gtkfree.exe

Xin Zhou

The application gtkfree.exe by Xin Zhou has been detected as a potentially unwanted program by 13 anti-malware scanners. It runs as a windows Service named “GtkFree Update”.
Publisher:
Xin Zhou  (signed and verified)

MD5:
cca69e69828edf62aa9e4f801ace133f

SHA-1:
b7e5d96bbca5579b32424e064a45a1557ae73bac

SHA-256:
ee8e8bdb9c65492866314c35304a833d741925461c046bc32e961d42a3b3e7ae

Scanner detections:
13 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 1:49:50 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Floxif.A
5813571

avast!
Win32:Pioneer-C
160118-1

AVG
Win32/Floxif.A
2015.0.4489

Dr.Web
Adware.Mutabaha.937, Win32.FloodFix.7
9.0.1.05190

Emsisoft Anti-Malware
Win32.Floxif
10.0.0.5366

ESET NOD32
Win32/Floxif.H virus
7.0.302.0

F-Prot
W32/Floxif.B
4.6.5.141

F-Secure
Win32.Floxif.A
5.15.21

Kaspersky
Virus.Win32.Pioneer
15.0.0.562

McAfee
Trojan.Dropper-FIY!CCA69E69828E
18.0.204.0

Norman
Win32.Floxif.A
11.01.2016 17:30:26

Sophos
Virus 'W32/Floxif-C'
5.23

VIPRE Antivirus
Threat.4760052
46738

File size:
367.6 KB (376,453 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\gtkfree\gtkfree update\gtkfree.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
10/23/2015 7:00:00 AM

Valid to:
10/23/2016 6:59:59 AM

Subject:
CN=Xin Zhou, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
659A8A3384285135321373ABABE9503D

File PE Metadata
Compilation timestamp:
1/12/2016 4:37:45 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
6144:Vh4GAbJJaqXaNMOnbLP3ZgEY7WWIYpgEY1k/nU3JAEwVwUrTDbCk:V6GAbLaUAPp1Y7WUgEY1ksZAE2rek

Entry address:
0x1AB04

Entry point:
E9, 3F, 66, 00, 00, E9, 7F, FE, FF, FF, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, 70, 50, 44, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, F8, 32, 44, 00, 01, 0F, 82, D8, 58, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74...
 
[+]

Entropy:
6.9634

Packer / compiler:
Xtreme-Protector v1.05

Code size:
205 KB (209,920 bytes)

Service
Display name:
GtkFree Update

Service name:
GtkFree

Description:
Enables the detection, download, and installation of updates for GtkFree and other programs. If this service is disabled, users of this computer will not be able to use GtkFree Update or its automatic

Type:
Win32OwnProcess, InteractiveProcess


Remove gtkfree.exe - Powered by Reason Core Security