingComp, E=Supporters@TorlingComp.com

Serial number:
CE222C190D5EA394474F95CF81D64E3D

File PE Metadata
Compilation timestamp:
4/7/2013 8:00:15 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:GqxVUJS551RvGtSdVd9SiL3jpQ7N12wiIT6pUKM:GrJS551RetuVd9Si3q7r2wX4U/

Entry address:
0xF560E

Entry point:
E8, F2, 91, 00, 00, E9, 78, FE, FF, FF, 6A, 0C, 68, 30, 73, 55, 00, E8, 6C, 25, 00, 00, 83, 65, E4, 00, 8B, 75, 08, 3B, 35, 88, 62, 56, 00, 77, 22, 6A, 04, E8, DD, 93, 00, 00, 59, 83, 65, FC, 00, 56, E8, E4, 9B, 00, 00, 59, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 09, 00, 00, 00, 8B, 45, E4, E8, 78, 25, 00, 00, C3, 6A, 04, E8, D8, 92, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, FE, E0, 0F, 87, A1, 00, 00, 00, 53, 57, 8B, 3D, 10, C3, 51, 00, 83, 3D, 0C, 5E, 56, 00, 00, 75, 18, E8, 44, 88, 00...
 
[+]

Entropy:
6.4957

Code size:
1.1 MB (1,158,656 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
OurSoftUpdaterChecker

Command:
C:\Program Files\netnucleous\gorillaprice\gpcheck.exe


The file gpcheck.exe has been discovered within the following program.

gorillaprice  by Torling Company
gorillaprice is an adware web browser application that displays banner ads as well as contextual link ads that are injected in the web page.
About 60% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ca3.netalerts.org  (108.163.167.218:80)

Remove gpcheck.exe - Powered by Reason Core Security