grvstubsetup_20141107.exe

The application grvstubsetup_20141107.exe has been detected as a potentially unwanted program by 26 anti-malware scanners. The file has been seen being downloaded from dm930xmxv1gqs.cloudfront.net.
MD5:
86a169643a5d6da57645085308c47b01

SHA-1:
395c375de37acb12053660cbf41845c92949119a

SHA-256:
b681cd2c92d33611de5493cf9c45dee9d4a1c40ffa2a928f694d1f382650de4d

Scanner detections:
26 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 12:31:55 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Symmi.48317
728

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
TR/Graftor.400896.18
7.11.206.130

avast!
Win32:Malware-gen
2014.9-150206

Baidu Antivirus
Adware.Win32.DealPly
4.0.3.1526

Bitdefender
Gen:Variant.Adware.Symmi.48317
1.0.20.185

Comodo Security
UnclassifiedMalware
20939

Emsisoft Anti-Malware
Gen:Variant.Adware.Symmi.48317
8.15.02.06.10

ESET NOD32
Win32/DealPly.V potentially unwanted (variant)
9.11112

Fortinet FortiGate
Riskware/DealPly
2/6/2015

F-Prot
W32/A-98703131
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Symmi.48317
11.2015-06-02_6

G Data
Gen:Variant.Adware.Symmi.48317
15.2.25

K7 AntiVirus
Trojan
13.193.14838

Kaspersky
not-a-virus:AdWare.Win32.DealPly
14.0.0.2525

McAfee
Artemis!86A169643A5D
5600.6862

MicroWorld eScan
Gen:Variant.Adware.Symmi.48317
16.0.0.111

NANO AntiVirus
Riskware.Win32.DealPly.diqeer
0.30.0.65070

Panda Antivirus
Trj/Chgt.L
15.02.06.10

Qihoo 360 Security
HEUR/QVM05.1.Malware.Gen
1.0.0.1015

Quick Heal
Adware.DealPly.r8 (Not a Virus)
2.15.14.00

Sophos
Generic PUA DJ
4.98

Trend Micro House Call
TROJ_SPNR.0BLD14
7.2.37

Trend Micro
TROJ_SPNR.0BLD14
10.465.06

Vba32 AntiVirus
AdWare.DealPly
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
37198

File size:
391.5 KB (400,896 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\content.ie5\wyim5ymp\grvstubsetup_20141107.exe

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:v2JeZJ8fUJGbMQ/ZDglLweHhQgV3FT1xoEv:O0Zk8GbjZiL5HhN1xoEv

Entry address:
0x55020

Entry point:
55, 8B, EC, 83, C4, F0, B8, 88, 4E, 45, 00, E8, 28, 1D, FB, FF, EB, 38, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 03, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 07, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 09, 00, 00, 00, 00, 00, 00, 00, 68, 90, 50, 45, 00, 6A, 00, 6A, 00, 6A, 00, 33, C9, BA, A8, 50, 45, 00, 33, C0, E8, 8D, B4, FF, FF, E8, CC, F6, FA, FF, FF, FF, FF, FF, 0D, 00, 00, 00, 41, 75, 6C, 6E, 70, 68, 71, 68, 69, 2B, 43, 2C, 76, 00, 00, 00...
 
[+]

Entropy:
6.5867

Developed / compiled with:
Microsoft Visual C++

Code size:
336.5 KB (344,576 bytes)

The file grvstubsetup_20141107.exe has been seen being distributed by the following URL.

Remove grvstubsetup_20141107.exe - Powered by Reason Core Security