» gcb.exe
Overview
Analysis
File Details
Downloads (4)

gcb.exe

Google Chrome backup

Parhelia Tools

This is a setup program which is used to install the application. The file has been seen being downloaded from www.programosy.pl and multiple other hosts.

File name:

gcb.exe

Publisher:

Parhelia Tools

Product:

Google Chrome backup

Version:

2.1.0.216

MD5:

09d352bee8c21b194386adac6ebbafa3

SHA-1:

b2b858c63bc30408d6c5dfc7172fc9be3c197c46

SHA-256:

90d0b0f6d7073ea103283afc94451275acd9eb5e9029d57d879cb6dfff752b26

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

4/26/2024 2:52:23 AM UTC (today)

Scan engine

Detection

Engine version

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1120

File size:

835 KB (855,040 bytes)

Product version:

2.1.0.216

Original file name:

gcb.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\gcb.exe

File PE Metadata

Compilation timestamp:

10/9/2009 2:05:17 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:AcVTKNFWvXnBFX5py6z5TjlUABn3c0PsPQQO:FVTOWvRFy6ZjKwhkPQd

Entry address:

0x10404

Entry point:

E8, DD, 5B, 00, 00, E9, A4, FE, FF, FF, 6A, 0C, 68, C8, 13, 42, 00, E8, 62, 0D, 00, 00, 6A, 0E, E8, 63, 02, 00, 00, 59, 83, 65, FC, 00, 8B, 75, 08, 8B, 4E, 04, 85, C9, 74, 2F, A1, D8, 37, 42, 00, BA, D4, 37, 42, 00, 89, 45, E4, 85, C0, 74, 11, 39, 08, 75, 2C, 8B, 48, 04, 89, 4A, 04, 50, E8, 84, EA, FF, FF, 59, FF, 76, 04, E8, 7B, EA, FF, FF, 59, 83, 66, 04, 00, C7, 45, FC, FE, FF, FF, FF, E8, 0A, 00, 00, 00, E8, 51, 0D, 00, 00, C3, 8B, D0, EB, C5, 6A, 0E, E8, 2E, 01, 00, 00, 59, C3, CC, CC, 8B, 54, 24, 04... 
[+]

Entropy:

7.8684 (probably packed)

Code size:

103 KB (105,472 bytes)

The file gcb.exe has been seen being distributed by the following 4 URLs.

http://www.programosy.pl/.../pobierz,google-chrome-backup,4.html

http://www.parhelia-tools.com/.../gcb.exe

http://www.parhelia-tools.com/products/.../download.php?f=gcb.exe

http://www.googlechromebackup.com/download.php?f=gcb.exe

Scan gcb.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.