» gb-installer-core.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (2)
Network (23)

gb-installer-core.exe

gb-installer-core

The application gb-installer-core.exe has been detected as a potentially unwanted program by 3 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered by a time event. Additionally, the file is typically installed by a number of programs including Rockettab by Rich River Media, LLC and “RocketTab” by Adknowledge, both potentially unwanted software.

File name:

Product:

gb-installer-core

Version:

1.0.5654.17497

MD5:

b5559dd31b2e1d33e81769a9ab0bddc5

SHA-1:

aaac317615c363a75f06c5e52439b4bcfd92007e

SHA-256:

eabe98ad4ce914f3f7cca472836f62822181571b0d8c5751cca39633a153df76

Scanner detections:

3 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 10:50:51 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Trojan.iBryte.582

9.0.1.05190

ESET NOD32

MSIL/Adware.iBryte.AE application

6.3.12010.0

Reason Heuristics

Win32.Generic

16.9.20.12

File size:

50 KB (51,200 bytes)

Product version:

1.0.5654.17497

Original file name:

gb-installer-core.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\gb-installer-core.exe

File PE Metadata

Compilation timestamp:

8/3/2015 9:58:21 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

1536:Fw+BmsOkgulNJzDLiPaT7TSM0PB8ym5QYI:HBmbQlNJEA0PB6QYI

Entry address:

0xD296

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

5.9506

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

45 KB (46,080 bytes)

Scheduled Task

Task name:

RocketTab Update Task

Trigger:

Time

Description:

Updates your RocketTab software. If this task is disabled or deleted, your software will not be kept up to date and may be succeptible to additional

The file gb-installer-core.exe has been discovered within the following programs.

“RocketTab” by Adknowledge

RocketTab is a web browser extension that injects display advertising in the user's browser. Ads are displayed in the form of banners and contextual text-links and are both injected in white space areas of the HTML page or over existing ads of the underlying web site.

85% remove it

Rockettab by Rich River Media, LLC

RocketTab is an adware program that injects advertising in the user's web browser by creating a local proxy server and routing all Internet traffic through that proxy. By re-routing traffic the service will be able to include various ads in the HTML of the displaying web page.

rockettab.com

88% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ec2-54-221-254-214.compute-1.amazonaws.com (54.221.254.214:80)

TCP (HTTP):

Connects to ec2-54-235-170-110.compute-1.amazonaws.com (54.235.170.110:80)

TCP (HTTP):

Connects to ec2-23-21-48-109.compute-1.amazonaws.com (23.21.48.109:80)

TCP (HTTP):

Connects to ec2-54-83-200-155.compute-1.amazonaws.com (54.83.200.155:80)

TCP (HTTP):

Connects to ec2-54-204-8-133.compute-1.amazonaws.com (54.204.8.133:80)

TCP (HTTP):

Connects to ec2-107-22-239-84.compute-1.amazonaws.com (107.22.239.84:80)

TCP (HTTP):

Connects to ec2-23-23-209-131.compute-1.amazonaws.com (23.23.209.131:80)

TCP (HTTP):

Connects to server-54-230-216-86.mrs50.r.cloudfront.net (54.230.216.86:80)

TCP (HTTP):

Connects to server-54-230-216-181.mrs50.r.cloudfront.net (54.230.216.181:80)

TCP (HTTP):

Connects to server-54-230-141-213.sfo5.r.cloudfront.net (54.230.141.213:80)

TCP (HTTP):

Connects to server-52-85-83-109.lax1.r.cloudfront.net (52.85.83.109:80)

TCP (HTTP):

Connects to server-52-85-77-193.lax3.r.cloudfront.net (52.85.77.193:80)

TCP (HTTP):

Connects to server-52-85-77-142.lax3.r.cloudfront.net (52.85.77.142:80)

TCP (HTTP):

Connects to server-52-85-63-46.lhr50.r.cloudfront.net (52.85.63.46:80)

TCP (HTTP):

Connects to server-52-85-63-116.lhr50.r.cloudfront.net (52.85.63.116:80)

TCP (HTTP):

Connects to server-52-85-173-125.fra6.r.cloudfront.net (52.85.173.125:80)

TCP (HTTP):

Connects to server-52-84-25-37.sea32.r.cloudfront.net (52.84.25.37:80)

TCP (HTTP):

Connects to server-52-84-25-173.sea32.r.cloudfront.net (52.84.25.173:80)

TCP (HTTP):

Connects to server-52-84-246-218.sfo20.r.cloudfront.net (52.84.246.218:80)

TCP (HTTP):

Connects to server-52-84-22-192.sea32.r.cloudfront.net (52.84.22.192:80)

Remove gb-installer-core.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.