home

grvstubsetup0910.exe

The application grvstubsetup0910.exe has been detected as a potentially unwanted program by 15 anti-malware scanners. The file has been seen being downloaded from dl1.downserver4.com and multiple other hosts.
MD5:
0c2f646291080aef1a13d277f1b1b08a

SHA-1:
a391bcf4a55f5033098e052548613647c2032846

SHA-256:
31cd06637ac7c341478c0c4cdf4cf53089f3b0e30e31a9bfcf5d29cabe54f842

Scanner detections:
15 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 2:05:16 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.Agent
2014.09.15

Avira AntiVirus
DR/Delphi.Gen
7.11.30.172

avast!
Win32:Dropper-gen [Drp]
2014.9-140914

AVG
Win.Threat.Medium
2015.0.3292

ESET NOD32
Win32/DealPly (variant)
8.10662

G Data
Win32.Trojan.Agent.U72MJV
14.9.24

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.7.8.0

K7 AntiVirus
Riskware
13.183.13358

McAfee
Artemis!0C2F64629108
5600.7007

NANO AntiVirus
Trojan.Win32.Siggen6.dfonyu
0.28.6.62995

Norman
Suspicious_Gen4.GZRJH
11.20140914

Reason Heuristics
Threat.Win.Reputation.IMP
14.12.22.1

Rising Antivirus
PE:Trojan.Win32.Generic.174427CA!390342602
23.00.65.14912

SUPERAntiSpyware
Trojan.Agent/Gen-FlyStudio
10359

Trend Micro House Call
TROJ_GEN.R0C1H09IB14
7.2.257

File size:
416 KB (425,984 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\grvstubsetup0910.exe

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
6144:G6mUC0BpWx8xVqJ9n0ZD9Bn5b+ptPYqdxgL8e67u1OPlyqEyZiM:SUCWQx8xVqv697bmJYqdJeQQOEqEyr

Entry address:
0x5A78C

Entry point:
55, 8B, EC, 83, C4, F0, B8, F4, A5, 45, 00, E8, 24, C6, FA, FF, 68, C8, A7, 45, 00, 6A, 00, 6A, 00, 6A, 00, 33, C9, BA, E4, A7, 45, 00, B8, 0C, A8, 45, 00, E8, 78, B3, FF, FF, E8, 03, A0, FA, FF, 00, 00, 00, FF, FF, FF, FF, 10, 00, 00, 00, 4A, 2D, 34, 2C, 6A, 61, 2D, 30, 2C, 62, 77, 67, 62, 2E, 60, 58, 00, 00, 00, 00, FF, FF, FF, FF, 1C, 00, 00, 00, 2D, 30, 2C, 70, 2C, 2D, 6F, 7A, 6B, 67, 6D, 64, 6D, 75, 6D, 7A, 2D, 32, 2D, 2D, 2C, 6B, 67, 69, 2D, 38, 2C, 48, 00, 00, 00, 00, FF, FF, FF, FF, 09, 00, 00, 00...
 
[+]

Entropy:
6.6070

Developed / compiled with:
Microsoft Visual C++

Code size:
358.5 KB (367,104 bytes)

The file grvstubsetup0910.exe has been seen being distributed by the following 2 URLs.

http://dl1.downserver4.com/Installer/.../grvStubSetup0910.exe

http://dm930xmxv1gqs.cloudfront.net/bundles/.../grvStubSetup_20140910.exe

Remove grvstubsetup0910.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.