» gopsetup.exe
Overview
Analysis
File Details

gopsetup.exe

HARASAN PRAPAPON

Part of the Crossrider framework, a web browser extension that will deliver advertisements such as coupons, price-comparisons, display media, affiliate links, banners, popups/popunders and other links. The application gopsetup.exe by HARASAN PRAPAPON has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Nullsoft Install System installer. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.

File name:

gopsetup.exe

Publisher:

HARASAN PRAPAPON (signed and verified)

Description:

Cjrbexpm

Version:

7.9.1.3

MD5:

18d62b149de238eef0bc1e7156bb6abf

SHA-1:

e5082917e37ef06f638c2d3bc268a02e0c8a0ba4

SHA-256:

49f4169dc76d469c12b0c4010bea727a627457e2c6075646e052aea42f4899d9

Scanner detections:

1 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

4/19/2024 10:33:47 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Crossrider.HARASANPRAPAPON.Installer (M)

16.2.8.2

File size:

8.5 MB (8,897,528 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Language:

English (United States)

Common path:

C:\Program Files\panda security\panda cloud antivirus\perdidos\gopsetup.exe

Digital Signature

Signed by:

HARASAN PRAPAPON

Authority:

Thawte, Inc.

Valid from:

5/7/2014 2:00:00 AM

Valid to:

5/8/2015 1:59:59 AM

Subject:

CN=HARASAN PRAPAPON, OU=Individual Developer, O=No Organization Affiliation, L=Rawai, S=Phuket, C=TH

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

7D7E733EBA181BED3F1CA7001FFD54FD

File PE Metadata

Compilation timestamp:

12/4/2012 2:55:02 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.22

CTPH (ssdeep):

196608:6+GYNpqNS2nIirzi+tKabtHL2qibVgQoHkiN54vEA:6+fNpqJIiNNHL2qib4HkfvEA

Entry address:

0x4323

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, C3, 44, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, C4, 44, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, C4, 44, 00, 56, A3, 40, 3B, 44, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 3B, 44, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, C4, 44, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7... 
[+]

Code size:

34.5 KB (35,328 bytes)

Remove gopsetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.