» {blocked}.exe
Overview
Analysis
File Details

{blocked}.exe

The World Gate, Inc

The application {blocked}.exe, “GPass client software” by The World Gate, Inc has been detected as a potentially unwanted program by 12 anti-malware scanners.

File name:

{blocked}.exe

Publisher:

GPass (signed by The World Gate, Inc)

Product:

GPass

Description:

GPass client software

Version:

3.4.2.2

MD5:

b6682d7e91ed14d6f135d3d87fcfe91c

SHA-1:

af2249345eb267357eb0a8d00d651257fc91a0b5

SHA-256:

2bdb2abf24685bd867f079512eb254153794f9cc2fe968dda6e1458f9843bd14

Scanner detections:

12 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 9:17:00 PM UTC (today)

Scan engine

Detection

Engine version

AegisLab AV Signature

FraudTool.W32.AntiMalwarePro.luZA

2.1.4+

Avira AntiVirus

TR/Gendal.107048

8.3.3.4

Comodo Security

UnclassifiedMalware

25390

Dr.Web

Trojan.PWS.Banker.54904

9.0.1.0278

G Data

Win32.Trojan.Agent.OG3X2F

16.10.25

IKARUS anti.virus

Virus.Win32.Delf

t3scan.2.1.6.0

Kaspersky

not-a-virus:Server-Proxy.Win32.GPass

14.0.0.-503

McAfee

Artemis!B6682D7E91ED

5600.6256

NANO AntiVirus

Trojan.Win32.Banker.daercn

1.0.38.8984

Qihoo 360 Security

QVM17.0.Malware.Gen

1.0.0.1120

VIPRE Antivirus

Trojan.Win32.Generic

50642

ViRobot

Trojan.Win32.Z.Gpass.1440808[h]

2014.3.20.0

File size:

1.4 MB (1,440,808 bytes)

Product version:

3.4.2.2

www.gpass1.com

Trademarks:

www.gpass1.com

Original file name:

GPass.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\gpass-3.4.2.exe

Digital Signature

Signed by:

The World Gate, Inc

Authority:

The USERTRUST Network

Valid from:

2/5/2007 3:30:00 AM

Valid to:

2/5/2009 3:29:59 AM

Subject:

CN="The World Gate, Inc", O="The World Gate, Inc", STREET=42 Read's Way, L=New Castle, S=DE, PostalCode=19720, C=US

Issuer:

CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:

0096C63E5A5A019CB91797B7037E97ABD2

File PE Metadata

Compilation timestamp:

6/20/1992 2:52:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:3ADKBSgdWj64/s3e/ljiM53LNeRu7mBMrvTr961JBSA4TAiwQ4H1PYCsCbOYlr:Qu8gdWjPs3Aljlt04H9oHbil4H1PTRZl

Entry address:

0x1000

Entry point:

B8, A4, B4, 70, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 13, 5F, AC, 93, F6, DA, 0E, 4A, 3E, 62, 1D, 64, 84, 49, A8, 0C, 99, B2, F5, 69, 35, D4, 52, AF, E7, 82, B9, EB, DF, 2D, 1B, DD, 5F, 55, ED, BE, 51, CB, BA, 79, 06, CE, B9, 06, C3, 57, 03, D8, 92, 66, 83, 3E, 63, CF, BF, AD, A3, E9, EF, F3, 52, AE, 0A, A5, DF, 59, 93, 9E, CE, E4, D8, D0, 15, 4F, 3E, 32, F6, F9, 2A, 83, D0, 95, A4, 50, B5, 67, D6, DD, 48, 2C, 15, 57, 27... 
[+]

Entropy:

7.9842

Packer / compiler:

PECompact v2

Code size:

1.8 MB (1,876,992 bytes)

Remove {blocked}.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.