home

dcbraiegut_gutbl_setup.exe

BrowserAir (GOOBZO LTD)

The application dcbraiegut_gutbl_setup.exe by BrowserAir (GOOBZO) has been detected as adware by 12 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. While running, it connects to the Internet address server-205-251-251-152.jfk5.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
BrowserAir (GOOBZO LTD)  (signed and verified)

Version:
2.11.0.999

MD5:
40935272bd9063325e75b7dc93e96ddd

SHA-1:
dbe43e96fef6537475476388153fd3dbd6d545c7

SHA-256:
394d22af1b33ffc7fe5d304597ff2a8365f778e76ca427e18393d7d9ddfc455d

Scanner detections:
12 / 68

Status:
Adware

Analysis date:
4/26/2024 12:37:58 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.688663
547

Arcabit
Trojan.Kazy.DA8217
1.0.0.425

Bitdefender
Gen:Variant.Kazy.688663
1.0.20.1095

Bkav FE
HW32.Packed
1.3.0.7062

Emsisoft Anti-Malware
Gen:Variant.Kazy.688663
8.15.08.07.07

F-Secure
Gen:Variant.Kazy.688663
11.2015-07-08_6

G Data
Gen:Variant.Kazy.688663
15.8.25

Kaspersky
Trojan-Dropper.Win32.Agent.bjpckz
14.0.0.1619

Malwarebytes
PUP.Optional.BrowserAir.C
v2015.08.07.07

MicroWorld eScan
Gen:Variant.Kazy.688663
16.0.0.657

Panda Antivirus
Adware/Goobzo
15.08.07.07

Reason Heuristics
PUP.Goobzo.Installer (M)
15.8.7.7

File size:
2.3 MB (2,446,232 bytes)

Product version:
2.11.0.999

Copyright:
Copyright (C) 2014

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\users\{user}\appdata\local\installer\install_14377\dcbraiegut_gutbl_setup.exe

Digital Signature
Signed by:
BrowserAir (GOOBZO LTD)

Authority:
COMODO CA Limited

Valid from:
2/10/2015 7:00:00 PM

Valid to:
2/11/2016 6:59:59 PM

Subject:
CN=BrowserAir (GOOBZO LTD), O=BrowserAir (GOOBZO LTD), STREET="Bldg #15 Matam", L=Haifa, S=Haifa, PostalCode=31905, C=IL

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
3B4F9A8B40F303C8AAD1D77B2A2B4674

File PE Metadata
Compilation timestamp:
8/5/2015 2:56:59 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:gqTuUlXKYFom99kH8+YwIagTo8h7sXPM/lCmPr7ZaDsT6dD3QSNtW:hSUIYjginTh78PM/lBjPTaW

Entry address:
0x4DADF9

Entry point:
E9, 09, 92, DE, FF, F5, F2, AE, 60, C7, 04, 24, CF, 17, 83, C3, 8D, 64, 24, 28, 0F, 85, 5A, B6, DE, FF, 0F, B6, C1, 9C, C6, 47, FF, 00, 50, 8D, 82, A4, 0F, C9, 37, 89, 5C, 24, 04, 88, DC, 66, 0F, BE, C2, 66, 0F, BE, C1, 8D, 05, E0, 6D, 6C, 00, C6, 04, 24, 9A, 9C, 52, C7, 44, 24, 08, ED, F8, 8D, 00, 68, D8, D8, 00, 85, 89, 44, 24, 08, 60, 68, E7, 22, 62, 9D, FF, 74, 24, 2C, C2, 30, 00, 08, 58, 9C, 62, 10, 0C, 86, F7, 17, AC, AD, 61, 91, A2, 6B, DF, 4D, 92, 1E, 9D, BD, BC, 6C, CB, 8C, 50, 32, 67, DF, 3D, 72...
 
[+]

Entropy:
7.8962

Packer / compiler:
Xtreme-Protector v1.05

Code size:
549.5 KB (562,688 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-205-251-251-79.jfk5.r.cloudfront.net  (205.251.251.79:80)

TCP (HTTP):
Connects to server-205-251-251-152.jfk5.r.cloudfront.net  (205.251.251.152:80)

Remove dcbraiegut_gutbl_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.