gwxcontrolpanelsetup.exe

Josh Mayfield

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from forumscnetfrance.digidip.net and multiple other hosts.
Publisher:
Josh Mayfield  (signed and verified)

MD5:
fea83eac98858081b092b4a32b451357

SHA-1:
bf30804bd847d8d20b18517c9003af235ab9919a

SHA-256:
ca76a55870b514a96a4a5d4bf5d91030628f7451359cd7bbb88d4321786738d6

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/15/2024 9:46:07 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Win32.Virus.Lamer
4.0.3.1642

File size:
2.4 MB (2,507,584 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\gwxcontrolpanelsetup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
1/6/2016 5:00:00 PM

Valid to:
1/6/2017 4:59:59 PM

Subject:
CN=Josh Mayfield, O=Josh Mayfield, STREET=16958 NW Cove Ct, L=Portland, S=OR, PostalCode=97229, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
04F29C8A4DD805F9181F6B3859FCAF83

File PE Metadata
Compilation timestamp:
12/26/2015 10:38:55 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:5JSUuceH+UIP/v9seo+u68oIx44feJxTEiUAbnS6FWnMRe7I/Pf5JSK:zIckFeSGzIm9xgiUIFWnueM/Pbr

Entry address:
0x310D

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 57, 33, DB, 68, 01, 80, 00, 00, 89, 5C, 24, 1C, C7, 44, 24, 14, 88, 91, 40, 00, 33, F6, C6, 44, 24, 18, 20, FF, 15, B4, 70, 40, 00, FF, 15, B0, 70, 40, 00, 66, 3D, 06, 00, 74, 11, 53, E8, E4, 2D, 00, 00, 3B, C3, 74, 07, 68, 00, 0C, 00, 00, FF, D0, 68, 7C, 91, 40, 00, E8, 65, 2D, 00, 00, 68, 74, 91, 40, 00, E8, 5B, 2D, 00, 00, 68, 68, 91, 40, 00, E8, 51, 2D, 00, 00, 6A, 0D, E8, B4, 2D, 00, 00, 6A, 0B, E8, AD, 2D, 00, 00, A3, 44, EC, 42, 00, FF, 15, 34, 70, 40, 00, 53, FF...
 
[+]

Entropy:
7.9950

Packer / compiler:
Nullsoft install system v2.x

Code size:
24 KB (24,576 bytes)

The file gwxcontrolpanelsetup.exe has been discovered within the following program.

GWX Control Panel  by UltimateOutsider
blog.ultimateoutsider.com/2015/08/using-gwx-stopper-to-permanently-remove.html
About 7% of users remove it
 
Powered by Should I Remove It?

The file gwxcontrolpanelsetup.exe has been seen being distributed by the following 11 URLs.

http://forumscnetfrance.digidip.net/visit?url=http://ultimateoutsider.com/downloads/GwxControlPanelSetup.exe&ppref=http://www.cnetfrance.fr/.../windows-10-la-mise-a-jour-automatique-debute-comment-ne-pas-l-installer-39832170.htm

http://soubory.instaluj.cz/dwl/e68894f990b13eb9edf0ee2734ae4cca/utility/systemove-nastroje/ostatni/.../GwxControlPanelSetup.exe

http://dl1.filehippo.com/.../GwxControlPanelSetup.exe

https://doc-0k-8s-docs.googleusercontent.com/docs/securesc/2nggpesd7k0gfkpcjmbrfo5hts20m5ia/nkg8fp5gt14gd06nqgjf75p3n3is3udu/1461772800000/.../00711088014069329047/0B-dfBhKbT6LxOGlocVBBWUVmVmc?e=download

http://dl.cdn.chip.de/downloads/.../GwxControlPanelSetup_1.7.4.1.exe

http://dw.html.it/index.php?softname=gwxcontrolpanel_1.7.4.1.exe&code=1459779284&q=MTAxMjQwfGd3eC1jb250cm9sLXBhbmVsLTg=

https://turbolab.it/.../72

https://www.dropbox.com/pri/.../GwxControlPanelSetup.exe

Scan gwxcontrolpanelsetup.exe - Powered by Reason Core Security