grvstubsetup_8.exe

The application grvstubsetup_8.exe has been detected as a potentially unwanted program by 10 anti-malware scanners. The file has been seen being downloaded from www.apptilio.com.
MD5:
efddd153683c2aef2e4846e4d68daa40

SHA-1:
970684c897f571b6e22e319db522d66133acd876

SHA-256:
55a2cad0be8ce39333a21dc9ed4af7e65e8238138b335fb0218d283d63506072

Scanner detections:
10 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 12:42:09 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1833759
884

AhnLab V3 Security
PUP/Win32.Agent
2014.09.04

Bitdefender
Trojan.GenericKD.1833759
1.0.20.1235

Emsisoft Anti-Malware
Trojan.GenericKD.1833759
8.14.09.04.07

F-Secure
Trojan.GenericKD.1833759
11.2014-04-09_5

G Data
Trojan.GenericKD.1833759
14.9.24

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.7.5.0

McAfee
Artemis!EFDDD153683C
5600.7018

MicroWorld eScan
Trojan.GenericKD.1833759
15.0.0.741

nProtect
Trojan.GenericKD.1833759
14.09.03.01

File size:
416 KB (425,984 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\grvstubsetup_8.exe

File PE Metadata
Compilation timestamp:
6/19/1992 4:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
6144:c68/IwBpWxSxVFQmccZQ9BqhDHBmPYMdlzqg+OnmyaY6LGqQEPgC3:u/I6QxSxVF2J96DhsYMdd+IfaxGqQYR

Entry address:
0x5A6BC

Entry point:
55, 8B, EC, 83, C4, F0, B8, 24, A5, 45, 00, E8, F4, C6, FA, FF, 68, F8, A6, 45, 00, 6A, 00, 6A, 00, 6A, 00, 33, C9, BA, 14, A7, 45, 00, B8, 3C, A7, 45, 00, E8, B0, B4, FF, FF, E8, D3, A0, FA, FF, 00, 00, 00, FF, FF, FF, FF, 10, 00, 00, 00, 4A, 2D, 34, 2C, 6A, 61, 2D, 30, 2C, 62, 77, 67, 62, 2E, 60, 58, 00, 00, 00, 00, FF, FF, FF, FF, 1C, 00, 00, 00, 2D, 30, 2C, 70, 2C, 2D, 6F, 7A, 6B, 67, 6D, 64, 6D, 75, 6D, 7A, 2D, 32, 2D, 2D, 2C, 6B, 67, 69, 2D, 38, 2C, 48, 00, 00, 00, 00, FF, FF, FF, FF, 09, 00, 00, 00...
 
[+]

Entropy:
6.6054

Developed / compiled with:
Microsoft Visual C++

Code size:
358 KB (366,592 bytes)

The file grvstubsetup_8.exe has been seen being distributed by the following URL.

Remove grvstubsetup_8.exe - Powered by Reason Core Security