» 5fdc632154724d771fce7a03d2372ed6952f0712
Overview
Analysis
File Details

5fdc632154724d771fce7a03d2372ed6952f0712

Instalação do Módulo Adicional de Segurança CAIXA

Caixa Economica Federal

The file 5fdc632154724d771fce7a03d2372ed6952f0712 by Caixa Economica Federal has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the Mozilla Firefox web browser as part of an addin/plugin. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.

File name:

Publisher:

CAIXA (signed by Caixa Economica Federal)

Product:

Instalação do Módulo Adicional de Segurança CAIXA

Version:

1,5,1,1

MD5:

a2f1cad7b47d794b413c59bc93f4fc9f

SHA-1:

971ce6aa04807757803effd59c3b9be7aada8af3

SHA-256:

33edc9daca4284decc1ce254d458aaaca132ca3d90652885b37fa921e1c83f49

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

5/1/2024 2:31:52 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore (L)

17.3.11.4

File size:

2.5 MB (2,667,788 bytes)

Product version:

1,5,1,1

Original file name:

GBPCEF

Language:

Português

Common path:

C:\users\{user}\appdata\local\mozilla\firefox\profiles\{user}.default\cache2\entries\5fdc632154724d771fce7a03d2372ed6952f0712

Digital Signature

Signed by:

Caixa Economica Federal

Authority:

GlobalSign nv-sa

Valid from:

7/9/2015 4:53:53 PM

Valid to:

7/9/2018 4:53:53 PM

Subject:

E=grist@caixa.gov.br, CN=Caixa Economica Federal, O=Caixa Economica Federal, L=Brasilia, S=Distrito Federal, C=BR

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121D0E6A0DE2EA4B9AF64B9F1517CB0695C

File PE Metadata

Compilation timestamp:

8/7/2015 6:58:49 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

Entry address:

0x12D102

Entry point:

E8, 86, EB, 00, 00, E9, 78, FE, FF, FF, CC, CC, CC, CC, 83, 3D, B4, 9F, 5C, 00, 00, 0F, 84, B6, EE, 00, 00, 83, EC, 08, 0F, AE, 5C, 24, 04, 8B, 44, 24, 04, 25, 80, 1F, 00, 00, 3D, 80, 1F, 00, 00, 75, 0F, D9, 3C, 24, 66, 8B, 04, 24, 66, 83, E0, 7F, 66, 83, F8, 7F, 8D, 64, 24, 08, 0F, 85, 85, EE, 00, 00, EB, 00, F3, 0F, 7E, 44, 24, 04, 66, 0F, 28, 15, 90, 6D, 58, 00, 66, 0F, 28, C8, 66, 0F, 28, F8, 66, 0F, 73, D0, 34, 66, 0F, 7E, C0, 66, 0F, 54, 05, C0, 6D, 58, 00, 66, 0F, FA, D0, 66, 0F, D3, CA, A9, 00, 08... 
[+]

Code size:

1.4 MB (1,491,968 bytes)

Remove 5fdc632154724d771fce7a03d2372ed6952f0712 - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.