gtkfree.exe

Xin Zhou

The application gtkfree.exe by Xin Zhou has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a windows Service named “GtkFree Update”.
Publisher:
Xin Zhou  (signed and verified)

MD5:
e8dc66e63d7f2e7322e9f1e629540fe8

SHA-1:
5664a74eca4c4a7f8b75027a6901a52d184263a4

SHA-256:
c6046367e5a5da8e30bccb9bdd567e9c769d3d099e906643614b72d95f98dd85

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 1:27:12 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.XinZhou (M)
16.2.15.4

File size:
363.6 KB (372,351 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\gtkfree\gtkfree update\gtkfree.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
10/23/2015 8:00:00 AM

Valid to:
10/23/2016 7:59:59 AM

Subject:
CN=Xin Zhou, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
659A8A3384285135321373ABABE9503D

File PE Metadata
Compilation timestamp:
1/12/2016 5:37:45 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
6144:Vh4GAbJJaqXsFOEbLugEY7WWIYpgEY1kJBV+UdvrEFp7hKju:V6GAbLaUsPu1Y7WUgEY1kJBjvrEH7au

Entry address:
0x1AB04

Entry point:
E9, 71, DD, FF, FF, E9, 7F, FE, FF, FF, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, 70, 50, 44, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, F8, 32, 44, 00, 01, 0F, 82, D8, 58, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74...
 
[+]

Entropy:
6.9539

Packer / compiler:
tElock 0.99 - 1.0 private

Code size:
205 KB (209,920 bytes)

Service
Display name:
GtkFree Update

Service name:
GtkFree

Description:
Enables the detection, download, and installation of updates for GtkFree and other programs. If this service is disabled, users of this computer will not be able to use GtkFree Update or its automatic

Type:
Win32OwnProcess, InteractiveProcess


Remove gtkfree.exe - Powered by Reason Core Security