» goplayer.exe
Overview
Analysis
File Details
Downloads (1)

goplayer.exe

eDownload Module

Banyan Tree Technology Limited

The application goplayer.exe by Banyan Tree Technology Limited has been detected as adware by 7 anti-malware scanners. This is an adware bundler (AKA ElexNetDownload) that will include additional unwanted offers in the download and install process. During install it will establish a connection to twonext.com and xingcloud.com to determine what offers to show the user (based on what is already installed and where they live).The file has been seen being downloaded from dl.elex.soft365.com.

File name:

goplayer.exe

Publisher:

Banyan Tree Technology Limited (signed and verified)

Product:

eDownload Module

Version:

5.1.8.2370

MD5:

c94a76c56f5c2d057cc779929924d7cb

SHA-1:

efff401624cb8e5b078a784b60ad5bcb8bfa5deb

SHA-256:

348f1c1bd7d9d151e92d665c74cccb6f5862d9fb6498619f2911c6c080ea3137

Scanner detections:

7 / 68

Status:

Adware

Explanation:

Software bundler and update mechanism that will attempt to install adware offers.

Analysis date:

4/25/2024 10:48:08 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Malware-gen

2014.9-140321

AVG

MalSign.Generic

2015.0.3529

ESET NOD32

Win32/ELEX (variant)

8.9104

G Data

Win32.Trojan.Agent.JZ3M1F

14.3.22

IKARUS anti.virus

AdWare.Win32.ELEX

t3scan.2.2.29

Reason Heuristics

PUP.BanyanTreeTechnologyLimited.N

14.3.21.2

VIPRE Antivirus

Elex Installer

23798

File size:

487.6 KB (499,296 bytes)

Product version:

5.1.8.2370

Original file name:

eDownload.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\goplayer.exe

Digital Signature

Signed by:

Banyan Tree Technology Limited

Authority:

GlobalSign nv-sa

Valid from:

1/10/2013 1:18:54 PM

Valid to:

1/11/2015 1:18:54 PM

Subject:

CN=Banyan Tree Technology Limited, O=Banyan Tree Technology Limited, L=HongKong, S=HongKong, C=HK

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121C63E4490F9D28667737C8DE7D3B6805D

File PE Metadata

Compilation timestamp:

6/7/2013 10:25:56 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:gkNqB4Ma1kFGmMx3f8j0QTBXwNwzUzHk0TEhTx2eyK:rNVmQmo320VLIhOK

Entry address:

0xEC420

Entry point:

60, BE, 00, 90, 49, 00, 8D, BE, 00, 80, F6, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89... 
[+]

Entropy:

7.4900

Packer / compiler:

UPX 2.90LZMA]

Code size:

336 KB (344,064 bytes)

The file goplayer.exe has been seen being distributed by the following URL.

http://dl.elex.soft365.com/.../generator?short=szl_3016_1f8a32f2a6280917aea5aed6b8b7d6a6

Remove goplayer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.