» c4f19507-3f48-4413-97f1-db157fed6ad4.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

c4f19507-3f48-4413-97f1-db157fed6ad4.exe

Torpedo

Gogo Network Club

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application c4f19507-3f48-4413-97f1-db157fed6ad4.exe by Gogo Network Club has been detected as adware by 8 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program Browser+ Apps+ by Gogo Network Club which is a potentially unwanted software program. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

Publisher:

Gogo Network Club (signed and verified)

Product:

Torpedo

Version:

1.0.0.0

MD5:

d4e3af261e1080d10d96f543ac6a74d1

SHA-1:

b7b824b262cc0a42e465a7aae5abbfa5fae80e59

SHA-256:

ff03b43c98aa194e6c356a097c193ad23fb4dd1ea845d9e6b79f51767b4a18ea

Scanner detections:

8 / 68

Status:

Adware

Explanation:

May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:

4/25/2024 7:37:41 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/CrossRider.Gen2

7.11.182.172

AVG

Generic

2015.0.3304

Clam AntiVirus

Win.Adware.Adwapper

0.98/21411

ESET NOD32

Win32/Toolbar.CrossRider.AS (variant)

8.10653

IKARUS anti.virus

Trojan.GoogUpdate

t3scan.1.8.3.0

Kaspersky

not-a-virus:WebToolbar.Win32.CrossRider

15.0.0.494

Reason Heuristics

PUP.Task.GogoNetworkClub.e

14.10.31.19

Vba32 AntiVirus

AdWare.Adwapper

3.12.26.3

File size:

31.4 KB (32,160 bytes)

Product version:

1.0.0.0

Original file name:

TorpedoCh.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\browser+ apps+\c4f19507-3f48-4413-97f1-db157fed6ad4.exe

Digital Signature

Signed by:

Gogo Network Club

Authority:

COMODO CA Limited

Valid from:

8/18/2014 4:00:00 PM

Valid to:

8/19/2015 3:59:59 PM

Subject:

CN=Gogo Network Club, O=Gogo Network Club, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

75BF783471861CAD78DE03A20768BF56

File PE Metadata

Compilation timestamp:

8/18/2014 4:08:19 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

768:xdL5HFxTS9acVNVdlG959NepeFnXi4B8TZ:FHX+fdlRcFn3mZ

Entry address:

0x81EE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 50, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 68, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

5.4686

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

24.5 KB (25,088 bytes)

Scheduled Task

Task name:

c4f19507-3f48-4413-97f1-db157fed6ad4

Trigger:

Logon (Runs on logon)

Action:

c4f19507-3f48-4413-97f1-db157fed6ad4.exe 002142 bea319e4e6884a769910825262c88e5die 64449 14

The file c4f19507-3f48-4413-97f1-db157fed6ad4.exe has been discovered within the following program.

Browser+ Apps+ by Gogo Network Club

browser+ apps+ is a potentially unwanted adware program that injects ads into the user's browser. This includes inserting into web pages or displaying ads over parts of existing web page advertisements, banners, coupons or text links that would not otherwise appear.

84% remove it

Remove c4f19507-3f48-4413-97f1-db157fed6ad4.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.