home

dcbraiegut_gutbl_setup.exe

BrowserAir (GOOBZO LTD)

The application dcbraiegut_gutbl_setup.exe by BrowserAir (GOOBZO) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. It runs as a scheduled task under the Windows Task Scheduler.
Publisher:
BrowserAir (GOOBZO LTD)  (signed and verified)

Version:
2.11.0.999

MD5:
5efd345f520ab88c9fb7ecb5086bde27

SHA-1:
269cf792ce3cd5f2632ef2b69bfd08bc08ffaafe

SHA-256:
60cfb49435156c6cbc96fc8f22f6972ea19b4fdcc4b11d354d858e75240fdb17

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
5/21/2024 3:25:15 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Goobzo.Installer (M)
16.6.30.13

File size:
2.5 MB (2,616,216 bytes)

Product version:
2.11.0.999

Copyright:
Copyright (C) 2014

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\users\{user}\appdata\local\installer\install_17512\dcbraiegut_gutbl_setup.exe

Digital Signature
Signed by:
BrowserAir (GOOBZO LTD)

Authority:
COMODO CA Limited

Valid from:
2/10/2015 4:00:00 PM

Valid to:
2/11/2016 3:59:59 PM

Subject:
CN=BrowserAir (GOOBZO LTD), O=BrowserAir (GOOBZO LTD), STREET="Bldg #15 Matam", L=Haifa, S=Haifa, PostalCode=31905, C=IL

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
3B4F9A8B40F303C8AAD1D77B2A2B4674

File PE Metadata
Compilation timestamp:
8/9/2015 11:59:04 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:vCu4rvlQA/SURgpdryJuy7KvL7T6qVovAaphDkitq4v/xL7mPt:OBgpJw+jaq+vRPYitrh61

Entry address:
0x3223CB

Entry point:
9C, C7, 04, 24, 02, 4D, FE, D5, E9, 42, F4, FF, FF, 8D, 64, 24, 20, E8, 3E, ED, 23, 00, 9C, E8, 63, E1, FF, FF, B7, E9, B5, E7, 97, 5C, 2B, 0C, DC, 04, B4, BC, 21, BF, 37, C9, 07, 59, FF, 11, F3, 3D, 35, 8B, ED, ED, BD, 93, 81, 81, CF, 87, 09, 4E, 0A, 67, 64, 5E, 04, BC, C4, 60, F0, 72, F0, 1C, 72, 5D, E7, 9F, E1, 0D, 1B, 95, FF, 81, D7, D9, BB, 35, 8F, 41, 6B, B5, 85, 4A, 31, 5B, 3F, B9, D8, A8, E8, C1, 0A, C6, BE, 80, 9F, 57, 39, B3, 5A, 47, 89, D7, F9, 55, 25, 5B, 8F, D2, B5, B3, 83, 9D, 64, 2C, 7A, 7A...
 
[+]

Entropy:
7.9202  (probably packed)

Code size:
549.5 KB (562,688 bytes)

Scheduled Task
Task name:
Inst_Rep

Trigger:
Registration (Runs on registration)


Remove dcbraiegut_gutbl_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.