home

showroomsetup21.exe

ShowRoom

GlobFX Technologies

This is a setup and installation application. It runs as a scheduled task under the Windows Task Scheduler. The file has been seen being downloaded from www.globfx.com.
Publisher:
GlobFX Technologies  (signed and verified)

Product:
ShowRoom

Description:
ShowRoom Setup

Version:
2,1,0,0

MD5:
55fdd387a1b9cdc1c8aba26d45371213

SHA-1:
33bc8884ca3b074f287ec180c89ee2d88295127f

SHA-256:
1cb7af6cafc6a7f980540899c981a31621835820454d1db431833d108c893bae

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/19/2024 3:00:35 PM UTC  (today)

File size:
3.9 MB (4,055,152 bytes)

Product version:
2,1,0,0

Copyright:
Copyright (C) 2008-2011 GlobFX Technologies

Original file name:
ShowRoomSetup.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\showroomsetup21.exe

Digital Signature
Signed by:
GlobFX Technologies

Authority:
Thawte, Inc.

Valid from:
2/8/2011 12:00:00 AM

Valid to:
2/10/2012 11:59:59 PM

Subject:
CN=GlobFX Technologies, OU=SECURE APPLICATION DEVELOPMENT, O=GlobFX Technologies, L=CHARBONNIERES LES BAINS, S=RHONE, C=FR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
6EE04309E91FAD9464EA616756C40AEB

File PE Metadata
Compilation timestamp:
5/10/2011 1:09:36 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:cMmQ7C0Dikkm2nSZhY6lh5GaLTNSxU0MfVn3fz:jBiZFn9qfLpeafV3fz

Entry address:
0x3610

Entry point:
56, E8, 1A, FD, FF, FF, 8B, F0, 85, F6, 74, 3C, 83, 3D, 08, 50, 40, 00, 00, 75, 33, 83, 3D, 10, 50, 40, 00, 00, 75, 2A, 56, 68, 50, 42, 40, 00, 68, 18, 50, 40, 00, FF, 15, 98, 40, 40, 00, 83, C4, 0C, 6A, 10, 68, 38, 42, 40, 00, 68, 18, 50, 40, 00, 6A, 00, FF, 15, 9C, 40, 40, 00, 8B, C6, 5E, C3, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Code size:
10 KB (10,240 bytes)

Scheduled Task
Task name:
{0AC61BF7-518D-434A-B20F-C5C19224156B}

Trigger:
Registration (Runs on registration)


The file showroomsetup21.exe has been seen being distributed by the following URL.

http://www.globfx.com/.../showroom.php

Scan showroomsetup21.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.