» gomplayerensetup.exe
Overview
Analysis
File Details
Downloads (101)

gomplayerensetup.exe

GOM Player

GRETECH

The application gomplayerensetup.exe, “GOM Player Setup File” by GRETECH has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts.

File name:

Publisher:

Gretech Corporation (signed by GRETECH)

Product:

GOM Player

Description:

GOM Player Setup File

Version:

2.2

MD5:

6feee2b252bb6f09ed3efef7ddbf656e

SHA-1:

d7d5a78eb6b2c075f270e220790a061815cfd7dd

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

5/10/2024 10:13:41 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.GRETECH.GretechC.Installer.Meta (L)

16.6.10.10

File size:

12.7 MB (13,306,312 bytes)

Product version:

2.2.62.5207

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Digital Signature

Signed by:

GRETECH

Authority:

VeriSign, Inc.

Valid from:

5/2/2013 3:00:00 AM

Valid to:

6/2/2015 2:59:59 AM

Subject:

CN=GRETECH, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=GRETECH, L=Gangnam-gu, S=Seoul, C=KR

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

78A2255D0AB283A4DC76EF94B250B7ED

File PE Metadata

Compilation timestamp:

12/6/2009 12:50:46 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

196608:NJsxbE5cuPLcGS842oFt1dpRKlg0x25bnXmMUnr4UIwWKYsFr3H8CWkBejZa:gUcuPL48doFt5ka5LWM3r8T8CBwZa

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Entropy:

7.9997

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file gomplayerensetup.exe has been seen being distributed by the following 50 URLs.

http://gsf-cf.softonic.com/d7d/5a7/.../file?SD_used=0&channel=WEB&fdh=yes&id_file=36055&instance=softonic_en&type=PROGRAM&Expires=1423975818&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=esxQw25LP6aCmPrAE-w59PocS1hE5Uq1~PmisVgSktgNYzpc45-dNVRCVJFr-aZ7eZbRMCBD1zfArROfiZTp~CNNq77CFWERb278emnlAFnZRdoEPg1JGJzTP-k0yyDlqIQt1Qko3eteQ6w-cD~8BXEF99wLBKH7Ea-KuXOH7J0_&filename=GOMPLAYERENSETUP.EXE

http://gsf-cf.softonic.com/d7d/5a7/.../file?SD_used=0&channel=WEB&fdh=yes&id_file=36055&instance=softonic_es&type=PROGRAM&Expires=1423682613&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=UKgeGlAkhq6o4ftiWoTRFJsc14dv61bU12MNuujd69U6irqNoX1UzRAYOSvuPIU2Ul-R3ap7w09sEKd-l-GmkegL6MfyzQK1keNwExMMMggzQZCyYzdP2VV0ER40xlQLndCyrSyfnQ6TkNyQA87ZuES5NZZSx7YDi6KATDK9JI0_&filename=GOMPLAYERENSETUP.EXE

http://www.kaldata.com/modules.php?modid=1&action=download&id=883

&onid=13632&oid=3001-13632_4-10551786&rsid=cbsidownloadcomsite&sl=en&sc=us&pdguid=download:13799780&topicguid=video/players&topicbrcrm=windows software&pid=13799780&mfgid=6284359&merid=6284359&ctype=dm&cval=NONE&devicetype=desktop&pguid=034ac56a3524b6e913074c22&viewguid=Ozb8phGrRClbjco7j0ZTKjkDiSsitOoMt6yK&destUrl=http://software-files-a.cnet.com/s/software/13/79/97/.../GOMPLAYERENSETUP.EXE

http://global-shared-files-l3.softonic.com/d7d/5a7/.../file?nvb=20140928131748&nva=20140929011848&token=0f669f2f64d080c403a1d&instance=softonic_en&filename=GOMPLAYERENSETUP.EXE

http://global-shared-files-l3.softonic.com/d7d/5a7/.../file?nvb=20150103131032&nva=20150104011132&token=05cbd8d15a4e66391e7b2&SD_used=0&channel=WEB&fdh=yes&id_file=36055&instance=softonic_en&type=PROGRAM&filename=GOMPLAYERENSETUP.EXE

http://global-shared-files-l3.softonic.com/d7d/5a7/.../file?nvb=20141229150424&nva=20141230030524&token=0a3ccdb8cb219649a2cb4&SD_used=0&channel=WEB&fdh=yes&id_file=36055&instance=softonic_pl&type=PROGRAM&filename=GOMPLAYERENSETUP.EXE

http://global-shared-files-l3.softonic.com/d7d/5a7/.../file?nvb=20141022112431&nva=20141022232531&token=03c8e0e7085423f14f5d5&instance=softonic_en&filename=GOMPLAYERENSETUP.EXE

http://global-shared-files-l3.softonic.com/d7d/5a7/.../file?nvb=20141123141655&nva=20141124021755&token=000e5d938a0ea3529e2ba&instance=softonic_en&filename=GOMPLAYERENSETUP.EXE

