home

grvstubsetup_2.exe

The executable grvstubsetup_2.exe has been detected as malware by 11 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from dm930xmxv1gqs.cloudfront.net.
MD5:
6919bc10bfe7568bd6afe1db59dcea9d

SHA-1:
6736f55a72b17f222ae8d324c6090f4966cd5876

SHA-256:
9775314c74d66a8adc0ed7a1bd1c95b26f9db827b1f391316d62813652cc5139

Scanner detections:
11 / 68

Status:
Malware

Analysis date:
5/6/2024 10:40:43 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1814620
896

Bitdefender
Trojan.GenericKD.1814620
1.0.20.1175

Emsisoft Anti-Malware
Trojan.GenericKD.1814620
8.14.08.23.08

F-Secure
Trojan.GenericKD.1814620
11.2014-23-08_7

G Data
Trojan.GenericKD.1814620
14.8.24

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.7.5.0

K7 AntiVirus
Riskware
13.183.13139

McAfee
Artemis!6919BC10BFE7
5600.7030

MicroWorld eScan
Trojan.GenericKD.1814620
15.0.0.705

nProtect
Trojan.GenericKD.1814620
14.08.22.01

Trend Micro House Call
TROJ_GEN.R0CBH09HM14
7.2.235

File size:
417 KB (427,008 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\grvstubsetup_2.exe

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
6144:v68/JkBpWxKxVrV2YgZ89Bm94jdanYEdJfGBSK7iTXUayBWJn0qU:x/JmQxKxVrFp9y4pgYEd4SgaXxyBWde

Entry address:
0x5A878

Entry point:
55, 8B, EC, 83, C4, F0, B8, E0, A6, 45, 00, E8, 38, C5, FA, FF, 68, B4, A8, 45, 00, 6A, 00, 6A, 00, 6A, 00, 33, C9, BA, D0, A8, 45, 00, B8, F8, A8, 45, 00, E8, 24, B3, FF, FF, E8, 17, 9F, FA, FF, 00, 00, 00, FF, FF, FF, FF, 10, 00, 00, 00, 4A, 2D, 34, 2C, 6A, 61, 2D, 30, 2C, 62, 77, 67, 62, 2E, 60, 58, 00, 00, 00, 00, FF, FF, FF, FF, 1C, 00, 00, 00, 2D, 30, 2C, 70, 2C, 2D, 6F, 7A, 6B, 67, 6D, 64, 6D, 75, 6D, 7A, 2D, 32, 2D, 2D, 2C, 6B, 67, 69, 2D, 38, 2C, 48, 00, 00, 00, 00, FF, FF, FF, FF, 09, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
358.5 KB (367,104 bytes)

The file grvstubsetup_2.exe has been seen being distributed by the following URL.

http://dm930xmxv1gqs.cloudfront.net/bundles/.../grvStubSetup_2.exe

Remove grvstubsetup_2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.