» grvstubsetup.exe
Overview
Analysis
File Details
Downloads (1)

grvstubsetup.exe

The executable grvstubsetup.exe has been detected as malware by 7 anti-virus scanners. The file has been seen being downloaded from grv.downserver2.com.

File name:

grvstubsetup.exe

MD5:

5231f270bfc17cbd9a8357d1bb2dd052

SHA-1:

4461ae4129afeb0e2c12652b31320c01be7ad9c4

SHA-256:

2121632c139e10dcaefe52e8da0f728cdf279f0c2ef6ddac2bc8c628ec82fe4e

Scanner detections:

7 / 68

Status:

Malware

Analysis date:

11/27/2024 2:05:01 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1982317

5805142

Bitdefender

Trojan.GenericKD.1982317

1.0.20.1615

Emsisoft Anti-Malware

Trojan.GenericKD.1982317

8.14.11.19.08

F-Secure

Trojan.GenericKD.1982317

11.2014-19-11_4

G Data

Trojan.GenericKD.1982317

14.11.24

Kaspersky

UDS:DangerousObject.Multi.Generic

14.0.0.2921

MicroWorld eScan

Trojan.GenericKD.1982317

15.0.0.969

File size:

393 KB (402,432 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\content.ie5\7x2v222x\grvstubsetup.exe

File PE Metadata

Compilation timestamp:

6/19/1992 6:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:y2II0nAq+KST0aKDJS71EtBENiCk5X2Znqh0:BjLq+3As78Ai1N2Znqy

Entry address:

0x55884

Entry point:

55, 8B, EC, 83, C4, F0, B8, EC, 56, 45, 00, E8, C4, 14, FB, FF, B8, 01, 00, 00, 00, E8, 8A, D7, FA, FF, 83, F8, 64, 0F, 85, DC, 00, 00, 00, A1, 38, 71, 45, 00, 8B, 00, E8, AD, 63, FF, FF, B9, E8, 91, 45, 00, A1, 38, 71, 45, 00, 8B, 00, 8B, 15, B8, 1B, 44, 00, E8, AE, 63, FF, FF, A1, 38, 71, 45, 00, 8B, 00, E8, 22, 64, FF, FF, E9, A8, 00, 00, 00, 20, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 03, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 57, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.5992

Developed / compiled with:

Microsoft Visual C++

Code size:

338.5 KB (346,624 bytes)

The file grvstubsetup.exe has been seen being distributed by the following URL.

http://grv.downserver2.com/grvStubSetup.exe

Remove grvstubsetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.