home

gu5setup.exe

Glarysoft Ltd

The application gu5setup.exe by Glarysoft has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This file is typically installed with the program Toolwiz Time Freeze 2014 by ToolWiz. The file has been seen being downloaded from mujsoubor.cz and multiple other hosts.
Publisher:
Glarysoft Ltd  (signed and verified)

MD5:
51af5b1295e562f02764750b1a65f240

SHA-1:
d995348fded70d7cb4636e03670701e05b448b4d

SHA-256:
326c2609284c74fa20ba4f32fdd3c69727bf485ee747a06a040819a557781ef0

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 12:58:53 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Glarysoft.Optional (L)
16.10.13.21

File size:
14.2 MB (14,893,616 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\gu5setup.exe

Digital Signature
Signed by:
Glarysoft Ltd

Authority:
VeriSign, Inc.

Valid from:
11/1/2012 3:00:00 AM

Valid to:
12/2/2015 2:59:59 AM

Subject:
CN=Glarysoft Ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Glarysoft Ltd, L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7ABBA622E23F817B27D68D43E6E39093

File PE Metadata
Compilation timestamp:
12/6/2009 1:50:41 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
393216:YogYkhAHs8bSs/6wvTO56QzxzQrvE0GMdwPdyYJ:6DAHvbX6qazBQrzz

Entry address:
0x30CB

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

The file gu5setup.exe has been discovered within the following program.

Toolwiz Time Freeze 2014  by ToolWiz
www.Toolwiz.com
About 1% of users remove it
 
Powered by Should I Remove It?

The file gu5setup.exe has been seen being distributed by the following 8 URLs.

http://mujsoubor.cz/download/optimalizace-systemu/glary-utilities/b3iu443m2mleffkampda106ls4/.../glary-utilities_5.17.exe

http://mujsoubor.cz/download/optimalizace-systemu/glary-utilities/b3iu443m2mleffkampda106ls4/.../glary-utilities_5.17.exe

http://fs31.filehippo.com/9750/.../gu5setup.exe

http://www.filehippo.com/download/file/.../

http://www.filehippo.com/download/file/.../

http://download.forest.impress.co.jp/pub/library/g/glaryutils/.../gu5setup.exe

http://software-files-a.cnet.com/s/software/14/02/24/.../gu5setup.exe

http://download.glarysoft.com/gu5setup.exe

Remove gu5setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.