gtkfree.exe

Xin Zhou

The application gtkfree.exe by Xin Zhou has been detected as a potentially unwanted program by 14 anti-malware scanners. It runs as a windows Service named “GtkFree Update”.
Publisher:
Xin Zhou  (signed and verified)

MD5:
bafb2be8ba1353cac42981e2f89212b2

SHA-1:
40d0d1f86d5d82089bdcb52f69116307248ec2f8

SHA-256:
7e557f1609dff99ef5285a66bbe2833fa40ea651e92dd7ebdc8b51b25a37ca8d

Scanner detections:
14 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 1:30:18 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Pioneer-C
160503-1

AVG
Win32/Floxif.A
2015.0.4568

Dr.Web
Adware.Mutabaha.937, Win32.FloodFix.7
9.0.1.05190

Emsisoft Anti-Malware
Win32.Floxif
16.06.17

ESET NOD32
Win32/Floxif.H virus
8.0.319.0

F-Prot
W32/Floxif.B
4.6.5.141

F-Secure
Win32.Floxif.A
5.15.96

Kaspersky
Virus.Win32.Pioneer
15.0.0.562

McAfee
Trojan.Dropper-FIY!BAFB2BE8BA13
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.223.1545.0

Norman
Win32.Floxif.A
28.05.2016 13:03:37

Reason Heuristics
PUP.XinZhou (M)
16.6.17.13

Sophos
Virus 'W32/Floxif-C'
5.23

VIPRE Antivirus
Threat.4760052
49574

File size:
363.6 KB (372,351 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\gtkfree\gtkfree update\gtkfree.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
10/23/2015 12:00:00 AM

Valid to:
10/22/2016 11:59:59 PM

Subject:
CN=Xin Zhou, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
659A8A3384285135321373ABABE9503D

File PE Metadata
Compilation timestamp:
1/12/2016 3:37:45 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
6144:Vh4GAbJJaqXaNMOJ9mugEY7WWIYpgEY1kJBV+UdvrEFp7hKG:V6GAbLaUkmu1Y7WUgEY1kJBjvrEH7B

Entry address:
0x1AB04

Entry point:
E9, C5, 2E, 00, 00, E9, 7F, FE, FF, FF, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, 70, 50, 44, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, F8, 32, 44, 00, 01, 0F, 82, D8, 58, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74...
 
[+]

Entropy:
6.9491

Packer / compiler:
Xtreme-Protector v1.05

Code size:
205 KB (209,920 bytes)

Service
Display name:
GtkFree Update

Service name:
GtkFree

Description:
Enables the detection, download, and installation of updates for GtkFree and other programs. If this service is disabled, users of this computer will not be able to use GtkFree Update or its automatic

Type:
Win32OwnProcess, InteractiveProcess


Remove gtkfree.exe - Powered by Reason Core Security