home

dcbraiegut_gutbl_setup.exe

BrowserAir (GOOBZO LTD)

The application dcbraiegut_gutbl_setup.exe by BrowserAir (GOOBZO) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software.
Publisher:
BrowserAir (GOOBZO LTD)  (signed and verified)

Version:
2.9.0.999

MD5:
87ac96626c2d1e8924c42419f49a4075

SHA-1:
fa44b0cbf3a1b69c28b8457bf7072eab8e35fa51

SHA-256:
9e441d726abaa00fda3f70878a63296d23f0be0b421d8fbf116deb684b5d6e20

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
5/21/2024 9:23:50 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Goobzo.Installer (M)
15.12.19.15

File size:
2.2 MB (2,325,400 bytes)

Product version:
2.9.0.999

Copyright:
Copyright (C) 2014

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\users\{user}\appdata\local\installer\install_20623\dcbraiegut_gutbl_setup.exe

Digital Signature
Signed by:
BrowserAir (GOOBZO LTD)

Authority:
COMODO CA Limited

Valid from:
2/10/2015 7:00:00 PM

Valid to:
2/11/2016 6:59:59 PM

Subject:
CN=BrowserAir (GOOBZO LTD), O=BrowserAir (GOOBZO LTD), STREET="Bldg #15 Matam", L=Haifa, S=Haifa, PostalCode=31905, C=IL

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
3B4F9A8B40F303C8AAD1D77B2A2B4674

File PE Metadata
Compilation timestamp:
7/26/2015 2:57:01 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:E9pY+n9Yzr8szqFLzcUa2KOmmiNMCkVel232CQL7Eeak6rXlb7cZ:E9pYKYMs2MUa2KPPMRel232CQXEHGZ

Entry address:
0x4D000C

Entry point:
E9, A9, AE, FF, FF, 28, 93, 4E, F1, 15, 4F, 97, 42, 2A, A1, B9, 78, 52, 76, 74, 4C, 2C, 9F, B7, 42, 64, 1C, 82, 1E, 50, 38, 38, 9B, 01, F9, 32, 32, 78, 99, A6, D5, 88, F6, AA, 60, 1C, 7D, 65, 64, F8, 9B, FA, 7A, BE, 35, 1B, 51, 51, 91, 49, 9D, E9, 98, 76, 7F, 72, F9, A9, 97, 7A, F2, 5B, B3, 95, E0, 2E, 45, 4C, 47, C8, A5, 19, 39, 08, C3, C3, A6, 0D, 11, 47, 5B, 93, AB, 43, 86, 18, 23, 8A, 12, 7D, 85, 9D, 9A, FE, 76, D6, EF, 77, EB, EE, A9, 08, 72, 89, 5F, 1C, 67, EA, C0, 9D, 98, 23, 6D, BC, 8F, 22, F8, ED...
 
[+]

Entropy:
7.8961

Packer / compiler:
tElock 0.99 - 1.0 private

Code size:
548.5 KB (561,664 bytes)

Remove dcbraiegut_gutbl_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.