home

gub2dem.exe

This is a setup program which is used to install the application.
MD5:
93afceb907b62c0e2c03891bf8820b05

SHA-1:
929641d8722d8f51d08f2b843c295eca238f0047

SHA-256:
0992751835dd98bd4934bdf3fa088bd121da7e20435d178299ec620bdf37152e

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/15/2024 3:54:10 PM UTC  (today)

File size:
8.1 MB (8,479,435 bytes)

File type:
Executable application (Win16 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\gub2dem.exe

File PE Metadata
OS version:
270.17968

OS bitness:
Win16

Subsystem:
Native (none required)

Linker version:
3.0

CTPH (ssdeep):
196608:foh+g2Fuwg8qntcPLDWe5sEMvYPt+Ghlnc2QkJvx1KdSd3ebTBkt4:for5wLitcDDP5sEBt+G5xvubTBS4

Entry address:
0xA4009C

Entry point:
4D, 5A, 01, 01, 01, 00, 01, 00, 05, 00, 00, 00, FF, FF, 00, 00, 14, 00, 00, 00, 00, 00, 0A, 00, 40, 00, 00, 00, 01, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 10, 01, 00, 00, 04, 00, 0A, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 54, 68, 69, 73, 20, 69, 73, 20, 61, 20, 57, 69, 6E, 64, 6F, 77...
 
[+]

Entropy:
7.9986  (probably packed)

Code size:
256 KB (262,147 bytes)

The file gub2dem.exe has been seen being distributed by the following 2 URLs.

ftp://ftp.furry.de/pub/computer/win95/games/.../gub2dem.exe

http://dnplus2.simfile.uplusbox.co.kr/.../httpdown.cgi?orgfname=gub2dem.exe&filename=SS9WRVJDUnFULVdDSHVhdEt1TDBKVTRzSlQ1b0xQTjBKZWl4S09qc0pAOTg=

Scan gub2dem.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.