home

gogobox.exe

gogobox

Nextlink Technology Co., Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘gogobox.exe’.
Publisher:
Nextlink Technology Co., Ltd.  (signed and verified)

Product:
gogobox

Version:
2.1.1.2

MD5:
bd32576867d0454159eed57c6a1c3607

SHA-1:
447e3f00eae2302fdaf9e60dda370a3e34ec5831

SHA-256:
878d8a107db3cc569eda0a8b75fc07ac01ae952d3291cb7c07a2fa8d765fe3bc

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 8:45:28 AM UTC  (today)

File size:
1.4 MB (1,446,016 bytes)

Product version:
2.1.1.2

Copyright:
Copyright © 2010

Original file name:
gogobox.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\gogobox\gogobox.exe

Digital Signature
Signed by:
Nextlink Technology Co., Ltd.

Authority:
GlobalSign nv-sa

Valid from:
3/22/2012 9:32:15 AM

Valid to:
3/23/2013 9:32:15 AM

Subject:
CN="Nextlink Technology Co., Ltd.", OU=MIS, O="Nextlink Technology Co., Ltd.", L=New Taipei City, S=Taiwan, C=TW

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121A5B6AB18676A1C0479BD8C3EC5C876D5

File PE Metadata
Compilation timestamp:
9/14/2012 5:22:45 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:fWeMlBMqMtgu0LW32Jlvp7B+NlwEwGL02Gi3Ap:fnbqM8LW32JV+zwFt2Xm

Entry address:
0x6B9EC

Entry point:
FF, 25, DC, B9, 46, 00, 00, 00, 5F, 43, 6F, 72, 45, 78, 65, 4D, 61, 69, 6E, 00, 6D, 73, 63, 6F, 72, 65, 65, 2E, 64, 6C, 6C, 00, FC, 12, 00, 00, 7B, 7A, 7D, 02, A3, A4, 0C, 00, CA, D9, 1F, C4, A2, 42, 39, CD, D9, C2, F8, C1, 40, 32, B1, C4, C3, 19, 32, 1C, B2, C8, 9F, F4, 2B, 05, 77, 42, 7D, 16, 90, 6A, 7F, 1A, AC, 24, B8, 51, 7E, 7B, 6F, 4C, 49, 18, 77, F7, 45, 6C, 24, 52, 60, 7A, 38, E4, 8F, 79, 40, DF, CB, BD, E0, 77, D0, A9, 41, 79, 9A, 7F, 88, 3D, 7B, 40, 47, A2, AA, 8F, C2, FF, 75, 05, 05, 76, C7, 3F...
 
[+]

Entropy:
7.4021

Code size:
1.4 MB (1,433,600 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
gogobox.exe

Command:
C:\Program Files\gogobox\gogobox.exe


Windows Firewall Allowed Program
Name:
C:\Program Files\gogobox\gogobox.exe


Scan gogobox.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.