home

gubobylopv.exe

MaliQ Incorporated

This is a setup program which is used to install the application. The file has been seen being downloaded from demiva.com.
Publisher:
MaliQ Incorporated  (signed and verified)

MD5:
03b5ea146924c3ba48ccc177640842e3

SHA-1:
9548ed32953f7340163e7846db26cae17646e767

SHA-256:
08668dfa60871be12c46a8bd4902ca5eab354df7ba97e2d369dbb463a6580111

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 10:15:18 PM UTC  (today)

File size:
215.5 KB (220,648 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\gubobylopv.exe

Digital Signature
Signed by:
MaliQ Incorporated

Authority:
MaliQ Incorporated

Valid from:
6/24/2016 4:37:54 PM

Valid to:
6/25/2026 4:37:54 PM

Subject:
E=support@maliq.com, CN=*.maliq.com, OU=Support Dept., O=MaliQ Incorporated, L=Laval, S=Quebec, C=CA

Issuer:
E=support@maliq.com, CN=*.maliq.com, OU=Support Dept., O=MaliQ Incorporated, L=Laval, S=Quebec, C=CA

Serial number:
00ED8DD9775BFACA07

File PE Metadata
Compilation timestamp:
6/24/2016 4:53:54 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:zwa5vPHtvIV4Bka5OwT876zifXDrDPtzA:8SAV4BZOwT876zifXPbtzA

Entry address:
0x2E34E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
177 KB (181,248 bytes)

The file gubobylopv.exe has been seen being distributed by the following URL.

http://demiva.com/.../s.exe

Scan gubobylopv.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.