» GbpSv.exe
Overview
Analysis
File Details
Behaviors (1)

GbpSv.exe

Gbp Service

Banco do Brasil S.A.

It runs as a separate (within the context of its own process) windows Service named “Gbp Service”.

File name:

GbpSv.exe

Publisher:

Banco do Brasil S.A. (signed and verified)

Product:

Gbp Service

Description:

G-Buster Browser Defense - Service

Version:

2,1,9,2

MD5:

9ac58b374a2b0249a06439d703662e76

SHA-1:

0c5fc250486e1fd11cde708e49d62d848f155a2c

SHA-256:

cbdf0cc2b91a7b84df4c509d46480c351548ed74b9212a97a23b7e093a934a09

Scanner detections:

7 / 68

Status:

Clean (7 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

4/25/2024 6:58:43 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Dropper.Gen

7.11.30.172

Clam AntiVirus

PUA.Packed.PECompact-1

0.98/17411

Dr.Web

BACKDOOR.Trojan

9.0.1.046

McAfee

Artemis!CB31632EBAB1

5600.6488

Norman

W32/Dropper!gens.1642675

11.20160215

Rising Antivirus

Trojan.Win32.Generic.127945B8

23.00.65.16213

Trend Micro

PAK_Generic.001

10.465.15

File size:

51.3 KB (52,560 bytes)

Product version:

2,1,9,2

Trademarks:

GbpSv

Original file name:

GbpSv.exe

File type:

Executable application (Win32 EXE)

Language:

Brazilian Portuguese

Common path:

C:\Program Files\gbplugin\gbpsv.exe

Digital Signature

Signed by:

Banco do Brasil S.A.

Authority:

VeriSign, Inc.

Valid from:

10/1/2008 9:00:00 PM

Valid to:

10/2/2011 8:59:59 PM

Subject:

CN=Banco do Brasil S.A., OU=Diretoria de Tecnologia, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Banco do Brasil S.A., L=Brasilia, S=Distrito Federal, C=BR

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

5C76152BFFECF8B55B3FB4B15DED1A3A

File PE Metadata

Compilation timestamp:

9/19/2008 11:53:40 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

768:YbXvCKnwAy32z/nJIYvRJZ7NnNy8wxgBuPW9ReJp1m+Plw27UXF6WLqb0BRA:YbXZnwNmxRJZ7NNPwx0zReBmTbVLOR

Entry address:

0x6668

Entry point:

B8, 40, FA, 41, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 93, 4A, AB, 98, 98, E0, 2F, 36, C3, CD, 8A, 9B, F5, 05, DB, 4C, C9, A3, 5F, D0, 4D, 2B, 71, 1D, 58, 15, 93, F6, A5, 7C, D4, 1A, 69, CF, F9, 06, 19, 1A, 8E, F2, A6, F4, 51, 68, 6D, 1E, 1B, 3A, 1A, 3D, 31, F5, 47, DB, 6C, B1, 69, 6C, 3E, BF, 60, 95, CE, 33, C9, 68, 8C, A1, 9B, 86, E8, 14, A4, 95, EE, 66, 9D, 86, 4F, F4, DF, 1B, 21, 71, 99, 2C, A0, 95, 1F, 84, FB, 26, 84... 
[+]

Packer / compiler:

PECompact v2

Code size:

72 KB (73,728 bytes)

Service

Display name:

Gbp Service

Service name:

GbpSv

Description:

Service for G-Buster Browser Defense

Type:

Win32OwnProcess

Group:

GbPlugin Group

Scan GbpSv.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.