home

gpedit.exe

The application gpedit.exe has been detected as a potentially unwanted program by 4 anti-malware scanners. Additionally, the file is typically installed by a number of programs including Savings Hen by Exciting Apps and Browser Keeper by Exciting Apps, both potentially unwanted software.
MD5:
7bc3c7e47a59bc1d49096a48295f373c

SHA-1:
b47df563b7f51c8c3f3de74414e8ed89686f9449

SHA-256:
9ef60d5cee07978cc54b85b3a0bdc26f6b31b70cb90a931507e7a547987594ac

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
5/8/2024 3:58:54 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic5
2015.0.3334

Baidu Antivirus
Adware.Win32.SmartApps
4.0.3.14102

ESET NOD32
Win32/AdWare.SmartApps (variant)
8.10090

VIPRE Antivirus
Trojan.Win32.Generic
31260

File size:
93.5 KB (95,744 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\discount dragon\gpedit.exe

File PE Metadata
Compilation timestamp:
6/20/2014 10:53:23 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
10.0

CTPH (ssdeep):
1536:i5zlL6R8wRGB8rK125Ss+IrR4oXEkutinuBik2gOaxJ6:WVM8P25SsHlKd2gOaxI

Entry address:
0x57D4

Entry point:
E8, 76, 3B, 00, 00, E9, 95, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 56, 8B, 35, 7C, 20, 41, 00, 57, FF, 35, 2C, 91, 41, 00, FF, D6, FF, 35, 28, 91, 41, 00, 8B, D8, 89, 5D, FC, FF, D6, 8B, F0, 3B, F3, 0F, 82, 81, 00, 00, 00, 8B, FE, 2B, FB, 8D, 47, 04, 83, F8, 04, 72, 75, 53, E8, AB, 3C, 00, 00, 8B, D8, 8D, 47, 04, 59, 3B, D8, 73, 48, B8, 00, 08, 00, 00, 3B, D8, 73, 02, 8B, C3, 03, C3, 3B, C3, 72, 0F, 50, FF, 75, FC, E8, 39, 3C, 00, 00, 59, 59, 85, C0, 75, 16, 8D, 43, 10, 3B, C3, 72, 3E, 50, FF, 75, FC, E8...
 
[+]

Code size:
67.5 KB (69,120 bytes)

The file gpedit.exe has been discovered within the following programs.

Browse Safe  by Exciting Apps
Browse Safe from 50 on Red (215 Apps) is an web browser advertisement injection extension that is designed with the core purpose of delivering ads to the user's web browser. Ads are in the form of banners (both static and videos) as well as context-hyper links.
88% remove it
Browser Guard  by Actually Apps
Browser Guard (50 On Red) is an web browser advertisement extension that delivers ads to the user's web browser. Ads are in the form of traditional banners as well as context-hyper links.
www.50onred.com
80% remove it
Browser Keeper  by Exciting Apps
Browser Keeper is a potentially unwanted adware program that injects ads into the user's browser. This includes inserting into web pages or displaying ads over parts of existing web page advertisements, banners, coupons or text links that would not otherwise appear.
79% remove it
BrowserProtector  by Exciting Apps
BrowserProtector (50OnRed) is a bundled web browser advertisement extension that delivers ads to the user's web browser. Ads are in the form of traditional banners as well as context-hyper links.
82% remove it
ProtectedBrowsing  by Exciting Apps
ProtectedBrowsing is an ad-supported (also known as adware) web browser plugin that displays advertisements such as coupon ads in the browser that are displayed on web pages that are not associated with the plugin or would not otherwise appear.
81% remove it
protectedsurf  by Exciting Apps
This is an adware program from 50OnRed that integrates into the user's web browsers (IE, Chrome, Firefox) and will perform a number of functions mostly designed to generate advertising supported or affiliate revenue.
88% remove it
SafetySearch  by Exciting Apps
SafetySearch (50 on Red) is an web browser advertisement extension that delivers ads to the user's web browser. Ads are in the form of traditional banners as well as context-hyper links.
86% remove it
Savings Hen  by Exciting Apps
This adware (from 50OnRed) injects itself into the user's web browser (IE, Chrome and Firefox) and will display out-of context advertising on web sites that are not associated with the software or its affiliate partners.
savingshen.com
88% remove it
 
Powered by Should I Remove It?

Remove gpedit.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.