home

guncamupgrade.exe

Guncam Upgrade

Growler Software, webmaster@growlersoftware.com

The executable guncamupgrade.exe, “Self-Extracting Package for Guncam Upgrade” has been detected as malware by 5 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from growlersoftware.com.
Publisher:
Growler Software, webmaster@growlersoftware.com

Product:
Guncam Upgrade

Description:
Self-Extracting Package for Guncam Upgrade

Version:
3.1.9.0

MD5:
0fda717cff1dbe8bcf5d942a30f9eff5

SHA-1:
fcec03cd361a32f01321290c7a0ec2791f5a7fe2

SHA-256:
719d71e1d90870e0581c403d901904dbab825f995efc192d5e67ae6b99aa711e

Scanner detections:
5 / 68

Status:
Malware

Analysis date:
11/5/2024 10:14:52 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
HW32.Packed
1.3.0.7383

Dr.Web
Trojan.Packed.19697
9.0.1.045

NANO AntiVirus
Trojan.Win32.Dorifel.blhlpu
0.30.26.4751

Vba32 AntiVirus
TrojanDropper.Dorifel
3.12.26.4

ViRobot
Dropper.A.Dorifel.720581[h]
2014.3.20.0

File size:
703.7 KB (720,581 bytes)

Product version:
3.1.9.0

Copyright:
Copyright 2004-2007

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\guncamupgrade.exe

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:/jW0kmAmbnRLs0Iok1WKCFLraT3fw0243kbF8XiBeUxsT5EsCbLf:/jW0kmAmRLLbk1qraTwr2XiBkSTbLf

Entry address:
0x2EF4

Entry point:
55, 8B, EC, 83, C4, F4, B8, CC, 2E, 40, 00, E8, F8, EC, FF, FF, E8, 5B, F6, FF, FF, E8, 36, F5, FF, FF, E8, 11, E8, FF, FF, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.9936

Developed / compiled with:
Microsoft Visual C++

Code size:
8 KB (8,192 bytes)

The file guncamupgrade.exe has been seen being distributed by the following URL.

http://growlersoftware.com/.../GuncamUpgrade.exe

Remove guncamupgrade.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.