grlaunchertempsetup.exe

GOM Player

GRETECH

The application grlaunchertempsetup.exe, “GOM Player Setup File” by GRETECH has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from www.sendbulkfactory.com and multiple other hosts.
Publisher:
Gretech Corporation  (signed by GRETECH)

Product:
GOM Player

Description:
GOM Player Setup File

Version:
2.2

MD5:
641d9168700e25dcd0a3f08da898043e

SHA-1:
c04cd81e9d9ef6dda59f59e89614c41b7cb5d17c

SHA-256:
1c43e3cad3187deef39ef2539a3e8374eb4aeb73aa0fc0b58d3235bb0b91c2d7

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 3:00:01 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.GRETECH.GretechC.Installer.Meta (L)
16.6.10.10

File size:
21.1 MB (22,120,456 bytes)

Product version:
2.2.76.5239

Copyright:
Copyright(C) Since 2003 Gretech Corporation.

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\grlaunchertempsetup.exe

Digital Signature
Signed by:

Authority:
Symantec Corporation

Valid from:
12/21/2015 7:00:00 AM

Valid to:
6/17/2017 6:59:59 AM

Subject:
CN=GRETECH, O=GRETECH, L=Gangnam-gu, S=Seoul, C=KR

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
59B4F88AACBE29B5C1AE3340C2C0F244

File PE Metadata
Compilation timestamp:
12/6/2009 5:50:46 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
393216:O5sVJIivcwqu+U5Ur+FrQUqkqnjkcJnEchp2y+kJa9m:dTIikjuv5NRqngkWy+1

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file grlaunchertempsetup.exe has been seen being distributed by the following 50 URLs.

http://www.sendbulkfactory.com/c?x=8EZBLC5LoheiF310HppTcaiHN6mBtrSvs6ejl1vWEDk=&c=2JNnRzw1KMl8nXyqyVh7kVexh3/Zr6JtEYSj0QB020pjYMoKHSDXgEix5ig7cokZ4LDnpLUgK1ZaTXmxQdKI1e3MfFtZ SF2CBIrRZCWdJw=&downloadAs=GOM Player Downloader - JalanTikus.exe&fallback_url=http://files.jalantikus.com/dde/315/.../GOMPLAYERENSETUP.2.2.76.5239.JalanTikus.EXE

http://www.grabupdateshare.com/c?x=3wjdsu/cS0fTgt6Va2jKjCxXYAKVBTacdwL5HdQaxT4=&c= haSP /423uRf4NNqrj8x2gUqY6dZCbXEaMKoP1plHOlhoYbhWE7Kz7LVayfQzP6wzakoWRy/4LWG/c8WMS 9dHL/Mb2sCb/He8FTZspLRy3eOymMMZLCmYU K5WTEE1FmcmkhuXcWSFVU8ytKivpQ==&e=0&downloadAs=GOM Player Downloader - JalanTikus.exe&fallback_url=http://files.jalantikus.com/dde/4272/.../GOMPLAYERENSETUP.2.2.76.5239.JalanTikus.EXE

http://www.grabupdateshare.com/c?x=TwR18TZBbUQMPCQx10Ei2PCqdCRC1 Gj5KYsDppb79o=&c=8LLXYE2C frDol5qJxa8sia9ksaEhtCfb5IytG7ofBq3lnNRrUXNUGcfdajEj5iOvV2y169pE8hRk70MeDh8cXeacVhyOfT7qW6CCv1Ly08v3D4PeEnu47gXnW1JqDCn&downloadAs=GOM Player Downloader - JalanTikus.exe&fallback_url=http://files.jalantikus.com/dde/4272/.../GOMPLAYERENSETUP.2.2.76.5239.JalanTikus.EXE

http://www.grabupdateshare.com/c?x=98/U92u1tNWeFAgJLX2IlJKQk0PGfyVOigln4nRvVmc=&c=Ni4ye8mA NtKkBeZco8lyno3 OsvX9I6qDionKW5CHbnGewNQdJrKpNjqwAcAz3mG9cZvBXJddC2rhL6fjzVSqI9FOyBoXtk7cfge4Fkm0/p8WgV4wh/TyvQKRlfnrXL&downloadAs=GOM Player Downloader - JalanTikus.exe&fallback_url=http://files.jalantikus.com/dde/4272/.../GOMPLAYERENSETUP.2.2.76.5239.JalanTikus.EXE

http://www.grabupdateshare.com/c?x=wG4KfStLLMNW8QOBFgG9M/doQa3dLrCJr8bRhoKkhFY=&c=icLO2F/HW6HbGJRksboTarWZm2VINjnUe8ndFZuzF/p4MsEgPGttCS6N3pOsQ6EP0bWv0vKCZ R/s6Ah6jFWcg ZlOd K8LrmsCB/X9YYTtkVC3z3VMSuZMERKGnOVMF&downloadAs=GOM Player Downloader - JalanTikus.exe&fallback_url=http://files.jalantikus.com/dde/4272/.../GOMPLAYERENSETUP.2.2.76.5239.JalanTikus.EXE

http://www.chucklebestvault.com/c?x=9WKICFsUSZOxamPbxHr3lXgUrhaTZdjE8FG2WhT/wS4=&c=u6YlGTJlPzTyDiA4Pz3afTL2TjhKxSv7LOI2/B7AKqce189rHUb9E/4rH3PjVbjnHpCG0Suq7l3lrN5rrXxE4Mf0CNh4TCedLWxATvyudA309EV9 95kRxaUXDa8xFPrkclft0sxOquWpexgVuah8ZEFfSFAklJ8hl9x/gDAhHI=&downloadAs=GOM Player Downloader - JalanTikus.exe&fallback_url=http://files.jalantikus.com/dde/4272/.../GOMPLAYERENSETUP.2.2.76.5239.JalanTikus.EXE

http://www.grabupdateshare.com/c?x=b/DNnxjL qQEx6/Iwt2ZCtEHbp/aVbRPip7zpJpA5VI=&c=0QRdACiWpg8aZBS1adMv6346x Pnf5diT0jo2tjR8YNrNRMHOIWUxjJcD6pxWSCuZeydq4DHldwt8IgXXuFz91knhCgG3laRz7g5sSnx0O4ooo0hkHMoLBaUn7O0yOIi&downloadAs=GOM Player Downloader - JalanTikus.exe&fallback_url=http://files.jalantikus.com/dde/4272/.../GOMPLAYERENSETUP.2.2.76.5239.JalanTikus.EXE

http://www.grabupdateshare.com/c?x=Eq5mv1TigdyWt1L6szSA mwRka0SITL QJI7Z96JhEA=&c=EiTo/DzA12o z90U OeBe0Y41c7peZ1I5jxBvWhkM5duysdc19oH7Gve7Yf7IfheWrJMweWryBZwUcKAPiNEFZ3xXPFo6iUlJzSQovqA1YHo7w2lgolGZ46yELT83PF5OF3VvU6Toj2iIi9YvXg/LA==&e=0&downloadAs=GOM Player Downloader - JalanTikus.exe&fallback_url=http://files.jalantikus.com/dde/4272/.../GOMPLAYERENSETUP.2.2.76.5239.JalanTikus.EXE

http://filehippo.com/download/file/.../

temp:GOMPLAYERENSETUP.2.2.76.5239.JalanTikus.EXE

Latest 30 of 55 download URLs

Remove grlaunchertempsetup.exe - Powered by Reason Core Security