home

dcbraiegut_gutbl_setup.exe

BrowserAir (GOOBZO LTD)

The application dcbraiegut_gutbl_setup.exe by BrowserAir (GOOBZO) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. While running, it connects to the Internet address server-205-251-251-152.jfk5.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
BrowserAir (GOOBZO LTD)  (signed and verified)

Version:
2.10.0.999

MD5:
9db0c80244914a24bf10c823d8e3e2b0

SHA-1:
ff83a2dda4ebcc25b9aa6c7d371992bac56d18e6

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/18/2024 10:12:27 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Goobzo.Installer (M)
15.7.31.14

File size:
2.2 MB (2,319,768 bytes)

Product version:
2.10.0.999

Copyright:
Copyright (C) 2014

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\Application data\installer\install_14216\dcbraiegut_gutbl_setup.exe

Digital Signature
Signed by:
BrowserAir (GOOBZO LTD)

Authority:
COMODO CA Limited

Valid from:
2/10/2015 7:00:00 PM

Valid to:
2/11/2016 6:59:59 PM

Subject:
CN=BrowserAir (GOOBZO LTD), O=BrowserAir (GOOBZO LTD), STREET="Bldg #15 Matam", L=Haifa, S=Haifa, PostalCode=31905, C=IL

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
3B4F9A8B40F303C8AAD1D77B2A2B4674

File PE Metadata
Compilation timestamp:
7/31/2015 2:56:36 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:d2nySkBmoUU8lg5Pf9lZPMXkCFU9Xr/Rd+rF//oFeb:eySSmoUUag5PFlmXjO9of

Entry address:
0x4C3ACA

Entry point:
60, 9C, C7, 44, 24, 20, B3, 78, FF, E0, E8, 12, B7, FF, FF, 46, 18, 6F, B2, 3F, B3, D5, 4E, BC, FE, 9C, 26, 74, 1A, E8, A8, 68, 20, D8, 96, 4C, 1C, EC, B0, 44, 00, 38, 44, 24, A2, 48, 04, C0, E8, D2, B8, DA, 5C, 18, 53, 0F, 6B, 65, 75, 91, C1, D8, 82, 78, 2C, 98, 91, E1, D4, 3D, 98, B0, A6, 52, 79, E7, B3, BF, C1, DF, D9, EB, 70, 03, A2, 36, 3B, 71, 20, 99, 3B, 4A, 8E, CC, 43, E5, F9, 87, 56, 27, 1D, 57, DD, A3, 87, 44, 3C, B9, AF, EF, E5, 12, F4, D6, DD, 23, F2, 0F, E3, 8F, 52, B2, CA, 12, 42, F8, CD, CC...
 
[+]

Entropy:
7.9038  (probably packed)

Code size:
548.5 KB (561,664 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-205-251-251-200.jfk5.r.cloudfront.net  (205.251.251.200:80)

TCP (HTTP):
Connects to server-205-251-251-152.jfk5.r.cloudfront.net  (205.251.251.152:80)

Remove dcbraiegut_gutbl_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.