&onid=13632&oid=3001-13632_4-10551786&rsid=cbsidownloadcomsite&sl=en&sc=us&pdguid=download:13799780&topicguid=video/players&topicbrcrm=windows software&pid=13799780&mfgid=6284359&merid=6284359&ctype=dm&cval=NONE&devicetype=desktop&pguid=4ddcc6f65de2aaa12787014c&viewguid=P6syYU4FT3yoCHpuUI-GWG25ufngEB8cLOZl&destUrl=http://software-files-a.cnet.com/s/software/13/79/97/.../GOMPLAYERENSETUP.EXE

http://global-shared-files-l3.softonic.com/d7d/5a7/.../file?nvb=20140712184643&nva=20140713064743&token=052ea5c5f80345e534595&id_file=36055&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=yes&SD_used=0&filename=GOMPLAYERENSETUP.EXE

http://global-shared-files-l3.softonic.com/d7d/5a7/.../file?nvb=20140810023238&nva=20140810143338&token=0e62da4ca5a0bd6de80d8&id_file=36055&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=yes&SD_used=0&filename=GOMPLAYERENSETUP.EXE

http://global-shared-files-l3.softonic.com/d7d/5a7/.../file?nvb=20150110102037&nva=20150110222137&token=007ec073cbaa4b4281589&SD_used=0&channel=WEB&fdh=yes&id_file=36055&instance=softonic_en&type=PROGRAM&filename=GOMPLAYERENSETUP.EXE

http://www.filehippo.com/download/file/.../

http://global-shared-files-l3.softonic.com/d7d/5a7/.../file?nvb=20141120155241&nva=20141121035341&token=08eaad563d940b6f27cff&instance=softonic_en&filename=GOMPLAYERENSETUP.EXE

http://us03.procloudstorage.com/.../6feee2b252bb6f09ed3efef7ddbf656e-GOMPLAYERENSETUP.EXE

http://global-shared-files-l3.softonic.com/d7d/5a7/.../file?nvb=20150113141800&nva=20150114021900&token=00957a663f9fa42d5a4b2&SD_used=0&channel=WEB&fdh=yes&id_file=36055&instance=softonic_en&type=PROGRAM&filename=GOMPLAYERENSETUP.EXE

http://global-shared-files-l3.softonic.com/d7d/5a7/.../file?nvb=20150125133716&nva=20150126013816&token=0ddde5a7aac9dd2184b30&SD_used=0&channel=WEB&fdh=yes&id_file=36055&instance=softonic_en&type=PROGRAM&filename=GOMPLAYERENSETUP.EXE

http://global-shared-files-l3.softonic.com/d7d/5a7/.../file?nvb=20140821154642&nva=20140822034742&token=00b64357fc6a90ddb3850&id_file=36055&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=yes&SD_used=0&filename=GOMPLAYERENSETUP.EXE

http://global-shared-files-l3.softonic.com/d7d/5a7/.../file?nvb=20140705160503&nva=20140706040603&token=0db5302abbe25f43d7b18&id_file=36055&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=yes&SD_used=0&filename=GOMPLAYERENSETUP.EXE

http://global-shared-files-l3.softonic.com/d7d/5a7/.../file?nvb=20141102164445&nva=20141103044545&token=0aaa467bca3a46dfbd24f&instance=softonic_de&filename=GOMPLAYERENSETUP.EXE

http://en.kioskea.net/download/.../download-2141-

http://global-shared-files-l3.softonic.com/d7d/5a7/.../file?nvb=20150104182734&nva=20150105062834&token=024865b9bb919eebb5183&SD_used=0&channel=WEB&fdh=yes&id_file=36055&instance=softonic_en&type=PROGRAM&filename=GOMPLAYERENSETUP.EXE

http://global-shared-files-l3.softonic.com/d7d/5a7/.../file?nvb=20141014065551&nva=20141014185651&token=0b1b73581493db1a16855&instance=softonic_en&filename=GOMPLAYERENSETUP.EXE

http://d.innovativesys.co/.../gomplayerensetup_2.26.exe

http://depo-tamindir.com/p/g/gom-player/.../gom-player-2.2.62.5207-tamindir.exe

http://global-shared-files-l3.softonic.com/d7d/5a7/.../file?nvb=20141003132548&nva=20141004012648&token=0b0cb8ad030ab9a31cafd&instance=softonic_en&filename=GOMPLAYERENSETUP.EXE

http://global-shared-files-l3.softonic.com/d7d/5a7/.../file?nvb=20141125012725&nva=20141125132825&token=0d92dd11995d227576dfe&instance=softonic_en&filename=GOMPLAYERENSETUP.EXE

http://gsf-cf.softonic.com/d7d/5a7/.../file?SD_used=0&channel=WEB&fdh=yes&id_file=36055&instance=softonic_en&type=PROGRAM&Expires=1425264307&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=UN0~epppqMpj~0tR43Gt3XS7jS~VW1IGsM-CnwJmHX0ansa1s7PxNws6EvDjSuzXaPzTgge-3xFhzQ8vIduqRl-sPoheu1EnWt-VuA56aIEdhQpJ9oRyOdfbK6Eh2noucHlsTpSiKJ2YTXq7IFcpYvOrJk8A~SIjQDHCNAju~qo_&filename=GOMPLAYERENSETUP.EXE

http://global-shared-files-l3.softonic.com/d7d/5a7/.../file?nvb=20141223122822&nva=20141224002922&token=0685fed595a2b0d8045c8&SD_used=0&channel=WEB&fdh=yes&id_file=36055&instance=softonic_en&type=PROGRAM&filename=GOMPLAYERENSETUP.EXE

Latest 30 of 101 download URLs

Remove gomplayerensetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.