home

b012856547edef20f5d883930ad5731f

GetGo Software Ltd.

The file b012856547edef20f5d883930ad5731f has been detected as malware by 19 anti-virus scanners.
Publisher:
GetGo Software Ltd.  (signed and verified)

Version:
0.0.0.0

MD5:
b012856547edef20f5d883930ad5731f

SHA-1:
448a044ee9ef0f0ffab5bf39646064a8b1e4e5d3

SHA-256:
5d5e702a0f9e4f87e78ab4568182502c56fc8208c9e1c65e66c301f146b12392

Scanner detections:
19 / 68

Status:
Malware

Analysis date:
4/24/2024 2:57:05 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Infostealer.AK
834

AhnLab V3 Security
Worm/Win32.VBNA
2014.10.24

Avira AntiVirus
TR/Beebone.opanjfq
7.11.180.214

avast!
Win32:BadRes [Trj]
2014.9-141023

AVG
Inject2
2015.0.3312

Baidu Antivirus
Trojan.Win32.InfoStealer
4.0.3.141023

Bitdefender
Trojan.Infostealer.AK
1.0.20.1480

Bkav FE
HW32.Packed
1.3.0.4959

Emsisoft Anti-Malware
Trojan.Infostealer.AK
8.14.10.23.05

ESET NOD32
Win32/Injector.BNVP (variant)
8.10610

F-Secure
Trojan.Infostealer.AK
11.2014-23-10_5

G Data
Trojan.Infostealer.AK
14.10.24

Kaspersky
Trojan-PSW.Win32.Fareit
14.0.0.3056

Malwarebytes
Trojan.MSIL.RN
v2014.10.23.05

MicroWorld eScan
Trojan.Infostealer.AK
15.0.0.888

nProtect
Trojan.Infostealer.AK
14.10.23.01

Qihoo 360 Security
Win32/Trojan.799
1.0.0.1015

Rising Antivirus
PE:Trojan.VBInject!1.6541
23.00.65.141021

Sophos
Mal/Generic-S
4.98

File size:
226.1 KB (231,540 bytes)

Product version:
0.0.0.0

Original file name:
dlond.exe

Language:
English (United States)

Common path:
C:\users\{user}\downloads\2014-10-23_132\b012856547edef20f5d883930ad5731f

Digital Signature
Signed by:
GetGo Software Ltd.

Authority:
COMODO CA Limited

Valid from:
12/20/2012 1:00:00 AM

Valid to:
12/21/2014 12:59:59 AM

Subject:
CN=GetGo Software Ltd., O=GetGo Software Ltd., STREET=1840 Knutsford Place, L=Victoria, S=BC, PostalCode=V8N 6E4, C=CA

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00EF51E3D40CEB9F88AEF48ADACCEF46E4

File PE Metadata
Compilation timestamp:
10/19/2014 12:24:09 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:hEGnP6bnTBv7FaXwjnuhtctjl7Zu03fr70+xYG08atBFbqOyZRm+tn7vVuydm8pY:hEBu74jl713fr70acFbca+tVxp57u

Entry address:
0x1108

Entry point:
68, E8, 12, 10, 01, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, ED, E7, 85, A7, F4, 10, 60, 4A, AE, 89, 08, EC, A5, B7, 31, F7, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 2D, 43, 30, 30, 30, 2D, 41, 6B, 64, 6A, 69, 61, 73, 00, 00, 00, 00, 00, FF, CC, 31, 00, 00, 00, F3, 44, 83, 18, 79, 5B, 40, 8C, 91, C7, 90, B2, 75, 96, 0D, 56, 77, 4E, 06, 23, 40, 22, 48, AF, D2, 48, CF, 84, D5, 64, EB, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00, AA, 00, 60, D3, 93, 00, 00, 00...
 
[+]

Entropy:
7.4130

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
64 KB (65,536 bytes)

Remove b012856547edef20f5d883930ad5731f - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.