grvstubsetup_20140930.exe

The executable grvstubsetup_20140930.exe has been detected as malware by 7 anti-virus scanners. The file has been seen being downloaded from dm930xmxv1gqs.cloudfront.net.
MD5:
47d49a7e09857659173f0e464abd9f2c

SHA-1:
d1017ec2b83a3c2c7b93dd9d9a73a29dd8bd1d78

SHA-256:
ef70e446c7fb94835ba333af5515f373e0f5b77e54ae7f0624100f0e33aa396d

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
12/24/2024 11:50:17 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1891780
857

Bitdefender
Trojan.GenericKD.1891780
1.0.20.1370

Emsisoft Anti-Malware
Trojan.GenericKD.1891780
8.14.10.01.09

F-Secure
Trojan.GenericKD.1891780
11.2014-01-10_4

G Data
Trojan.GenericKD.1891780
14.10.24

MicroWorld eScan
Trojan.GenericKD.1891780
15.0.0.822

nProtect
Trojan.GenericKD.1891780
14.10.01.01

File size:
390.5 KB (399,872 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\grvstubsetup_20140930.exe

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:M2LD8b8tNWGMMO7v/gEJTv7ogaDL32AUe:b38MYGM9vDJL7oN32/e

Entry address:
0x55170

Entry point:
55, 8B, EC, 83, C4, F0, B8, D8, 4F, 45, 00, E8, D8, 1B, FB, FF, 68, AC, 51, 45, 00, 6A, 00, 6A, 00, 6A, 00, 33, C9, BA, C8, 51, 45, 00, B8, F0, 51, 45, 00, E8, C4, B3, FF, FF, E8, B3, F5, FA, FF, 00, 00, 00, FF, FF, FF, FF, 10, 00, 00, 00, 4A, 2D, 34, 2C, 6A, 61, 2D, 30, 2C, 62, 77, 67, 62, 2E, 60, 58, 00, 00, 00, 00, FF, FF, FF, FF, 1C, 00, 00, 00, 2D, 30, 2C, 70, 2C, 2D, 6F, 7A, 6B, 67, 6D, 64, 6D, 75, 6D, 7A, 2D, 32, 2D, 2D, 2C, 6B, 67, 69, 2D, 38, 2C, 48, 00, 00, 00, 00, FF, FF, FF, FF, 0A, 00, 00, 00...
 
[+]

Entropy:
6.6043

Developed / compiled with:
Microsoft Visual C++

Code size:
336.5 KB (344,576 bytes)

The file grvstubsetup_20140930.exe has been seen being distributed by the following URL.

Remove grvstubsetup_20140930.exe - Powered by Reason Core Security