gtk2159-setup.exe

Trojan Killer

Gridinsoft, LLC

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This file is installed with the program Trojan Killer. The file has been seen being downloaded from fec3e8e4094ffa9a45df-2d78e5b36e08cf2756a8ad9f3122a119.r77.cf2.rackcdn.com and multiple other hosts.
Publisher:
GridinSoft LLC  (signed by Gridinsoft, LLC)

Product:
Trojan Killer

Description:
GridinSoft Trojan Killer Setup

Version:
2.1.5.9

MD5:
15d59ef59be1ff5b94f115c110766928

SHA-1:
2ac3fc0ae8e7295d7dd8f73a6639add98ed10d18

SHA-256:
4408ea453268654c039d96d14733af9d4383338f7eb83a1f2cfc54ff96520e4d

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
12/26/2024 6:49:28 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/1AntiVirus (variant)
8.9254

File size:
25.9 MB (27,172,616 bytes)

Copyright:
Copyright ©2003-2013, GridinSoft LLC

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\gtk2159-setup.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
12/12/2011 8:00:00 AM

Valid to:
1/13/2015 7:59:59 AM

Subject:
CN="Gridinsoft, LLC", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Gridinsoft, LLC", L=Kiev, S=Kiev, C=UA

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
065DF919B8A90A37DEB26750CBB3BBD3

File PE Metadata
Compilation timestamp:
12/6/2009 6:50:46 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
786432:IpLKwfPaAKo4Ovmk5VOV1d169d4MBoIRB1g87:IE0P/KdOuOcd16MMBoINr7

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9999

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file gtk2159-setup.exe has been discovered within the following program.

Trojan Killer  by Gridinsoft LLC
Publisher's description - “Developed specifically for automatic removal of viruses, bots, spyware, keyloggers, trojans, scareware and rootkits without the need to manually edit system files or registry, Trojan Killer additionally fixes system modifications that were introduced by malware and which, regretfully, are often ignored by some popular antivirus scanners.”
trojan-killer.com
3% remove it
 
Powered by Should I Remove It?

The file gtk2159-setup.exe has been seen being distributed by the following 2 URLs.

Scan gtk2159-setup.exe - Powered by Reason Core Security