home

go_player.exe

eDownload Module

Beijing ELEX Technology Co.,Ltd

The application go_player.exe by Beijing ELEX Technology Co.,Ltd has been detected as a potentially unwanted program by 12 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.freeappstools.com.
Publisher:
Beijing ELEX Technology Co.,Ltd  (signed and verified)

Product:
eDownload Module

Version:
5.1.9.2613

MD5:
1c395b60dde4e8f510ee1ca37368ae59

SHA-1:
2e2e0626e3ee0b146799bb4c643a3d1b5e1cf51f

SHA-256:
568269745059e338f3355cc1e303cc6799737a7710f3f71915216add7e079ae1

Scanner detections:
12 / 68

Status:
Potentially unwanted

Analysis date:
4/23/2024 8:58:03 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
ADWARE/Adware.Gen2
3.6.1.96

avast!
Win32:Adware-gen [Adw]
2014.9-150917

Baidu Antivirus
Adware.Win32.ELEX
4.0.3.15917

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Mutabaha.52
9.0.1.0260

ESET NOD32
Win32/ELEX.C potentially unwanted (variant)
9.11548

Fortinet FortiGate
Riskware/Elex
9/17/2015

G Data
Win32.Adware.Elex
15.9.25

McAfee
Artemis!1C395B60DDE4
5600.6639

Reason Heuristics
PUP.ELEX.BeijingELEXTechnology (M)
15.9.17.15

Sophos
Generic PUA CO
4.98

File size:
942.6 KB (965,240 bytes)

Product version:
5.1.9.2613

Copyright:
Copyright 2013

Original file name:
eDownload.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\go_player.exe

Digital Signature
Signed by:
Beijing ELEX Technology Co.,Ltd

Authority:
GlobalSign nv-sa

Valid from:
7/26/2013 6:54:20 AM

Valid to:
7/27/2014 6:54:20 AM

Subject:
CN="Beijing ELEX Technology Co.,Ltd", O="Beijing ELEX Technology Co.,Ltd", L=Beijing, S=Beijing, C=CN

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112131F67BDEA1D6D12E11D656C8BE509ECE

File PE Metadata
Compilation timestamp:
3/14/2014 9:15:28 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:KiB/UtLIKddhiK1QqZZVQ28Z7DUua5NnfmC5uhoKu:3MtswiKuq9QdZ7DUua5NnfmqCu

Entry address:
0x1AB020

Entry point:
60, BE, 00, 60, 4E, 00, 8D, BE, 00, B0, F1, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Packer / compiler:
UPX 2.90LZMA

Code size:
792 KB (811,008 bytes)

The file go_player.exe has been seen being distributed by the following URL.

http://www.freeappstools.com/download/ps/goplayer/.../go_player.exe

Remove go_player.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.