home

dcbraiegut_gutbl_setup.exe

BrowserAir (GOOBZO LTD)

The application dcbraiegut_gutbl_setup.exe by BrowserAir (GOOBZO) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software.
Publisher:
BrowserAir (GOOBZO LTD)  (signed and verified)

Version:
2.11.0.999

MD5:
4553ce9751694dde3d4a63b65b093035

SHA-1:
0f2b09a0c77adca5a7e95cbe9f6ae651c0afa7ba

SHA-256:
73440bd24df32cd97f9d748bc86dffe86560d7317ee5482fa261606a18a17a24

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
5/21/2024 9:39:38 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Goobzo.Installer (M)
16.4.24.7

File size:
2.2 MB (2,346,904 bytes)

Product version:
2.11.0.999

Copyright:
Copyright (C) 2014

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\users\{user}\appdata\local\installer\install_23288\dcbraiegut_gutbl_setup.exe

Digital Signature
Signed by:
BrowserAir (GOOBZO LTD)

Authority:
COMODO CA Limited

Valid from:
2/10/2015 4:00:00 PM

Valid to:
2/11/2016 3:59:59 PM

Subject:
CN=BrowserAir (GOOBZO LTD), O=BrowserAir (GOOBZO LTD), STREET="Bldg #15 Matam", L=Haifa, S=Haifa, PostalCode=31905, C=IL

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
3B4F9A8B40F303C8AAD1D77B2A2B4674

File PE Metadata
Compilation timestamp:
8/5/2015 11:56:59 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:dQBfXu3iy+h08mSR69NElR4U4PP6UPMVuIs0QzYBo4rvlQhKWxnJi:dQ1+guY692/4PPPDxxz0wc

Entry address:
0x2B5FD4

Entry point:
60, 60, 66, C7, 44, 24, 04, 1A, 98, C7, 44, 24, 3C, 4F, A9, 94, FF, FF, 34, 24, 9C, C7, 44, 24, 40, A0, 99, 64, 32, 88, 2C, 24, 88, 0C, 24, 8D, 64, 24, 40, E9, 47, B3, 22, 00, FF, 34, 24, B0, 10, 8D, 64, 24, 30, 9C, 68, D7, 82, 28, 15, 8D, 64, 24, 08, E8, 2B, 57, 1D, 00, E9, 0F, 41, 1B, 00, C3, 4D, 62, D6, E5, 51, B3, D9, B7, AD, 8F, 7F, 51, D8, D2, C2, D9, 10, 12, E7, FC, 48, 5A, AF, BC, 08, 2F, 9B, AC, 65, 7A, CE, B3, 02, 05, B1, 8E, 3A, E0, C5, 0B, 68, 0A, C4, 92, 81, 4B, 11, 7F, 12, 4B, 3E, CB, D8, 12...
 
[+]

Entropy:
7.9045  (probably packed)

Code size:
549.5 KB (562,688 bytes)

Remove dcbraiegut_gutbl_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.