gtkfree.exe

Xin Zhou

The application gtkfree.exe by Xin Zhou has been detected as a potentially unwanted program by 4 anti-malware scanners. It runs as a windows Service named “GtkFree Update”.
Publisher:
Xin Zhou  (signed and verified)

MD5:
72eb69a95fefc56462c8f4dd3095999c

SHA-1:
7ebc932817e190f26719a4c6e05967688752927e

SHA-256:
fa33fba77fb58f997a6f8461644e6dabb5d4e60d51c61504cb8c7c57e2f67014

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 1:19:42 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Evo-gen [Susp]
160118-1

Dr.Web
Adware.Mutabaha.937
9.0.1.05190

ESET NOD32
Win32/ELEX.HC potentially unwanted application
7.0.302.0

Kaspersky
not-a-virus:AdWare.Win32.ELEX
15.0.0.562

File size:
287.2 KB (294,072 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\gtkfree\gtkfree update\gtkfree.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
10/23/2015 7:00:00 AM

Valid to:
10/23/2016 6:59:59 AM

Subject:
CN=Xin Zhou, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
659A8A3384285135321373ABABE9503D

File PE Metadata
Compilation timestamp:
1/12/2016 4:37:45 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
6144:jh4GAbJJaqXaNMO6bLugEY7WWIYpgEY1kz:j6GAbLaUnu1Y7WUgEY1kz

Entry address:
0x1AB04

Entry point:
E8, B8, 53, 00, 00, E9, 7F, FE, FF, FF, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, 70, 50, 44, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, F8, 32, 44, 00, 01, 0F, 82, D8, 58, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74...
 
[+]

Code size:
205 KB (209,920 bytes)

Service
Display name:
GtkFree Update

Service name:
GtkFree

Description:
Enables the detection, download, and installation of updates for GtkFree and other programs. If this service is disabled, users of this computer will not be able to use GtkFree Update or its automatic

Type:
Win32OwnProcess, InteractiveProcess


Remove gtkfree.exe - Powered by Reason Core Security