home

GbpSv.exe

Gbp Service

Caixa Economica Federal

The application GbpSv.exe, “G-Buster Browser Defense - Service” by Caixa Economica Federal has been detected as a potentially unwanted program by 3 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Gbp Service”. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
Caixa Economica Federal  (signed and verified)

Product:
Gbp Service

Description:
G-Buster Browser Defense - Service

Version:
2,1,15,3

MD5:
8c288be50b39ea8a55429ceb2b5471bc

SHA-1:
76829379c2d7c51b86efa9291de4349afac458c7

SHA-256:
759a1bb34e6bfec54fc68cd0156aeae48a8d7e32a868329651caced5ba16a145

Scanner detections:
3 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/25/2024 5:14:03 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Caixa Economica Federal
2016.0.2880

Reason Heuristics
PUP.InstallCore (L)
16.12.9.7

Rising Antivirus
PE:Trojan.Win32.Generic.12624B2F!308431663
23.00.65.151227

File size:
58.7 KB (60,104 bytes)

Product version:
2,1,15,3

Copyright:
Copyright © 2003-2010, G-Buster Browser Defense

Trademarks:
GbpSv

Original file name:
GbpSv.exe

File type:
Executable application (Win32 EXE)

Language:
Portuguese (Brazil)

Common path:
C:\Program Files\gbplugin\gbpsv.exe

Digital Signature
Signed by:
Caixa Economica Federal

Authority:
The USERTRUST Network

Valid from:
7/18/2010 5:00:00 PM

Valid to:
7/18/2012 4:59:59 PM

Subject:
CN=Caixa Economica Federal, OU=GISUT/BR, O=Caixa Economica Federal, STREET=SEPN 507 BLOCO A 3º Andar - Asa Norte, L=Brasília, S=Distrito Federal, PostalCode=70740-521, C=BR

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
18471E6B12B1A09DE7D5AA6814AEF186

File PE Metadata
Compilation timestamp:
11/19/2010 3:25:21 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:laR0oSQRtPqB5N+S+rgWpL+hxfEKQW1IvW1J:uPSQtKHifIhxfEKQjO

Entry address:
0x22220

Entry point:
60, BE, 00, 70, 41, 00, 8D, BE, 00, A0, FE, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75...
 
[+]

Entropy:
7.6956

Packer / compiler:
UPX 2.90LZMA

Code size:
48 KB (49,152 bytes)

Service
Display name:
Gbp Service

Service name:
GbpSv

Description:
Service for G-Buster Browser Defense

Type:
Win32OwnProcess

Group:
GbPlugin Group


Remove GbpSv.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.