gtkfree.exe

Xin Zhou

The application gtkfree.exe by Xin Zhou has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a windows Service named “GtkFree Update”.
Publisher:
Xin Zhou  (signed and verified)

MD5:
be3f03a01249311473b6883b6259058a

SHA-1:
9b83ed1ee90b66d157d2db19cf7f26587b0d9a39

SHA-256:
dc8cf708f5d43baceb182570917eb1eac4c7cb6feb9f75ea8ae3e5c2394f65db

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 1:31:37 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.XinZhou (M)
16.6.30.5

File size:
287.2 KB (294,072 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\gtkfree\gtkfree update\gtkfree.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
10/23/2015 5:30:00 AM

Valid to:
10/23/2016 5:29:59 AM

Subject:
CN=Xin Zhou, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
659A8A3384285135321373ABABE9503D

File PE Metadata
Compilation timestamp:
1/12/2016 3:07:45 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
6144:lh4GAbJJaqXaNMO6bLugEY7WWIYpgEY1kz:l6GAbLaUnu1Y7WUgEY1kz

Entry address:
0x1AB04

Entry point:
E8, B8, 53, 00, 00, E9, 7F, FE, FF, FF, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, 70, 50, 44, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, F8, 32, 44, 00, 01, 0F, 82, D8, 58, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74...
 
[+]

Entropy:
6.4971

Code size:
205 KB (209,920 bytes)

Service
Display name:
GtkFree Update

Service name:
GtkFree

Description:
Enables the detection, download, and installation of updates for GtkFree and other programs. If this service is disabled, users of this computer will not be able to use GtkFree Update or its automatic

Type:
Win32OwnProcess, InteractiveProcess


Remove gtkfree.exe - Powered by Reason Core Security