» gnupublicremote.exe
Overview
Analysis
File Details
Behaviors (1)

gnupublicremote.exe

The application gnupublicremote.exe has been detected as a potentially unwanted program by 20 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “GNUPublicRemote.exe”.

File name:

gnupublicremote.exe

MD5:

15e167cb1dec07bf45a1a8d1139c711b

SHA-1:

0c1a5a384246b671371c53ec1afa83bd378f5aa8

SHA-256:

dc23a8bf7968b80131851db424cbc51970d3e1e502f3f12a0466eaeed5d407ee

Scanner detections:

20 / 68

Status:

Potentially unwanted

Analysis date:

4/18/2024 4:13:00 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Generic.660354

870

Agnitum Outpost

PUA.Pirrit

7.1.1

AhnLab V3 Security

PUP/Win32.PirritSuggestor

2014.07.07

Avira AntiVirus

SPR/Tool.110628

7.11.158.178

avast!

Win32:Rootkit-gen [Rtk]

2014.9-140918

AVG

Adware Generic5

2015.0.3348

Bitdefender

Application.Generic.660354

1.0.20.1305

Clam AntiVirus

Win.Trojan.Application-497

0.98/21411

Comodo Security

Application.Win32.Pirrit.B

18794

Dr.Web

Adware.Downware.5947

9.0.1.0261

ESET NOD32

Win32/AdWare.Pirrit.B application

8.7.0.302.0

F-Prot

W32/A-27620bc8

v6.4.7.1.166

F-Secure

Application.Generic.660354

11.2014-18-09_5

G Data

Application.Generic.660354

14.9.24

IKARUS anti.virus

PUA.Win32.Pirrit

t3scan.1.6.1.0

K7 AntiVirus

Adware

13.180.12626

MicroWorld eScan

Application.Generic.660354

15.0.0.783

NANO AntiVirus

Riskware.Win32.Downware.dcikri

0.28.2.61721

Reason Heuristics

Threat.Win.Reputation.IMP

14.9.18.0

VIPRE Antivirus

Threat.4150696

29708

File size:

108 KB (110,629 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\gnupublicremote\gnupublicremote.exe

File PE Metadata

Compilation timestamp:

6/24/2014 5:42:33 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

2.23

CTPH (ssdeep):

3072:Ezmfy/VsFQ+ebfPoP5CKqQMMZDFkT3TDgTN:EzGyt5+2fAAKqLjTDgB

Entry address:

0x1570

Entry point:

83, EC, 1C, C7, 04, 24, 01, 00, 00, 00, FF, 15, E0, B5, 41, 00, E8, FB, FB, FF, FF, 8D, 74, 26, 00, 8D, BC, 27, 00, 00, 00, 00, 83, EC, 1C, C7, 04, 24, 02, 00, 00, 00, FF, 15, E0, B5, 41, 00, E8, DB, FB, FF, FF, 8D, 74, 26, 00, 8D, BC, 27, 00, 00, 00, 00, A1, 10, B6, 41, 00, FF, E0, 89, F6, 8D, BC, 27, 00, 00, 00, 00, A1, 00, B6, 41, 00, FF, E0, 90, 90, 90, 90, 90, 90, 90, 90, 90, 55, 89, E5, 83, EC, 18, C7, 04, 24, 00, 50, 41, 00, E8, 6E, F2, 00, 00, BA, B8, EF, 40, 00, 83, EC, 04, 85, C0, 74, 15, C7, 44... 
[+]

Entropy:

6.2962

Code size:

75.5 KB (77,312 bytes)

Service

Display name:

GNUPublicRemote.exe

Type:

Win32OwnProcess

Remove gnupublicremote.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.