home

GPass.exe

GPass Client Software

The World Gate, Inc

The application GPass.exe, “GPass, the Anti-Censorship Cutting Edge” by The World Gate, Inc has been detected as a potentially unwanted program by 10 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.techspot.com and multiple other hosts. While running, it connects to the Internet address ccw1.lb.pku.edu.cn on port 80 using the HTTP protocol.
Publisher:
The World's Gate, Inc  (signed by The World Gate, Inc)

Product:
GPass Client Software

Description:
GPass, the Anti-Censorship Cutting Edge

Version:
4.1.0.0

MD5:
62ded78920c5075fbd6ada41ce651bc5

SHA-1:
0aa2a7cb91df25ea42e5b5345a2281a160f0464f

SHA-256:
38b601e1be6cb5bc9cdc4ed560e5765b64ccd8c074aa86673a06fedfebc15a15

Scanner detections:
10 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 9:26:07 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Packed/PECompact
7.1.1

Baidu Antivirus
HackTool.Win32.GPass
4.0.3.14420

Bkav FE
HW32.CDB
1.3.0.4959

Comodo Security
Application.Win32.ServerProxy.Gpass.~B
18135

Kaspersky
not-a-virus:Server-Proxy.Win32.GPass
14.0.0.3989

Norman
Obfuscated.R
11.20140420

Rising Antivirus
PE:Trojan.Win32.Generic.12785111!309874961
23.00.65.14418

Trend Micro House Call
HKTL_PASG
7.2.110

Trend Micro
HKTL_PASG
10.465.20

VIPRE Antivirus
Trojan.Win32.Generic
28418

File size:
1.4 MB (1,517,608 bytes)

Product version:
4.1.0.0

Copyright:
Copyright 2006-2008, The World's Gate

Trademarks:
GPass

Original file name:
GPass.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Signed by:
The World Gate, Inc

Authority:
The USERTRUST Network

Valid from:
2/5/2007 4:00:00 AM

Valid to:
2/5/2009 3:59:59 AM

Subject:
CN="The World Gate, Inc", O="The World Gate, Inc", STREET=42 Read's Way, L=New Castle, S=DE, PostalCode=19720, C=US

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
0096C63E5A5A019CB91797B7037E97ABD2

File PE Metadata
Compilation timestamp:
6/20/1992 2:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:PWktzDLe1+JviXVLCxbvKMcszr6vW2e+wL7V4bZgtWi6hmPftRUNYuEmB5:xtzG+UXVLCxbvKMcT0/LAZgtWint6NAo

Entry address:
0x1000

Entry point:
B8, E8, EE, 75, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 13, 5F, AC, 93, F6, DA, 0E, 4A, 3E, 62, 1D, 64, 84, 49, A8, 0C, 99, B2, F5, 69, 35, D4, 52, AF, E7, 82, B9, EB, DF, 2D, 1B, DD, 5F, 55, ED, BE, 51, CB, BA, 79, 06, CE, B9, 06, C3, 57, 03, D8, 92, 66, 83, 3E, 63, CF, BF, AD, A3, E9, EF, F3, 52, AE, 0A, A5, DF, 59, 93, 9E, CE, E4, D8, D0, 15, 4F, 3E, 32, F6, F9, 2A, 83, D0, 95, A4, 50, B5, 67, D6, DD, 48, 2C, 15, 57, 27...
 
[+]

Entropy:
7.9720

Packer / compiler:
PECompact v2

Code size:
1.9 MB (1,956,352 bytes)

The file GPass.exe has been seen being distributed by the following 13 URLs.

http://www.techspot.com/downloads/downloadnow/.../?evp=17d2ef3e8580987b69af76cb1de67a71&file=1

http://www.techspot.com/downloads/downloadnow/.../?evp=14e6df0de078bf2562800a0b994170be&file=1

http://www.techspot.com/downloads/downloadnow/.../?evp=0916bf02c1be30399289b475868dae34&file=1

http://dw.uptodown.com/dwn/6OORQZUuBr3UhGoist_fHJ2FVXJS4P3eBQ0Rv_B8pBH4oM_MTRfrCwiqFn4EVKblhXUjrM-fbXrwpQsv_qDomOL1m8zOYh-okoDh2fIiMDKEfPiXxCHyo9quMJzuFB9q/k8BGD9dlwykA3i1sYaTfg05C58lZU4jbR9hLPEyvQG1oPp2Kb863FGU1UlZCPFH7JdYJcqnNvBsoqFvSnu3vIjtcvWhLVLTTJM-fzvTOhZvpTW8cJmiTKcLtRMTU4P0U/WfgKf5zEjxXjMfV9dO_YHhWDeBo8aO_HTRKgyuN2U-0AN5wEB_XbIyRpvmGc7vEgppge4sEvoXLqjiaJ7tunLaeZrKAfbCi5aH5aXF5UnG9IUqlfERS9WuQmgDP3V4UO/.../

http://www.techspot.com/downloads/downloadnow/.../?evp=e1dbf38fc832a3d574868dc938cd42ce&file=1

http://www.techspot.com/downloads/downloadnow/.../?evp=67eb2e6af7f3f14bd36f3ea6c37e87da&file=1

http://www.techspot.com/downloads/downloadnow/.../?evp=1c762c66efcf7145c947091d155f3a4a&file=1

http://www.techspot.com/downloads/downloadnow/.../?evp=15a8dfaed7b1bc97abbebbff9c9b4b89&file=1

http://www.techspot.com/downloads/downloadnow/.../?evp=b9f9adf415e4f8d287a2e784ef512b54&file=1

http://www.techspot.com/downloads/downloadnow/.../?evp=6619262a543df7d9d72e70e6e51e4e78&file=1

http://files01.techspot.com/.../GPass.exe

http://www.techspot.com/downloads/downloadnow/.../?evp=f8b621ae5d39b62438e9006ff6c07371&file=1

http://www.techspot.com/downloads/downloadnow/.../?evp=624e5425d75b4d5d1c52c5728a11dcbc&file=1

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ccw1.lb.pku.edu.cn  (162.105.204.144:80)

Remove GPass.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.