home

gbmzh_cef.dll

GBBD Caixa Economica Federal

Caixa Economica Federal

The module gbmzh_cef.dll, “Interceptador de eventos” by Caixa Economica Federal has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the Mozilla Firefox web browser as part of an addin/plugin. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
GAS Tecnologia  (signed by Caixa Economica Federal)

Product:
GBBD Caixa Economica Federal

Description:
Interceptador de eventos

Version:
2.3.5.30

MD5:
3984c79585989ee3fb29130257b5e61f

SHA-1:
6a3372f9b3a66299d85cd480ec6114feadcd5ed4

SHA-256:
264e0aff63805cd666fb09aee9d8ac645e092f90ed243ca8479dd41a7cfc3b0f

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/19/2024 7:58:41 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore (L)
16.12.12.17

File size:
1.7 MB (1,748,256 bytes)

Product version:
2.3.5.30

Copyright:
Copyright 2011 GAS Tecnologia.

Original file name:
gbmzh.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\mozilla\firefox\profiles\41a66e7e5ee1\extensions\{87f8774f-b485-47e2-a755-a40a8a5e886d}\components\gbmzh_cef.dll

Digital Signature
Signed by:
Caixa Economica Federal

Authority:
The USERTRUST Network

Valid from:
7/18/2010 9:00:00 PM

Valid to:
7/18/2012 8:59:59 PM

Subject:
CN=Caixa Economica Federal, OU=GISUT/BR, O=Caixa Economica Federal, STREET=SEPN 507 BLOCO A 3º Andar - Asa Norte, L=Brasília, S=Distrito Federal, PostalCode=70740-521, C=BR

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
18471E6B12B1A09DE7D5AA6814AEF186

File PE Metadata
Compilation timestamp:
4/12/2011 10:19:58 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:oi3HtdsIQU2v7WakCnJSLMumGLL0zqwdk95:oGvsIQN7DumG03kz

Entry address:
0x3D8A32

Entry point:
9C, E8, 57, D4, FF, FF, 30, C0, F8, F9, F8, F2, AE, E8, 3C, F9, FF, FF, 68, 76, C6, 15, BF, 96, A8, 4F, A4, 67, BC, 47, B8, 6F, A8, 5B, 94, 47, A8, 4F, 97, 89, B8, 90, 52, D5, 31, C6, 25, C1, 21, 77, 82, 28, BC, B5, 4F, A8, D2, 2E, 74, 78, 8F, 68, 8F, AA, DA, 4D, 3B, 12, 87, 26, 0A, 7C, DB, E9, FF, D2, 10, 3E, 58, AF, D5, CB, FD, 05, 7D, 49, 1D, 83, ED, E6, 2D, C3, E6, 90, 99, BB, FF, 82, D8, 86, F9, 16, F8, DD, 69, 0A, 30, EF, A0, 20, 69, 85, 43, AD, 61, AD, DA, 0D, 13, 5D, B0, CF, 9D, D7, 0C, 60, D7, FC...
 
[+]

Code size:
1.6 MB (1,641,472 bytes)

Remove gbmzh_cef.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.