setup_gmsd.exe

L Agence Exclusive

This is the Eorezo installer which may include software offers for unwanted programs including toolbars. The application setup_gmsd.exe by L Agence Exclusive has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from dl.physetermacrocephalus.com.
Publisher:
L Agence Exclusive  (signed and verified)

MD5:
d7c2222d72486880700079aa89296535

SHA-1:
57acb4686c3a603756eb5d7d6d84fedbcd4ac52a

SHA-256:
0255c807d96c912ce3bd4f8e89f2fdd6d2cacac1b86b786e7829a15d7ed56e39

Scanner detections:
13 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/15/2024 3:44:44 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Eorezo.Gen.YM
7.1.1

Avira AntiVirus
PUA/InstallCore.Gen7
8.3.2.2

Arcabit
PUP.Adware.Eorezo.ecd
1.0.0.581

avast!
Win32:Eorezo-DK [PUP]
2014.9-151010

AVG
Generic
2016.0.2960

Bkav FE
W32.HfsAdware
1.3.0.7237

Dr.Web
Adware.Downware.11254
9.0.1.0283

IKARUS anti.virus
not-a-virus:AdWare.Eorezo
t3scan.1.9.5.0

K7 AntiVirus
Adware
13.210.17476

Malwarebytes
PUP.Optional.EoRezo
v2015.10.10.06

NANO AntiVirus
Riskware.Win32.Eorezo.dvtosz
0.30.26.3947

Reason Heuristics
PUP.Eorezo.LAgenceExclusive.Installer (M)
15.10.10.18

Sophos
EoRezo Adware (PUA)
4.98

File size:
5.5 MB (5,808,720 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\setup_gmsd.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
10/31/2014 11:00:28 AM

Valid to:
11/1/2015 10:00:28 AM

Subject:
CN=L Agence Exclusive, O=L Agence Exclusive, L=Paris, S=Ile-De-France, C=FR

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121EC7FDD0BA7F42544161419B65E557A40

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:d6SYhciS2SdlfV7qBsTpC4eXz9viBrCOdM2CMEDPZ6aXf60KZzIhSz:kPWfVNNeXZSM2ZUbXf6rZzk2

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9993

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file setup_gmsd.exe has been seen being distributed by the following URL.

Remove setup_gmsd.exe - Powered by Reason Core Security